Conference Documentation
Amsterdam: 22-26 October 2001

Topicality:

"Active Loss Prevention" was the plenary theme for The Open Group Conference held at the Grand Hotel Krasnapolsky, Amsterdam, The Netherlands, from Monday October 22 through Friday October 26, 2001.   The Conference included a number of open sessions covering wireless, security, real-time and embedded systems, quality of service, architecture, as well as an Open Forum and a plenary feedback session reporting on the work achieved through the week.  There were also closed meetings of The Open Group member forums.

Active Loss Prevention

The Active Loss Prevention Initiative had a very successful first meeting, with excellent presentations and vigorous discussion over the two days. A number of key points emerged, including:

• The need for 24hr x 7day surveillance with specialized teams to monitor and respond
• A better understanding of how to replicate trust in the e-enabled world?
• Today we have poor or superficial methods of assessing risk, liability and premiums
• The nomenclature used today focuses downwards into technical and operational issues
• But to get better understanding we need a nomenclature for business people

There is a need to develop a risk taxonomy to describe how we understand risk in the eBusiness world, followed by development of loss tables, mitigation effectiveness, etc. This will lead to a better understanding of liability and risk mitigation. 

In the short term the focus of the Active Loss Prevention Initiative will be a thorough exercise to identify the needs of business, followed by an examination of what we can do in terms of applying the technology and knowledge of business processes/needs.  In the longer term, there appear to be a number of possible deliverables:

• Standard protocol for communicating liability information
• Standard protocol for communicating system integrity
• Standard API for applications to communicate with security functions
• Standard protocols for insurance, audit and “trust” information
• Expanded education program
• Certification program for the above standards

It must be emphasized that the Active Loss Prevention Initiative will be a business-driven effort, which will need the support of the more technical forums in The Open Group to deliver some of the likely protocols.

Guest Presentation

We were very pleased to have a presentation by Mathias Kraner of Predictive Systems on the "Security Issues for Mobile Internet Users using Wireless LAN (IEEE 802.11b) in Aviation Environments". 

Meeting Reports

For the third time at The Open Group Conference, we were able to Webcast many of the sessions across the Internet.  This enabled a significant number of people who could not travel to Amsterdam to benefit from the Conference and Member Meeting. Access to the recorded webcasts are available to members.

A report of the Plenary Feedback is available here.  Summaries, slides, and other materials are available in the full Post Meeting Documentation which is only available to Members, and to non-members who attended the Conference.

Our Speakers:

External contributors to other sessions through the week are too numerous to mention here (please see the individual reports). We extend thanks to all our speakers who gave such a breadth of information and insights in our Plenary and other Sessions.

Supporters:

We thank Predictive Systems who supported the Conference especially by helping us broadcast information about the Conference and in hosting the Guest Presentation.

Participation:

Forums & Work Groups:

Architecture Forum:

The Architecture Briefing included a package of material on TOGAF designed for people to  promote the use of TOGAF within their organization. There was an update on TOGAF Version 7 to be published in December, a presentation on the Business Scenario Process, a presentation on the Standards Information Base and the EEC project on standards-matter.com. The Briefing continued with two presentations from Pierre Cotte, NATO and Sang Hwan Kung, Cheonan University and NCA, Korea.

The Forum members did the necessary work on TOGAF 7.  It looked at the need for architecture tools, and examined proposals for certification of IT architects. The Forum also learnt from Jacques Francoeur about the Digital Chain of Trust.  Over the last few months, the Forum has looked at new areas for developing and exploiting architecture for business, business scenarios, etc., which will alter its focus. The Architecture Forum is growing in numbers with new members coming in to participate.

Directory Interoperability Forum:

The Forum met its objectives for the Open Brand for LDAP 2000.  Short term the Forum wants to consolidate its work and promote the Open Brand. In the medium term there will be a new version of the brand to include IETF ldapbis work plus one other high priority RFC. In the longer term the Forum has a list of items under consideration for a brand for enterprise directory. Alongside each new LDAP brand there will be a "Works With" brand.

The Forum will develop an appendix to the eBusiness Requirements Paper developed by EMA/EEMA to cover Directory Requirements, and will address a general model for eBusiness relationships, starting at the next meeting in Anaheim. The Mobile and Directory Business Scenario was advanced and will be written up. The Key Management Infrastructure guidelines work has been re-focused providing PKI Directory Guidelines for application developers and directory operators. Four sections have been drafted but there is much more to do. The Forum approved the Standards Prioritization White Paper which lists standardization activities of greatest importance. It will be used to help influence the work of other standards bodies and it has been used as the basis of developments for the LDAP brand.

The Forum made plans for its next meeting - Identity Management - the management by an organization of the roles and access rights of its employees and of people in other organizations it does business with, together with the management by the individual of his or her identities and roles in the employer and other organizations that hold them - is a hot topic for organizations and individuals. The Directory Interoperability Forum will be tackling it in an open meeting in Anaheim!

EMA Forum - The EMA Challenge:

The EMA PKI Challenge was the focus of activity.

Enterprise Management Forum:

New versions of the ARM, AIC and XSLM are being progressed.  The release of Pegasus 1.1 is imminent, and this open source initiative now embraces SNIA CIMOM.

There were two presentations during the week. The first was about the SBLIM Project on standards-base Linux instrumentation for manageability - a standard set of CIM information providers. This could lead to a new open standard. The second presentation was from Andreas Koppel on modeling real applications. This could bring a breakthrough for CIM into the ISV/application developer communities.

Mobile Management Forum:

The Forum meeting in Amsterdam followed a highly successful MMF Tokyo Summit which attracted 250 attendees for the Plenary and 125 attendees for the Working Session that followed. This was the first time in Japan that there had been a meeting focused on eBusiness to eBusiness mobile activity.

In Amsterdam the MMF members interacted with the other forums notably DIF and QoS.  Planned vertical workshops include the Utility Workshop (Dec 6-7, 2001) in San Francisco co-hosted with Western Utility Grid, the Health Care Workshop (mid-January, 2002) in North East USA with the Mobile Health Care Alliance, and the Transportation Workshop, (end-January, 2002) in Germany. These workshops follow on from the Financial Services Workshop and will help refine MMF requirements documents.

Quality of Service Task Force:

The Task Force covered a variety of topics including: the End-to-End Component Map, the QoS Task Force Road Map for 2002, the current state of major QoS standards, an overview of the TeleManagement Forum's SLA Handbook and the proposed Joint Initiative between The Open Group Task Force and the TMF, Service Management from a Service Provider and a Customer perspective, Application Profiling and Classification efforts, the QoS Task Force's Boeing Business Scenario and their use of Service Level Agreements and Application Instrumentation, the DMTF's Common Information Model (CIM) and its applicability to QoS and SLA requirements and policies. In addition there were several joint sessions with the Enterprise Management, Directory, and Mobile Management Forums where QoS issues common across each of the forums were addressed.

Three standing committees were proposed: 1) Applications, Computing & Servers Committee - This will focus on internal instrumentation of applications as well as server & storage management.  The TMF is interested in working with this committee and for the evolution of their SLA Handbook from the enterprise perspective. 2) Architecture & Policy Committee - This committee will work in two key areas. The first oriented to the Control Architecture / Decision Point / Monitoring Point and the second area on Service Level Definition, Policies and Policy Stores. 3) Networking & Transport QoS / CoS Committee - This will address the range of behaviors that can be taken in the network to support QoS policies.  Mobile scenarios with path changing aspects need to be accounted for here as well.

Proposed new projects for the Task Force are: 1) Application Classification Mapping Project - Application classification to traffic type.  2) Session Persistence Project - Work with the Mobile Management and Directory Forums to drive detailed analysis of the standards required to deliver QoS with session management for mobile environments.

Real-time and Embedded Systems Forum:

The Forum built on 2001 achievements and the planned deliverables for 2002.   These include test suites for POSIX 1003.13b Profiles 51 and 53, a certification program for POSIX Real-time profiles, a specification for Security for Real-time and Embedded Systems with reference implementations, a number of white papers concerned with security topics, and a new test and certification program in the area of Security for Real-time and Embedded Systems.

The Real-time Forum Working Groups are making good progress.  The Hard Real-time Java requirements Group continues with the emphasis on FAA certification requirements (DO-178B).  The Security for Real-time and Embedded Systems Group carried out a final review of RFI for Security for RT & ES.  The Safety Critical Group prepared an outline of their approach and identified the relevant domains.  A Pervasive Computing Requirements Working Group is targeted to start its work in Anaheim.

Security Forum:

The Forum approved the publication of the Managers Guide to Information Security. This is the first in a new series of publications which are informal and informative, with an individual voice and point of view. The Forum also worked on the Guide to Security Patterns and decided that those deemed ready will be published on the web as soon as possible after this meeting.

The Forum held joint sessions with MMF, QoS and DIF on security issues in mobile and directory.  It also heard a presentation from Dr Jimmy Tseng on the Fiducia Project concerned with an analytical framework for evaluating risk in interoperable PKI.  Members were also very active in the Active Loss Prevention Sessions.

The Forum confirmed plans for its activities through 2002, including writing at least 2 more guides, and completing a comprehensive patterns set for the Guide to Security Patterns. It is also looking at open source development to support the AZN API. It assigned specific actions to ensure good progress continues between now and the next meeting. 

Next
Conference: