The second day of The Open Group’s Architecture Practitioners
Conference marked the beginning of conference breakout sessions. Nine
concurrent streams were offered to attendees and included: Identity,
Federation, and Access Management; TOGAF™ Case Studies; Enterprise
Architecture Best Practice Management; Architectures for Secure Data
Management; TOGAF Tutorials; IT Architect Certification (ITAC); Secure
Architectures and Governance; Enterprise Architecture Development; and
Architecting Secure Communications.
Within the Identity, Federation, and Access Management stream, Paul
Tanner, Virtual Technologies, discussed the merits of OpenID as
related to security. In his presentation, "OpenID – Opportunity
with Barriers", he touched on how OpenID works, authentication, the
way in which OpenID holds extended attributes, and existing adopters.
These adopters include vendors as well as Web 2.0 companies, such as
Microsoft, Sun Microsystems, Pageflakes, WordPress, and Six Apart, to
name just a few.
Part of the Enterprise Architecture Best Practice Management stream, Thomas
Obitz, Infosys Technologies, gave attendees insight into key results
from a recent enterprise architecture survey, including that technical
standards are still some of the main deliverables, but information and
business are becoming more important. In addition, Thomas suggested
that enterprise architecture is becoming more institutionalized, and
that in more and more cases enterprise architecture is not being
categorized as an IT function – instead, reporting into other
organizational areas such as strategy and even a company’s board of
directors.
Jason Uppal, QRS, spoke as part of the TOGAF Case Studies stream
and educated the audience on SOA without pain – by using TOGAF. Jason posed the question about what happens if an organization thinks
about TOGAF as a business strategy, as well as discussing the iterative
nature of architecture work, and the value of SMART objectives. An
enterprise architecture service model and two approaches were also
outlined, with Jason providing examples based on his work with TOGAF
and enterprise architecture.
In the IT Architecture Certification (ITAC) stream, Pieter van
Kampen, HP, delivered his perspective on ITAC from the candidate’s
side, having just gone through the certification process himself. Among
other things, he shared best practices for preparation, certification
requirements, the ITAC mindset, and general advice for those individuals
who are thinking about going through the IT Architecture Certification
process.
Mike Borkin, EDS Security Practice, educated conference attendees
as part of the Architectures for Secure Data Management stream and
talked about how understanding data utilization helps protect against
data leakage. Specifically, Mike explored what data leak
protection (DLP) really means, different security controls applied to
DLP, and how data usage affects DLP architecture using example scenarios
for email, stored data, and printed data. He also reminded the audience
what questions should be asked in order to put proper DLP controls in
place.
Kicking off the afternoon’s session, Oliver Mark, Intel,
spoke in the Enterprise Architecture Development track about Intel’s
adoption of enterprise architecture and their creation of a worldwide
enterprise architecture community. In addition, Oliver provided a
definition of enterprise architecture, insight into what Intel has
learned, and emphasized the need for appropriate enterprise architecture
governance. Intel’s worldwide enterprise architecture community
launched in Q3 2006 with a group of 12 architects and managers from IT
and ISS, and has since evolved to a significant community.
Darren Thomson, Symantec, as part of the Secure Architecture and
Governance stream, talked about IT risk as the invisible enemy for
enterprise architecture. He discussed Symantec’s method of managing IT
risk including taking a holistic approach to developing a risk register,
designing solutions in line with business needs, and best practices for
building the most appropriate organization to manage IT risk. He also
touched on the impact of IT efficiency when IT risk is uncontrolled
within an organization.
