Feedback Session

Itinerary:

• Introduction
• Customer Council
• Mobile Management Forum
• The Real-time and Embedded Systems Forum
• Quality of Service Task Force
• Security Forum
• Active Loss Prevention
• Architecture Forum
• Directory Interoperability Forum
• Enterprise Management Forum
• Electronic Messaging Association (EMA) Forum - The EMA Challenge

Introduction

Mike Lambert, VP and CTO, The Open Group introduced the Closing Plenary Session where the Forums and the Customer Council reported on the their work during the week.  

Mike commented that this had been an outstanding conference with 150 people present in Amsterdam.  This at a time of world turmoil following the attacks on the USA on September 11. He reported that there had been more than 10 web casts plus teleconferences during the week, with at least 100 people connecting from outside. Active Loss Prevention had a great plenary and workshops. The next step was to implement the program and follow up on the issues and requirements discussed during the sessions. The general feedback from the forums was favorable with a lot of work done and a lot of people involved over teleconferences.

Mike commented on the evaluation from the Monday Plenary, noting the ranking for speaker knowledge (second histogram on slide).

Mike announced the meeting dates and schedule for The Open Group Conferences in 2002.  The first meeting in January (21-25) will take place at Anaheim on the theme of Integrated Information Infrastructure (in3) The following meetings alternate from USA to Europe:

The locations are not fixed but the dates are.   Mike asked people to put the dates in the diary.

• Anaheim, 21-25 January 2002
• Brussels, 8-12 April 2002
• Boston, 22-26 July 2002
• S. Europe, 21-25 October 2002

A PDF file with the presentations can be found here.

Customer Council Meeting

Carl Bunje, Chairman on the Customer Council, talked about the work of the Council. He focused on the Requirements Journal Highlights. The members had a look at each requirement in the journal and had a brief update on each. This covered:

Directory Standards for Enterprise Management

• Requirements ID: DISA_1.2
• Forum Alignment: Directory Interoperability Forum
• Presentation: Skip Slone - Lockheed Martin

Meaningful Management Framework APIs - Pegasus

• Requirement ID: DISA_2.3
• Forum Alignment: Enterprise Management Forum
• Presentation: Martin Kirk - The Open Group

Understanding Security Issues - MGIS

• Requirement ID: Block_1.4
• Forum Alignment: Security Forum
• Presentation: Eliot Solomon - SIAC

In Austin there was a workshop that explored interoperability and the enterprise, the documentation is available to members here . An overview was presented and next steps discussed. Both the supply-side and buy-side would be involved. There is a detailed plan of action: identification of building blocks, mapping, etc. He anticipated that the business scenario could be used by members to identify a common sets of goals and solutions.

Carl went on to discuss other customer activity over the last three months. He mentioned the "Customer on the Move" scenario flowing from the work of the MMF and DIF; the End-to-End QoS scenario originally done with Boeing, looking at a set of manufacturing processes covering end-to-end QoS and recognizing that this can be extended to incorporate other customer requirements for end-to-end QoS; referred again to the Interoperability Enterprise Scenario; and the PKI Management Scenario.

Finally Carl covered two proposed activities. The first proposed by Chris Greenslade to collect requirements from the attendees at the Regional Meeting. The Council would act to facilitate this.

The second from Terry Blevins was to carry out challenges along the lines of the EMA PKI Challenge. The Council will look for suitable avenues and ideas.

Mobile Management Forum

Gregory Gorman started by talking about the Wireless Event, the MMF Tokyo Summit, which took place 13 days after the 11 September. It attracted 250 attendees for the Plenary and 125 attendees for the Working Session that followed. Gregory noted that all but one speaker had been able to get to the event and that this was the first time in Japan that there had been a meeting focused on eBusiness to eBusiness mobile activity.

Gregory said that there had been five presentations of B2E applications covering health care, insurance, telematic automobile of the future, and the pharmaceutical industry. The presentation slides are available on The Open Group web site.

In Amsterdam the MMF Forum members interacted with the other forums. Gregory mentioned

• the joint Meeting with DiF reviewing mobility aspects of mobile worker from Berlin scenario.
• the review of Wireless Network of the Future presented by Lynx Consulting
• the teleconference involving contributors from both coasts of the USA with the creation of a Working Group to define AAA requirements for mobile workers
• the joint meeting with the QoS Task Force with the NEC MASA Network Presentation
• the further refinement of MaD Business Scenario for Mobile Worker

Gregory went on to talk about the planned vertical workshops:

• The Utility Workshop, Dec 6-7 2001 in San Francisco co-hosted with Western Utility Grid
• The Health Care Workshop, mid-January in North East USA with the Mobile Health Care Alliance
• The Transportation Workshop, end-January in Germany

These workshops will help refine MMF requirements documents.

The minutes and presentations from the vertical workshop on financial services is available on the web site, and the others will be added following each event.

The Real-time and Embedded Systems Forum

Joseph Bergmann, Co-chair of the Real-time and Embedded Systems Forum introduced the work of the Forum. Joe mentioned new members (OAR Corporation and RE-GIS) and expectations for four further members before the next meeting.

Joe looked at the roadmap with the planned deliverables:

Building on 2001 achievements, the planned deliverables for 2002 are as follows.

Test suites for POSIX 1003.13b Profiles 51 and 53. These are interesting profiles because they do not have a file system so that they have to be worked remotely

Certification program for POSIX Real-time profiles

Specification for Security for Real-time and Embedded Systems with reference implementations

White Papers

Security for Real-time and Embedded Systems

Standardized security for Safety Critical Applications

Safety Critical Applications

Another test and certification program (Security for Real-Time and Embedded Systems). The security specification is planned for publication by July 2002 linked to a reference implementation. This work is being done with our Classic Security Group.

Joe examined the status of each of the Real-time Forum Working Groups

1. Testing and Certification Group
        Did not meet
2. Real-time Profiling Group
        Did not meet
3. Joint Real-time and QoS Working Group
        Did not meet
4. Hard Real-time Java requirements
        20 attendees (8 via teleconference)
        Requirements collection to continue with emphasis on FAA certification requirements (DO-178B)
5. Security for Real-time and Embedded Systems Group.
        17 attendees (9 via teleconference)
        Final review of RFI for Security for RT & ES
        RFI to be issued no later than 2 November - responses due by 20 January 2002
        Security Specifications due July 2002
6. Safety Critical
        8 attendees on site
        Outlined Approach
        Identified Domains

Joe reminded us of the Working Group Champions

Security - Sam Bowser
Hard Real-time Java - Robert Allen/LTC Logan
RT Profiles - Andrew Josey/Joe Gwin
Testing and Certification - Lt Col Glen Logan
Safety Critical - Dave Emery

Finally Joe mentioned some additional items

• Pervasive Computing Working Group targeted for January meeting
• Testing and Certification
  • Profile 52 Beta Test underway
  • Need companies to:
    • Provide small profile implementations
    • Participate in beta test

Quality of Service

Jean Hammond, the new Chair of the QoS Task Force introduced the work of the Task Force which focuses on end-to-end QoS.

The QoS session was an open to the public working session, with two full days of very interesting speakers and thought provoking discussion throughout. Through separate and joint sessions with other Forums of The Open Group, the Taskforce covered a variety of topics including: the End-to-End Component Map, the QoS Task Force Road Map for 2002, the current state of major QoS standards, an overview of the TeleManagement Forum's SLA Handbook and the proposed Joint Initiative between The Open Group Taskforce and the TMF, Service Management from a Service Provider and a Customer perspective, Application Profiling and Classification efforts, the QoS Task Force's Boeing Business Scenario and their use of Service Level Agreements and Application Instrumentation, the DMTF's Common Information Model (CIM) and its applicability to QoS and SLA requirements and policies. In addition there were several joint sessions with the Enterprise Management, Directory, and Mobile Management Forums where QoS issues common across each of the forums were addressed.

Jean commented on the work towards a QoS Standards Information Base. 

During the working sessions on Organizational and Work Re-Structuring, the QoS Taskforce arrived at a proposal for three standing committees and two projects.

The proposed standing committees are: 

1. Applications, Computing & Servers Committee - This will focus on internal instrumentation of applications as well as server & storage management. There are a number of research activities and standards review activities that need to be coordinated with the R&D, Real-Time, and Enterprise Management efforts of The Open Group. The TMF is interested in working with this committee and for the evolution of their SLA Handbook from the enterprise perspective.
2. Architecture & Policy Committee - Focus of work for this committee includes two key areas. The first is oriented to the Control Architecture / Decision Point / Monitoring Point and will support an architecture for resource responsive behaviors in both computing and network resources as well as user & condition specific policies. The second area of focus will be around the Service Level Definition, Policies and Policy Stores. 
3. Networking & Transport QoS / CoS Committee. - This will address the range of behaviors that can be taken in the network to support QoS policies include prioritization, path selection and policies for aggregating traffic (especially in IP environments). Mobile scenarios with path changing aspects need to be accounted for here as well.

The proposed new projects are: 

1. Application Classification Mapping Project - Application classification to traffic type. This project needs to assess the efforts of various groups, the development of detailed examples, with the results being propagated to other key consortia organizations and vendors. 
2. Session Persistence Project - This committee would work with the Mobile Management and Directory Forums to drive detailed analysis of the standards required to deliver QoS with session management for mobile environments.

Jean gave a brief introduction to a pair of process slides showing the sequence and nature of activities of the QoS Task Force Committees.

Jean commented on the need to build the membership and her hope that the QoS Task Force could act as a integrator of work from other organizations showing willingness to work with The Open Group.

Mike Lambert observed that Jean had a lot of detail in the slides. He anticipated a future session when members can be encouraged to participate by phone to get a fuller explanation of the QoS work. This might encourage greater participation and ensure awareness of the breadth on activity.

Security Forum

Steve Jenkins, Chair of the Security Forum, introduced the work of the Security Forum.

Steve announced the publication of the Managers Guide to Information Security. This is the first in a new series of publications which are informal and informative, have an individual voice and point of view. The Guide has been reviewed and commented upon favorably by members of the Forum, the Customer Council and in Formal Company Review by The Open Group.

Planned guides include Privacy by Bob Blakley and Jacques Francoeur, Disaster Recovery by Vance Heron (with support of the EMF and QoS), Single Sign-On, Implementing Security Policy, Implementing Information Security, Non-repudiation, and Enterprise Systems Management. This list is in order of commitment.

Steve went on to mention the Guide to Security Patterns. He discussed current pattern drafts: secure communication, protected system, security context, secure association, subject descriptor, replica and replicated system, failover. Bob Blakely will take the lead in developing the pattern drafts further and those deemed to be ready will be published in the web in the near future.

Steve commented on a variety of activities during the week. This included a joint session with MMF, QoS and DIF on security issues in mobile and directory. There was also an invited presentation from Dr Jimmy Tseng on the Fiducia Project concerned with an analytical framework for evaluating risk in interoperable PKI.

Steve said that the Security Forum were looking at open source development to support the AZN API. Specific actions were discussed and actions agreed that will lead to progress.

There was a brief discussion of the relationship between building blocks and patterns. The members looked at TOGAF 7 and its discussion on patterns. There doesn't seem to be a problem on this issue.

Finally Steve commented on the work of the Forum. There was good attendance, vigorous participation, an apparent consensus on agenda, tangible progress on near-term deliverables, and detailed action plans for upcoming projects. Overall he thought is was a good conference and an enjoyable week.

Active Loss Prevention

Ian Lloyd, Program Director, gave his report on the formation of the Active Loss Prevention Initiative. He commented that the plenary session on Monday went well with good presentations. A number of key points emerged:

• The need for 24hr x 7day surveillance with specialized teams to monitor and respond
• A better understanding of how to replicate trust in the e-enabled world?
• Today we have poor or superficial methods of assessing risk, liability and premiums, although the Tuesday sessions included a presentation from Predictive showing that some aspects of risk can be quantified.
• The nomenclature used today focuses downwards into technical and operational issues
• But to get better understanding we need a nomenclature for business people

There was good discussion on Tuesday with vigorous debate.

We have developed a picture (see slide). 

Then idea is to develop a risk taxonomy to describe how we understand risk in the eBusiness world, followed by development of loss tables, mitigation effectiveness, etc. This leads to a better understanding of liability and risk mitigation. Ian commented that this would require careful consideration to identify the needs of business first, and then what we can do about it in terms of applying the technology and knowledge of business processes/needs.

Ian looked at longer term deliverables, following from a number of white papers. These were summarized as follows:

• Standard protocol for communicating liability information
• Standard protocol for communicating system integrity
• Standard API for applications to communicate with security functions
• Standard protocols for insurance, audit and “trust” information
• Expanded education program
• Certification program for the above standards

Ian commented particularly on the need for education.

Architecture Forum

Chris Greenslade, Chair of the Architecture Forum, gave an account of its work.

He observed that the original focus was TOGAF, ADML and TABB. Over the last few months, the Forum has looked at new areas for developing and exploiting architecture for business, business scenarios, etc., which will alter the focus. The Architecture Forum is growing in numbers with new members coming in to participate.

The Architecture Briefing included a package of material on TOGAF (this is included in the CD-ROM handed out to delegates at the Conference). Chris encouraged everyone to pick up this package and promote the use of TOGAF within their organization. The Briefing also had a update on TOGAF Version 7 to be published in December, a presentation on the Business Scenario Process, a presentation on the Standards Information Base and the EEC project on standards-matter.com. The Briefing continued with two presentations from Pierre Cotte, NATO and Sang Hwan Kung, Cheonan University and NCA, Korea.

Chris commented on the work in the Forum. First, the necessary work towards TOGAF 7. Second the need for tools. Third the need for certification of IT architects. The Forum also looked at the Digital Chain of Trust discussed by Jacques Francoeur.

Chris commented on the need to revisit the Technical Reference Model (TRM). He also picked up on the challenge to find and promote the use of tools for architecture, this can be tied into the work on building blocks and their definition in ADML.

Directory Interoperability Forum

Chris Harding, Program Director, gave an overview of the meeting. There are eight working groups, all active bar one which is waiting on IETF action. Of the objectives of the Forum, the most important is the LDAP 2000 and Works with LDAP 2000 program which involves certification and testing, a core competence of The Open Group. The meeting objectives were:

Plan revision and future development of The Open Brand for LDAP 2000. A position paper was discussed. Short term the Forum wants to consolidate its work and promote the Open Brand. In the medium term there will be a new version of the brand to include IETF ldapbis work plus one other high priority RFC. In the longer term the Forum has a list of items under consideration for a brand for enterprise directory. Alongside each new LDAP brand there will be a Works With brand.

Start development of an E-Business Relationship Model. The work was stimulated by a position paper developed by EMA/EEMA eBusiness Requirements Paper. The Forum will develop an appendix to cover Directory Requirements (with other Forums hopefully adding appendices on security and messaging in due course). The model itself will be addressed during the next meeting in Anaheim.

Review the draft Mobile and Directory Business Scenario. The scenario is a real cooperative exercise based on the work presented by the MMF in Berlin. The written scenario will be prepared based on the powerpoint presentation used in Amsterdam.

Progress the development of the Guidelines for use of Directory in the KMI. This is work prompted by the business scenario on directory in the key management infrastructure. The work has been refocused providing PKI Directory Guidelines for application developers and directory developers. Four sections have been drafted but there is much more to do.

Other major Items were:

Standards Prioritization White Paper. This consists of a list of standardization activities which the Forum considers to be most important. It will be used to help influence the work of other standards bodies and it has been used as the basis of developments for the LDAP brand. The white paper has been approved and will be published following an editorial sanity check.

Global Directory Forum. This is a virtual organization. It met by teleconference with members of the WEMA meeting in Nice. Apart from technical problems with the line, the cooperation was maintained.

Chris mentioned topics for Anaheim, especially the topic of identity management, how you manage who is who, etc.

Enterprise Management Forum

The Enterprise Management Forum work was covered by Martin Kirk, The Forum Director.

The Forum did some housekeeping with the publication of ARM 3.0 Java Binding, the AIC 1.1 going through company review, and the next iteration of XSLM projected for delivery Q1 2002.

Martin explained the status of Pegasus with the release of 1.1 imminent. With this release Pegasus is almost functionally complete. It will lack the query language and some aspects of security. The total investment from members - 20 full time engineers are working on the code base. The SNIA have migrated their CIMOM project work into Pegasus.

There were two presentations during the week. The first was about the SBLIM Project on standards-base Linux instrumentation for manageability - a standard set of CIM information providers. This could lead to a new open standard. The second presentation was from Andreas Koppel on modeling real applications. This could bring a breakthrough for CIM into the ISV/application developer communities.

Martin summarized work for the immediate future:

• Pegasus
  • Face-to-face and mini-plugfest in November
  • Finalise version 1.1
• SNIA CIMOM
  • Bring the code base into our CVS server
  • Migrate the development process
• AIC
  • Initiate the Company Review
• ARM
  • Publicize the new standard

Martin mentioned some issues and the need to avoid conflicts with the QoS Task Force. In Amsterdam there was progress in getting the members working together.

Finally he commented on plans for the January Conference in Anaheim. Plans include a CIM/WBEM themed day building on current activities, user needs, and future directions. The Forum plans to target non-member ISV/End Users as attendees to cover the ideas presented by Andreas Koppel, to leverage the location bringing in Pegasus and SNIA developers, and to start work on management patterns.

Electronic Messaging Association (EMA) Forum - The EMA Challenge

Dean Richardson presented on the EMA Challenge. Dean has been actively recruiting members for the Challenge. The Challenge is enable organizations to exchange strongly encrypted email using a standards-based, vendor neutral architecture that does not require manual key exchange. Lynx and Boeing are ready or close to be ready to test.

Finally Teresa mentioned that EMA Forum members were participating in meetings with other Forums, especially the DIF and Security Forum work.

The slide presentations are available here.