Many members attended the Secure Architectures plenary on Monday,
and the security-related APC tracks on Tuesday and Wednesday of the
conference. The members'
meeting for the Identity Management Forum was held on Thursday.
Review of Secure Architectures Plenary and Security-Related APC
Tracks
Members first did a round of introductions, then reviewed the meeting
agenda to verify that we had included all items of importance to members
present.
We then reviewed the Monday plenary presentations and
Tuesday-Wednesday security-related APC tracks and presentations to
identify issues, lessons learned, matters arising, proposed new work
items which may have emerged, and any other outcomes members had
detected.
The plenary IPv6 presentation (Merike Keao) was very useful,
and linked well with Tony Haan's presentation on this same topic two years
ago in New Orleans. The plenary presentations were felt to be a
mixture of security topics lacking a common security thread - which was
what was planned, but which perhaps on hindsight could have been better
arranged into a more coherent thread.
The security-related APC tracks on
Tuesday and Wednesday were similarly varied in their content.
One gap in our
coverage was suggested as lack of understanding of assurance of security
properties; verification of security properties could be done using
emerging software property verification techniques, so this is an area
worth exploring.
The Trust APC track attracted special mention as a
highlight of the APC for security-oriented attendees - the possibility
of developing an interoperable standard for common levels of sensitivity
and classification of data, and building responsive protection
mechanisms for this, is a high-value vision. There is potential for a Common
Language paper here.
The APC tracks included one on Identity,
Federation, & Access Management, in which we had two presentations:
- OpenID - Opportunity
with Barriers, by Paul Tanner, Virtual Technologies
- State of the Federation, by Michael Beach, Chief Security
Designer, Boeing
The proceedings of the Plenary and API Tracks are available in the Plenary
report.
ISO JTC1 SC27 WG5 Standard on Identity, Privacy, & Identifiers
Ian reminded members about our Category C Liaison
status with ISO JTC1 SC27, and reported back about his attendance at the
SC27 WG5 workshop in Lucerne on September 30, where he gave a presentation
on the Identity Management Forum's work and deliverables on this area,
including:
and repeated The Open Group's hopes that the SC27 WG5
members will accept these Open Group publications as significant
contributions towards the content for their related standards
development work on Framework for Identity Management and a
Privacy Framework.
He also recommended the Identity Management Forum's deliverables on
Identifiers, in particular the Core Identifiers Framework Matrix, as
providing a sound basis for developing a standard on Identifiers.
Ian also advised the Budapest meeting of the report to
the Lucerne Workshop from the ITU-T Focus Group on Identity Management (FG
IdM), which showed that they have made a major contribution to the SC27 WG5
work on this standard over the last eight months. This work has delivered
six papers, five of which are complete. The ITU-T has now sent the Identity Management
Forum a liaison statement (dated October 19 2007) requesting we review
these six papers. Ian will
organize our review and collate our feedback, which the ITU-T request we
deliver by December 9.
Discussion brought out that effective liaison with
SC27 WG5 necessitates attending their meetings to push our contributions
and engage with the lead editors of their standards to promote our
contributions and ensure they are correctly represented and included in
the resulting ISO standards. Unfortunately, the financial costs to do
this are significant so we have to make careful judgments on when and how
to do it.
