09.00: Reception
09.30: Welcome, H&S, facilities, & host introduction
09.35: Confirm meeting objectives:
- agenda review, & expected outcomes
- recap on decisions from May 23rd members meeting
09.40: Jericho Forum current strategy, roadmap & deliverables
10.00: Comments from Dan Blum: Burton Group Senior VP, Principal Analyst,
Security and Risk Management Strategies
- Enterprise Lifecycle Management
- Policy management
- Trust Architecture
15.15: Plans for 1-day Information Management Workshop
15.30: Close.
Action 1: Ian to facilitate consultation with the membership on planning how best to "protect the Jericho Forum legacy" as the Forum evolves from it's original vision and mission.
Action 2: Paul will incorporate issues raised in review of Device Lifecycle Management draft v0.1, People Lifecycle Management - draft v0.1, and Endpoint Security (EPS) draft v0.1, and provide draft versions v0.2 for membership review and feedback.
Action 3: Adrian undertook to revise the COA paper in line with the comments gathered to date, and make it available for members' review and feedback.
Action 4: Ian will list the set of papers currently seen as needed to specify the requirements for all the components in the COA framework, indentifying those which are completed, those under development (revised or new), and those not yet assigned for development.
Action 5: Adrian undertook to take a skeleton draft for an Enterprise Lifecycle Management paper, put together during the July 11th meeting, and flesh it out for members' review and feedback.
Action 6: John undertook to produce a revised Policy Management draft paper based on the existing published paper, to meet the requirements for policy management in a COA framework.
Action 7: John undertook to draft a Risk Management paper using appropriate materials drafted by the Security Forum members.
Action 8: Adrian and Ian will put together a draft paper on architectures for managing trust/confidence in a COA framework.
Action 9: To meet our need to update our existing published paper on Federated Identity so as to support the requirements for identity management and federation in a COA framework, Paul will invite Michael Barrett if he will accept this challenge, and Steve will also invite Marty Schleiff to do so.
Action 10: Dan and Peter will identify design patterns for key components in COA which will provide valuable benefit for architects and designers implementing a COA.
The Open Group host Ian Dobson welcomed attendees and explained Health & Safety arrangements. Those present then introduced themselves.
Attendees confirmed our core agenda items for this meeting were to review and identify editor
resources to:
- update the COA paper in the light of recent
developments
- draft an Enterprise Lifecycle Management paper
- draft a Policy Management paper
- draft a Trust Management Architecture paper
This turned out to be a significantly expanded set of items, in the light of
revising the COA framework diagram.
The Jericho Forum board members present gave an update on their vision for how they are
thinking about the evolution of the Jericho Forum. The board has been reviewing
the Forum's achievements to date against its original Vision and Mission. They
conclude that our original mission will be nearing completion in the next 12-18
months. When we started, we anticipated this initial mission taking between 3-5
years, whilst appreciating that after that time we will need to continue with a
revised mission aimed at taking our achievements into operation.
So in line with this, the board plans to consult with the membership and The Open
Group to decide how best to move on from this "phase 1" - in which de-perimeterisation has been conceived, grown and established through
our design principles (commandments), and is now maturing as our Collaboration Oriented Architecture
framework - into "phase 2" in which we need to "protect the legacy"
from phase 1 and grow it as it gains momentum in the big wide world.
As a reminder, our original Vision and Mission were:
Vision:
To enable business confidence for collaboration and commerce beyond the constraint of the corporate, government, academic and home office perimeter, principally through:
• Cross-organisational security processes and services
• ICT products that conform to open security standards
• Assurance processes that when used in one organisation can be trusted by others.Mission:
To act as a catalyst to accelerate the achievement of the collective vision, by:
• Defining the problem space
• Communicating the collective vision
• Challenging constraints and creating an environment for innovation
• Demonstrating the market
• Influencing future products and standards.
Brief discussion recognised the validity of this need to evolve from our original Vision and Mission, and that now is an appropriate time.
Action 1: Ian to facilitate consultation with the membership on planning how best to "protect the Jericho Forum legacy" as the Forum evolves from it's original vision and mission.
Dan is a Burton Group Senior VP, Principal Analyst, Security and Risk Management Strategies. As our guest and also primary "buddy" contact with Steve Whitlock to enable us to maintain regular contact and news updates between the Jericho Forum and The Burton Group , Dan was invited to express his views on how form his professional position he considers the Jericho Forum is doing. Dan' feedback is encouragingly positive - his new Burton Group paper is due out on July 11th, and he noted it includes many recommendations which are closely aligned with the Jericho Forum's approach.
Ian's slides included a summary of the outcomes from the previous (May 23rd) meeting:
Paul presented 3 draft papers addressing 3 of the items which were
brainstormed in the May 23rd meeting:
- Device Lifecycle Management - draft v0.1
- People Lifecycle Management - draft v0.1
- Endpoint Security (EPS) - draft v0.1
These papers were reviewed in turn. Development issues were recorded in the
projected drafts. Paul gathered these issues and undertook to incorporate them
into draft versions v0.2.
Action 2: Paul will incorporate issues raised in review of Device Lifecycle Management draft v0.1, People Lifecycle Management - draft v0.1, and Endpoint Security (EPS) draft v0.1, and provide draft versions v0.2 for membership review and feedback.
In the light of experience to date, the published COA v1.0 paper was reviewed, and update issues were recorded in the projected draft. This included significant updates to the COA framework diagram. Arising from this, John produced a revised and better constructed diagram for this framework which we will use to replace the existing version.
Action 3: Adrian undertook to revise the COA paper in line with the comments gathered to date, and make it available for members' review and feedback.
From a review of the components in the revised COA framework diagram, members identified papers which either need to be revised or created to specify the requirements for them being components of COA.
Action 4: Ian will list the set of papers currently seen as needed to specify the requirements for all the components in the COA framework, indentifying those which are completed, those under development (revised or new), and those not yet assigned for development.
This paper is concerned with how we establish business partnerships to enable effective collaboration. During the meeting, Paul sketched out an outline template with issue headings which were raised in discussion.
Action 5: Adrian undertook to take a skeleton draft for an Enterprise Lifecycle Management paper, put together during the July 11th meeting, and flesh it out for members' review and feedback.
We have an existing published paper on Policy Management, but this is recognized as needing significant updates to support the requirements for policy management in a COA framework. It has to include Privacy.
Action 6: John undertook to produce a revised Policy Management draft paper based on the existing published paper, to meet the requirements for policy management in a COA framework.
This is a newly added component in the COA framework, so it needs to be addressed in a new paper. John noted work on Risk Management is underway in the Open Group's Security Forum; he is taking an interest in this work because he likes what he is seeing to date.
Action 7: John undertook to draft a Risk Management paper using appropriate materials drafted by the Security Forum members.
Work on architectures for managing trust/confidence is underway in the Open Group's Security Forum. It is being led by Adrian, and has significant support among the Security Forum members. Dan noted that highly relevant existing references are NIST SP800-53 and a ./cio/gov paper on authentication levels.
Action 8: Adrian and Ian will put together a draft paper on architectures for managing trust/confidence in a COA framework.
4.7 Identity Management & Federation
We have an existing published paper on Federated Identity, but this is recognized as needing significant updates to support the requirements for identity management and federation in a COA framework. Paul suggested inviting Michael Barrett if he will accept this challenge. Steve also suggested inviting Marty Schleiff to do so. Ian will coordinate these initiatives to avoid duplication while involving both Michael and Marty as far as they are willing.
Action 9: To meet our need to update our existing published paper on Federated Identity so as to support the requirements for identity management and federation in a COA framework, Paul will invite Michael Barrett if he will accept this challenge, and Steve will also invite Marty Schleiff to do so.
Additionally, Dan noted that a valuable benefit for architects and designers implementing a COA would be design patterns for key components. He offered to identify key patterns that would meet this objective. Peter agreed to work with Dan on this.
Action 10: Dan and Peter will identify design patterns for key components in COA which will provide valuable benefit for architects and designers implementing a COA.
The agenda for the next members meeting (Sept 10th) was confirmed as focused on Information Management, with current vision anticipating the need to develop papers on:
This Sept 10th meeting will be hosted by Eli Lilly at their Erl Wood (Bagshott, Surrey) location.
The primary objectives of this meeting were all achieved, with a significant number of key actions accepted by the attendees, all focused on delivering requirements papers specifying key components in our COA framework.
The next members meeting (Sept 10th) is aimed at completing identification of the remaining underlying COA framework components (which are all concerned with Information Management) and resourcing writing the papers that will specify the requirements for those components.