Home · About · A-Z Index · Search · Contacts · Press · Register · Login Plenary - Boundaryless Information Flow: Keeping IT Secure Day 5: Friday 7th February 2003

Conference Home Page Proceedings Index Conference Report Open Source in the Enterprise Messaging Forum QoS Task Force / Enterprise Management Forum Security Forum Architecture Forum Directory Interoperability Forum Mobile Management Forum Mobile & Directory Identity Management Real-Time & Embedded Systems Forum COE Forum Looking Forward Conference Home Page Proceedings Index

Conference Report Mike Lambert, The Open Group CTO, reviewed the conference as a whole: Highlights There had been a strong security theme through the week.  Based on the evaluation forms, 'Saving Private Data' was the highlight of the week.  With one exception, everyone had rated it 5 out of 5. There had been excellent presentations from Cybersecurity chiefs from 3 continents, and from leaders of 6 other security related organizations Work was begun on Boundaryless Information Flow architecture work, and there were several other significant new initiatives that would be covered in the reports to follow. Conference Attendance and Feedback Attendance had been remarkable, well above the level of this time last year: 156 members and 104 non-members. Overall Conference Feedback Conference feedback was good, and people were particularly impressed with the knowledge of the speakers on Monday and Tuesday. Comparison with Previous Conferences In the conference survey, delegates had been asked to suggest topics for future events - each respondent was invited to nominate up to 4 topics.  The following topics had each been suggested by two people: Grid Computing  - planned for July 03 Web Services Identity Management Security while the following topics were each suggested by one respondent: Regulatory requirements for electronic records Security Architecture .NET XML System Management Trust Relationships Biometrics/Strong Authentication Virtualization Standards Management Open Source Architecture Web Security Access Management Voice over IP Wireless Avionics Mobility & Security IT Vision Applications/standards language considerations to reduce security risks Top Open Source in the Enterprise Carl Bunje, Boeing What Happened This Week This meeting was essentially the Customer Council session., and was a continuation of the work that was begin in Cannes. Inputs were collected from all attendees, and there were presentations/discussions on the scope of the work, and best practices. There was also a discussion of possible work items: Guidelines for the business case for Open Source Managers‘ guide for Open Source in the Enterprise Guide for Open Source risk management TOGAF guidelines for use of Open Source Building Blocks in architectures There were people interested in pursuing all these topics. Materials from the meeting were posted at http://www.opengroup.org/ose/ Forward Plans Activities were put in place to: Find volunteers to create workable descriptions of value-added Establish work items with critical mass Use Austin members-meeting to start an “Open Source task force” and activity to cause convergence. In parallel, evolve an inclusive description of The Open Group’s contributions in the Open Source space Draft Agenda for Next Meeting The Task Force plans to meeting during the Austin Members' Meeting. “Open Source Task Force” Update on progress on The Open Group’s contributions in the Open Source space Report by leaders of work items Progress individual work items Possibly parallel sessions Closing review at the end: progress made next steps Top Messaging Forum Mike Lambert has temporarily taken over as the lead point for the messaging forum, and he presented the results of the week's work. What Happened This Week The Forum began with a planning meeting which had looked at: Secure Messaging Next Phase, encouraging deployment through workshops, and a PLUGfest.  The Managers Guide to Secure Messaging is a rather technical document and a need for something more accessible is required.  The group had looked at the [potential for a Virtual Post Office which would carry out functions such as virus checking before re-encrypting and forwarding the mail. Managing Spam - this is a real problem with no product that fully solves it. Unified Messaging -  Instant Messaging -  Identity Management Secure Messaging Workshop - how to install secure messaging on Lotus and Microsoft products. Forward Plans Secure Messaging.  There will be some workshops which will identify standards that have been used: Workshops (Q1/Q2) PLUGfest (Q3/Q4) Standards Analysis (Q2) Managing Spam: Spam Defined (Q2) Analysis of defense options (Q2) - a guide to suing spammers through the courts. Guide to taking legal action against a Spammer (Q4) Unified Messaging.  The aim is to understand what the problem is, by running a business scenario workshop: Draft business scenario (Q2) Standards analysis (Q3) Instant Messaging.  The aim is to start by creating a problem statement (Q3) Continue with th idea of running educational seminars: Secure Messaging (Q1) Spam (Q2) Instant Messaging (Q3) Unified Messaging (Q4) Draft Agenda for Next Meeting: Repeat of Secure Messaging Workshop Spam Seminar, which will be open. Draft of white paper available for review Unified Messaging - the first draft of the business scenario. Workshop to validate strawman business scenario definition Top QoS Task Force / Enterprise Management Forum Martin Kirk presented the work of these groups which have been increasingly working in a cooperative manner. What Happened This Week A meeting of joint sessions: Report on an SLA Survey which had been carried out. QoS/TMF SLA Handbook - the QoS group is writing Volume 4 of the TMF Handbook. QoS/EMF Application Manageability.  Tom Bishop presented a vision of an activity that needs to be done on Application Manageability. QoS/Real Time Aggregated Systems Challenge - a meeting between the QoS and Real Time Groups. QoS/EMF Planning Session - it will be better if the two groups can work much more closely together, with co-chairs. Forward Plans The groups plan to: Continue their current activities - the SLA Handbook, QoS/RT Challenge, XSLM, ARM, Pegasus, but also to Launch major new activity - Application QoS.  The aim is to produce a “Call to Arms” recruit participants, and to launch the activity in Austin. Draft Agenda for Next Meeting Public Sessions Pegasus Developer’s Seminar Application QoS Launch Joint and separate sessions QoS/RT Challenge workshop SLA Handbook ARM EMF Specification deliverables Top Security Forum Steven Jenkins presented the work of this Forum. What Happened This Week Saving Private Data presentation to plenary, and went very well. There was also a presentation on security issues from a consortium called Interoperable Informatics Infrastructure Consortium (a trade organization that deals mostly with life sciences). There were Joint sessions with DIF on Identity Management, and with the  MMF on Secure Mobile Architecture. There were also work sessions on Guide to Privacy, Guide to Identity/Authentication, Guide to Security Patterns, Security Architectures for Boundaryless Information Flow, and a session planning for Austin and future work. Forward Plans Some activities had been delayed by the Saving Private Data activity, and these are the revised planned dates: Technical Guide to Security Design Patterns (Feb 2003) Guide to Data Privacy (Feb 2003) Guide to Identity/Authentication (Mar 2003) Access Control white paper (draft Feb 2003) Extended Identity Management business scenario (Jun 2003) Intrusion Attack & Response Workshop Scenario white paper (Mar 2003) - based on 'Saving Private Data'. In addition, weekly teleconferences are planned on Security Architectures for Boundaryless Information Flow. Draft Agenda for Next Meeting Plenary Overview on Security Forum Open Session on New Approach for Architecting Security for the Whole Enterprise Incorporating TOGAF methodology and the “family of architectures” concept Work sessions on ongoing projects Architecture Forum Chris Greenslade, the Forum Chairman, presented the work of the week. What Happened This Week There was the Industry Announcement of TOGAF 7 Certification for Training, Practitioner, Professional Services, and Tools.  There have been a lot of encouraging enquiries from people interested in certification, as well as those who had already done so. TOGAF 8 - "Enterprise Edition" had been discussed. There were a number of presentations on the subject of Architecture usage, including: Business Scenarios in Software Development - Mike Starkey, IBM US Airforce Common Integrated Infrastructure - Barry Smith, Mitre The group is increasingly working in collaboration with other groups, and there were therefore meetings on: TOGAF and OMG's MDA - Allan Kennedy, Kennedy Carter TOGAF and DSDM (Dynamic Systems Development Method) - David Harrison, Popkin Software The Eclipse Open Source Architecture Toolkit - David Jackson and Sridhar Iyengar, IBM Open Source and TOGAF There was also a presentation on Industry Reference Models and TOGAF - Ian McCall, IBM, which leads onto the topic of Boundaryless Information Flow. Forward Plans Changes to work cycle.  In the past TOGAF has been updated each year, but now that there is a certification process this needs to be revisited. There were discussions about the prospect for a Chief Architect’s Forum Open Source and TOGAF Alignment with DSDM concepts Further consortia collaborations Promotional activities - TOGAF needs to be promoted now that the certification scheme is in place. TOGAF 9 needs to be planned, with enhancements to IT Governance, Requirements Management and incorporate feedback. Work on the agenda for the next meeting was still ongoing. Top Directory Interoperability Forum Winston Bumpus presented the work of this group. What Happened This Week During the week the definitions of 'LDAP Certified' and 'LDAP Ready' had been completed, and a Plugfest had been held testing LDAP and DSML, with 27 participants including 9 vendors.  Remote participation was also enabled. There was also a discussion of directory replication - there is a need to review requirements in light of the new XML-based directory environment. Forward Plans Launch LDAP Certified and LDAP Ready - there is a need to find a suitable venue Marketing and Promotion of solutions enabled by interoperable directory There is a need to continue working on a new vision of Directory: not just LDAP - data store with multiple interfaces Draft Agenda for Next Meeting The agenda is still unfolding but likely activities include: Current and emerging directory technology Enabling interoperability for new directory technology Directory as part of the Enterprise architecture Marketing and Promotion of interoperable directory solutions Top Mobile Management Forum Peter George reported on a successful week. What Happened This Week There had been a joint meeting with PCCA Portable Computer and Commnunications Accosiation, 50 attendees, with wireless case studies from the buy-side - Utilities, Telecoms, Manufacturing, Defense. An exercise was carried out to come up with a common lexicon of terms in the mobile space - Mobile Taxonomy Definitions Exercise. The SMA (Secure Mobile Architecture) Issues and Requirements document was reviewed.  The document was agreed and a public extract published. The Vision & Architecture Framework was discussed. There were several new companies attending the meeting, and a new Member: Pacific Gas & Electric. Also, a new MoU had been agreed with the Mobile Computer User Group. Forward Plans In April 2003: MMF SMA I&R (Version 1.1)  Working Draft of Vision & Architecture Framework  Detail SMA architecture security elements challenge June 2003 : SMA Vision & Architecture Framework 1st Draft Complete July 2003 : Vision & Architecture Framework Review   August 2003 : SMA Issues and Requirements document (Version 1.2), incorporating feedback from above review Draft Agenda for Next Meeting MMF members requested a closed meeting for as much time as possible, to: Develop and review a work in progress draft of SMA vision and architecture. Detail a Challenge around specific security elements of the SMA. Work with DISA to discuss their Wireless Access Framework. Top Mobile & Directory - MMF and DIF Working Together Ed Harrington presented. What Happened This Week The meeting had reviewed the challenge definition and the draft directory schema.  It had also reviewed the overall situation: the project is about 3 months behind schedule, and its relevance had been questioned in the light of market developments.  The group had reconsidered the July timescale for the  Challenge demonstration, and could re-appraise this in March. Forward Plans Try to recruit some WISPs (Wireless ISPs) to the Challenge team, and re-appraise its viability if this initiative fails. Presentation of ideas at Catalyst in July, may include demonstration if progress better than expected Develop Challenge architecture through detailed use cases, looking at TOGAF, and probably have a Challenge demonstration in October. Draft Agenda for Next Meeting Review of Challenge definition and Architecture, incorporating WISP requirements Plan development of software needed for client devices and for Network Operation Centres (NOCs) Finalize presentation of Challenge ideas Start test plan development - a testing coordinator is needed. Plan Challenge logistics and marketing Top Identity Management - MMF, DIF, Security & Messaging working together Chris Apple reported on a very successful session. What Happened This Week This had been an Open Meeting on Identity Management, with presentations on implementation strategies from Novell, Business Layers, ePresence, CA, IBM, and Verisign.  As a result a work program for 2003 had been agreed. Forward Plans Produce an Identity Management Roadmap White Paper Produce an Identity Management Implementation Catalog Revision of Business Scenario Interoperability Challenge Participation in Boundaryless Information Flow cross-functional team Draft Agenda for Next Meeting Review drafts: Identity Management Roadmap White Paper Identity Management Implementation Catalog Revision of Business Scenario Enterprise Identity Management Architecture Discussion of approach and method Use of The Open Group Architectural Framework (TOGAF) Relevance to Boundaryless Information Flow Top Real-Time & Embedded Systems Forum Joe Bergmann reported on a very interesting, focused and enthusiastic meeting with 53 attendees. What Happened This Week Security for Real-time.  The group: Agreed to use the MILS PP originally submitted by the Joint Strike Fighter program which contains a restricted kernel. Initiated work on a Protection Profile for a normal kernel. Agreed to develop a White Paper covering the value for a family of Protection Profiles. Next working session on 6 March in Washington DC. Next formal meeting in Salt Lake City and Austin on April 30 via video conferencing. Open Architecture for Real-time A Working Activity was launched.  This is going to be based on an architecture from the US Navy. Informative presentations from TimeSys, The Open Group, US Navy, Northrop Grumman and Boeing. Agreed to develop Road Map prior to April Meeting. Next formal meeting in Salt Lake City and Austin on 29 April via video conferencing. Real-time Java for Mission/safety Critical Applications Informative presentations covering Open Toolkit, Distributed Java,and and an update on a RT Java project from JPL. Completed initial draft Java Specification Requirement (JSR). Recommended JSR to start 30 day group and legal review on 1 March. Expectation -- the final JSR to be submitted to the Java Community Process (JCP) at meeting in Austin. Forward Plans The group plans the following activities: Real-Time Operating Systems Profiles & Certification Generic POSIX Real-Time Certification Program (Q3), based on a US Army profile Real-Time Operating Environment Profile (Q2), worked with IEEE Security for Real-Time Security Protection Profile (Q2) Safety/Mission Critical Applications.  This group did not meet this week, and a new meeting is planned for Mid-March in Boston Best Practice Guide for COTS vendors (Q2) End-to-end Safety Verification Real-time Java Safety critical Java profile JSR (Q2) Attempt to formalize a Real-time Java Expert Group (Q2) Open Architecture for Real-Time Hope to have a roadmap complete by the next meeting. (Q2) Draft Agenda for Next Meeting Joint meeting with IEEE PASC SSWG RT Group Real-Time Operating Environment Profile Real-time Security Finalise MLS Security Protection Profile New Profile without restrictive kernel Safety/Mission Critical Applications Work on Best Practices Real-Time Java Finalize Safety-Critical Java Profile JSR Formalize Real-time Java Expert Group Open Architecture for Real-Time Top COE (Common Operating Environment) Forum Graham Bird introduced the role of this group, which had first met in the last quarter of 2002. What Happened This Week The group articulated its Vision: To drive the evolution of the warfighter’s platform to meet the needs of DOD / DISA programs and to meet the needs of participants, and its Mission: To maintain and evolve the COE KPC, and to nurture the Network Centric System program by recommending industry best practices, involving the NCS program in industry directions and providing a forum for integrators, contractors and application providers. Its goals are to build confidence in DISA, to broaden membership, and to reduce the cost of compliance and testing. Forward Plans Test Suite improvements Security test suite COE Kernel Automation report Improve the Specifications: Appendix B (I&RTS) and Appendix E (Security SRS criteria) The Open Source initiative is being discussed, and the group will talk to DISA re IP and support contracts Communication activities were planed: Report to DISA execs, and follow up a COE Forum offer to write NCS program docs In order to broaden the membership, there were proposals to review the membership options Draft Agenda for Next Meeting (Boston, not Austin) DISA perspective on NCS Service perception on NCS Army, Air Force, Navy, Marine Review of the status of Open Source The Linux COE platform - how to create greater synergy. Work Program review. Top Looking Forward Mike Lambert reviewed the plans for future meetings.  The public holiday schedule had created some problems, and as a result the meeting plan was as follows: Forward Schedule Members' Meeting (not a Conference): April 28 - May 1, Austin, Texas.  Theme: Making Progress Towards Boundaryless Information Flow. May 7th : London (Conference, not a members' meeting): Theme: eGovernment.  This meeting will look at initiatives across Europe, maybe the US and Japan as well). July 21st – 26th 2003 : Boston, MA (Full Conference & Member Meeting): Theme: GRID Computing October 7th/8th : Brussels (European Conference): Suggested theme: Boundaryless Information Flow and the Single European Electronic Market (to be confirmed). October 20th – 24th : Washington DC area (US Conference and Member Meeting): Theme under consideration. Additional regional conferences are planned in Japan, India, and in other locations to be confirmed. Top