Security Forum: Preliminary Agenda
What the Plenary is About
The plenary theme for the Boston Conference is "Boundaryless
Information Flow - the Role of Web Services". The linkage is
that The Open Group vision is for “Boundaryless Information
Flow” which involves information flow from one application
to another application, and Web Services similarly involves getting
information from one application to another. We therefore want to
explore how Web Services can contribute to our vision for achieving
boundaryless information flow.
The Security Angle
A significant component of this vision is securing Web Services.
We can therefore expect that requirements for information security
will come up in almost every plenary speaker's presentation, including
in the Customer perspectives on Tuesday afternoon. One paticular
highlight will be a presentation on the Tuesday morning from Dan
Geer. We can anticipate not only hearing real user requirements
that we can take back into our own organizations, but also we will
have opportunities to clarify them with the speakers themselves.
The New Structure for Meetings
The structure for our working meetings follows a different style
to what we have followed in past meetings, to focus meeting sessions
on specific work areas (projects), and invite members to choose
which work area activities they wish to participate in rather than
limit them to attendance in a specific Forum. This new structure
provides greater value to individual members by allowing them to
move freely across all Open Group activities relevant to their specific
interests.
Meetings on Wednesday through Friday
In line with the new meetings structure, we have an agenda that
transitions from being a Security Forum to enabling members to participate
in the complete range of Open Group activities (in all Forums) that
include security components. All our sessions from late Wednesday
and all Thursday comprise joint working sessions with the Messaging
Forum, the Directory Interoperability Forum, the Mobile Management
Forum, and the Real-Time Security Group.
|
Monday 22nd July 2002
|
Boundaryless
Information Flow: The Role of Web Services
See
Plenary agenda |
| 18:30 |
Networking Reception
|
|
Wednesday
24th July 2002
|
Security
Forum Meeting
(Members Only) |
| 09:00 |
Security
Forum Admin & Liaison
Welcome & introductions
Agenda review
Actions review from previous meeting
Members' expectations
News update & liaison reports |
Steve Jenkins
Ian Dobson
Ian Dobson
All
All |
| 10:30 |
Coffee Break
|
| 11:00 |
Security
Forum Admin & Liaison (contd.)
Intent & expectations from Joint Meetings
Other project activities
Future work planning |
Steve Jenkins/All
Ian Dobson/All
Steve Jenkins/All |
| 12:30 |
Lunch
|
| 14:00 |
Project:
Guides
Guide to Data Privacy
The latest
draft for the GDP Guide was reviewed in a teleconference
on 13 July. Closing date for review of this draft is 28
July, after which it enters the editorial review stage
that leads to completion.
Guide to Working with PKI
A skeletal
draft for GWP was reviewed in the April 2002 meeting
(Paris, France). It is open for review comments &
contributions from members leading up to the July 2002
meeting,
Other Guides
Proposed further
Business Guides are under consideration, and await
principal authors.
Project: Security Design Patterns
Guide to Security Design Patterns
Development of the latest draft
of SDP resulting from a telecon review on 5 July
|
Bob Blakley
Eliot Solomon
Eliot Solomon
Bob Blakley
|
| 15:30 |
Coffee Break
|
| 16:00 |
Project:
Security in SMC
Secure Messaging Challenge review, joint with Messaging
Forum
The Messaging Forum and the Security Forum will
meet together to review the outcomes of the Secure Messaging
Challenge. In this session, there will be a presentation
on the results of the Challenge testing, the Summary Report,
and in particular, the Secure Messaging Toolkit. There
will also be brief presentations on the EEMA PKI Challenge
and how it differs from the work of the Open Group Messaging
Forum.
This will be followed by an open discussion on security
issues raised as a result of the Secure Messaging Challenge,
with the intention of identifying work that still needs
to be done and how the forums might work together to do
it. This will also be picked up and expanded on in the
PKI Guidelines & Manageability Session on Thursday.
|
Dean Sepstrup |
| 17:30 |
Close
|
|
Gala Dinner
|
|
Thursday 25th July 2002
|
Security
in Open Group Work Areas
(Members Only) |
| TOGAF
Version 8 - Project Reviews |
| 09:00 |
Project
- Identity Management
joint with DIF, Messaging Forum, & MMF
We now have our Identity
Management business scenario. This joint session will
validate and prioritize Id Mgt requirements and identify
gaps in what the leading solutions providers (Microsoft
& Liberty Alliance) are offering. The MMF proposes
using this opportunity to lead a brainstorm session of those
present to garner input and gain understanding for the charter
and focus of their MIMACS WG |
TBA |
| 10:30 |
Coffee Break
|
| 11:00 |
Project
- Access Control
joint with DIF, Messaging Forum, & MMF
The goal is to run a "workshop" where
we will gather members' requirements for Access Control.
We will use this as input to creating a business scenario
that we can all use to move forward with assessing currently
available solutions, and highlighting what requirements
remain unaddressed. We have 2 use-case papers as starting
points, together with a Cisco presentation from the Paris
MMF meeting on their experiences in rolling out a mobile
solution internally.. |
TBA |
| 12:30 |
Lunch
|
| Joint
Sessions |
| 14:00 |
Project
- PKI Guidelines & Manageability
joint with DIF, & Messaging Forum
The DIF has its PKI Guidelines initiative and its
Directory & Key Management Infrastructure business scenario,
the Security Forum is developing a Guide to Working with
PKI & Related Technologies, and the Messaging Forum's
secure messaging challenge has useful lessons on working
with PKI. Also, the Security Forum is assessing a requirement
to address manageability of keys information. The US Government
and European Comission are two of many major customers demanding
PKI-based solutions to information security. We aim to establish
the common ground between each Forum, decide what we can
best contribute jointly to this problem space, and set up
appropriate joint work activities to move it forward. |
TBA |
| 15:30 |
Coffee Break
|
| 16:00 |
Project
- Security in Real-Time Environments
joint with Real-Time
Security Group
The Real-Time Security Group is meeting all day
on Thursday, and Security Forum members are welcome to attend
all of their meeting. However, the existing joint project
to review security in Real-Time Use Case Scenarios will
take place during the 16.00-17.30 session of their meeting,
to accommodate Security Forum members who prefer to attend
other joint-meeting sessions through Thursday. |
TBA |
| 17:30 |
Close
|
|
Friday 26th July 2002
|
| 08:30 |
Plenary
Feedback:
Reports back from all meeting sessions, to provide an overall brief of what has been achieved
in all working meetings during this Coinference week, and
to give a vision of the direction and plans for future
activities between now and the next Conference. |
Mike Lambert |
| 10:00 |
Coffee
|
Security
Forum Meeting (optional)
(Members Only) |
| 11:00 |
Security Forum Working
Groups,
to be agreed during earlier meeting sessions.
|
Ian Dobson |
| 12:30 |
Lunch and Close
|
|
