The Open Group : Making Standards Work
About The Open Group The Open Group Forums Certification Collaboration Services
HOME   |   SITE MAP   |   SEARCH  
Sponsor an Event Become a Member of The Open Group The Open Group Member Area
Government Programs Events Bookstore & Downloads Newsroom Contact The Open Group
You are here: Jericho Forum > FAQs - Architecture & Technical
Jericho logo

Member login

About Us
Why Become a Member
Member Organizations
Join
Meetings & Events
Vision - Mission
The What & Why of De-perimeterization
Business Case
Blueprint
NWW Columns &
Jericho Newsletters
Publications
Brochure
FAQs
Press Coverage
Presentations

 
Jericho

headerFAQs - Architecture & Technical

● Q: What is de-perimeterisation?

A: De-perimeterisation is a concept/strategy used to describe protecting an organisations systems and data on multiple levels by using a mixture of encryption, inherently-secure computer protocols, inherently-secure computer systems and data-level authentication rather than the reliance of an organisation on its (network) boundary to the Internet.

Successful implementation of a de-perimeterised strategy within an organisation thus implies that the perimeter, or outer security boundary, could be removed.

● Q: What does de-perimeterisation describe?

A: De-perimeterisation is a term to describe the gradual erosion of an organisation’s (network) security perimeter. The erosion of the perimeter is driven by three main factors:

  • Security exploits using delivery mechanisms (such as e-mail and Web) that transit the border, thus delivering the security exploits to the heart of an organisation.
  • Vendors with products that need to communicate across the border encapsulating their protocols within the Web protocols (using TCP/IP port 80 or port 443).
  • The demands of businesses needing to trade using the Internet and being restricted by their corporate perimeter, and either punching (further) holes in that perimeter and/or bypassing the perimeter.

De-perimeterisation is a generic term that covers many issues surrounding this concept such as:

  • “You’ve already been de-perimeterised” to describe the Internet worms and viruses which are designed to by-pass the border using Web and e-mail.
  • “re-perimeterisation” to describe the interim step of moving perimeters to protection groups of computer servers or a data centre – rather then the perimeter.
  • “micro-perimeterisation” – moving protection to individual computer systems or an individual application (consisting of a cluster of computers).

Q: Does de-perimeterisation mean getting rid of all our firewalls?

A: De-perimeterisation acknowledges that the firewall at the edge of the corporation or large organisation is becoming increasingly redundant as a security boundary (though may still function as a QoS boundary). However in the immediate future the firewall is still necessary. Over time reliance on firewalls should decrease as inherently secure methods of connectivity make them obsolete.

● Q: What is the difference between good security and de- perimeterisation?

A: De-perimeterisation needs to be founded on good security, but you could (and currently do) design systems on good security principles that are not in any way de-perimeterised.

Much of what is being proposed for de-perimeterisation replies on inherently secure data, applications, systems and protocols. All these have a foundational requirement on good security principles.

● Q: Surely this is another name for defence in depth?

A: What the Jericho Forum is advocating is much more than defence in depth. Defence in depth often uses a military/castle analogy with increasing strength of defence layered upon each other. It also is predicated upon defending a single core infrastructure (corporate or business entity). This model is very restrictive to the free flow of information between organisations, and thus is contrary to the aim of de-perimeterisation which aims to allow the free flow of inherently secure information wherever it is required, over whatever medium, and between dissimilar businesses entities.

However, some of the principles of layered defence may be re-usable in a de-perimeterised architecture.

● Q: What is / will be the output from the Jericho Forum?

A: The initial plans are for published output in each of the workgroup areas to define all aspects of the de-perimeterisation problem and how we see the “big-picture” and how that big-picture can be solved. Key to this will be for vendors to be able to see where their (point) products fit and where they need to interact to be viable for large organisations.

● Q: When will I be able to able to buy Jericho Forum ready / compliant product?

A: As there are no plans for a Jericho Forum "standard" then a "Jericho Forum ready" or "Jericho Forum compliant" product seems unlikely.

● Q: Where do initiatives such as Web Services and Federated Identities fit?

A: These are both valuable initiates that contribute to the "big picture" that the Jericho Forum is trying to solve.

● Q: How does the Jericho Forum develop its output?

A: Output is developed by workgroups, made up of volunteers from the various members.

● Q: Will the Jericho Forum output be free?

A: Yes; one of the fundamental principles of the Jericho Forum is that all its published output should be free for anyone to use.

● Q: What are workgroups?

A: The Jericho Forum workgroups are currently:

  • Meta Architecture - Conceptual scope, structure, dependencies and objectives for de-perimeterisation
  • Trust Models - Future business requirements for identity management and assurance
  • Technology & Standards - Intercepts with current/future vendor R&D and product roadmaps
  • Requirements & Ontology - Future business requirements for information management and security requirements management
  • Management & Monitoring - Future business requirements for operational security management in de-perimeterised environments
  • PR, Media & Lobbying - Promotion of our programme in public affairs, relevant interest groups and regulatory/ legislative agendas; collaboration with these groups.

Each Jericho Forum workgroup has a workgroup leader and works through a mixture of teleconference, Web sharing (using the Open Group web site) and occasional face-to-face meetings.

● Q: How do I join a workgroup?

A: If you belong to a Jericho Member organisation then you may involve as many people from your organisation in as many of the workgroups as you want. Simply contact the workgroup leader (via the Web site) and you will be included on the workgroup notification mailings.

● Q: What output is currently available?

A: Currently (September 2005) the visioning white-paper and the Jericho Forum Challenge papers, and many of the presentations made (outlining Jericho Forum thinking) are publicly available.

For members, the interim workings of the workgroups are also available.

● Q: What timescales are there for delivery?

A: The aim is to produce interim deliverables from the Trust and Meta Architecture groups by the end if 2005, with a revision of the visioning white-paper to follow in similar timescales.

● Q: Will the Jericho Forum be defining standards?

A: There are currently no plans for any standards. De-perimeterisation as a concept would be delivered through a broad range of evolving standards. Some which currently exist, many that are being evolved by groups and bodies outside of the Jericho Forum and some which need to be developed. However the Jericho Forum’s role is to foster the development of those standards, and validate existing standards for use in a corporate / de-perimeterised environment, rather then develop anything itself.

● Q: Will there be a Jericho Forum certification?

A: Since there are currently no plans for a Jericho Forum standard, then there are no plans for any kind of compliance or certification testing.

 

    
     
           
 

 

 

  
   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page

Copyright © 2008. The Open Group. All Rights Reserved.