The Open Group: Newsroom: Member Newsletters

HOME | SITE MAP | SEARCH

You are here: Newsroom > Member Newsletters

News

Press Releases

The Open Group in the Media

Newsletters

Journalist Resources

The Open Group's Platinum Members

Issue 3, 2005

In This Issue:

FEATURES

Interview with Jamie Lewis, CEO and Research Chair, Burton Group
Achieving Semantic Interoperability - By Dr. Chris Harding

NEWS

The Open Group in the Media
Certification News
The number of certified TOGAF practitioners exceeds 300
John Spencer, Director of the Architecture Forum for Computer Weekly: ‘When is an architecture change required?’
Sneak peek: TOGAF 8 in a book format
The Open Group provides support for Hotel Technology Next Generation (HTNG) and hosting of their collaboration site
Plans for exposure of the Boundaryless Information Flow™ concept in business press – call for input
Spotlight on recent publications – - Interconnect Transport API (IT-API) Version 2.0

CONFERENCES

Join us for the IT Architecture Practitioners Conference Europe 2005 - Don’t miss out! Spaces for this premier event are filling up fast!
Look ahead
IT Architecture Practitioners Conference 2005: New York, July 2005
Service Oriented Architectures Conference: Houston, TX, October 2005

EVENTS

Industry Events Calendar

THE WEB

Top Downloads from the Web

OTHER

FEATURES

Interview with Jamie Lewis, CEO and Research Chair, Burton Group

Q: Why should people care about identity management?

A: The demand for identity management is a function of business drivers, a function of what the business objectives are and how they are requiring the usage and/or deployment of the identity technology. So the specific reasons vary by company.

For example, we see customers who implemented password management to increase the effectiveness of their helpdesks; they are saving money by reducing the number of helpdesk calls because users can now manage and reset passwords on their own, through password management mechanisms. Or we see clients who are getting requests from their customers who want to integrate their process with web-based single sign-on or other federation technologies - so these companies are meeting customer requirements that way.

Regulatory compliance plays a big role as well - that’s a part of what I characterize as the stick side of the equation rather than the carrot. Financial services, health care, pharmaceuticals, and a variety of other businesses are under significant regulations that require them to do specific things with identity to be in compliance with the regulations.

Sarbanes-Oxley, for example, has provisions requiring a public company to be able to show how it managed access privileges that users have for accessing financial data about it. Regulatory compliance is probably one of the biggest drivers for why people are looking at identity management today.

Another good example is related to employee termination. A lot of companies may have policies that if an employee leaves a company, they should turn off all access that the employee had within 24 or 48 hours or some other specific amount of time. But if somebody has been with the company for any length of time, it’s pretty hard to know how to find all of the accounts they had, much less to turn them off in a short period of time.

So it’s about automating this kind of life cycle management process, which relates back to the regulatory compliance - making sure that you can actually do it, and prove that it had happened. And then save some money along the way by making operations more efficient.

Q: Would you consider identity management a growth area?

A: Absolutely. We are not a quantitative research firm, so we don’t have estimates for how many dollars and how big the market is and so on. But if you look at the relationship that identity management has with the business objectives as I just talked about, and if you agree with the assumptions that identity management and identity-based security mechanisms are a basic requirement for electronic commerce, for distributed system supply chain management, and for the integration of business processes along the lines that cross application platforms and cross company boundaries, it becomes pretty clear that it is a huge growth area that will grow pretty substantially over the next 3-5 years. We just need to figure out how to get identity management substantiated and managed.

Q: When you think of architecting a system using identity management, what do you see as the main problem?

A: The biggest problem that most customers face is that they have a lot of identity management, and that it’s pretty fragmented. Every operating system, every application, every system they have deployed over the years has some level of identity management function in it. It might not be very functional and it might only apply to that one system, but it’s there, so you are creating accounts, passwords and privileges in many, many different systems.

So the biggest challenge is how do you bring all those things together, and create a holistic, integrated way to manage identity across all of those systems. That’s an easy thing to say and very hard to do. It’s a big systems integration task. Figuring out how to do that, in the absence of standards that are supported by a large number of products, represents a pretty significant problem.

I do believe that politics often become a part of the problem: Any time you start talking about identity information and how you name things, there are people inside many companies that feel like they have a vested interested in that discussion – from human resources to people who own the applications and have all their identity information in them, there are a lot of different stakeholders in the company that you need to bring together to solve that problem. It’s a large-scale problem that involves a lot of different people. So it’s both politics and the technology. And sometimes the politics is much bigger than the technology.

So you could say that identity management is one of the prerequisites of The Open Group’s concept of Boundaryless Information Flow™?

Absolutely. If you say “boundaryless” to a security architect, it usually scares them, they view it as a bad thing. But I understand completely what you mean when you say ‘Boundaryless Information Flow’. We see those boundaries becoming a lot more porous nowadays. But the only way to ensure that the information that is flowing across those boundaries is the right information, is to make sure you know who is doing what, when, and where. That’s what identity management is about - through policy to be able to say who can do what, when they can do it and how they can do it. And to put some logical controls around information that moves across those different boundaries. So you are absolutely right, it’s a prerequisite.

The other way to put it, is that without identity management, the value of the information that can flow through freely would be very low. If you are browsing the web and if you are downloading marketing materials you don’t care so much about the security of that information – on the contrary, you want it as widely propagated as possible. But when it comes to financial information, you don’t want that information propagated - you only want the right people who need it to see it. To ensure that, you need identity based security mechanisms built on sound identity management that will allow you to create accounts based on identity, assign privileges based on identity, change accounts, and tie policy to identity.

Q: What trends do you see in the identity management architecture? You mentioned Service Oriented Architecture (SOA) and the related hype. So what do you see as the big positive trends?

A: I talked about market trends of consolidation. There used to be a lot more vendors with lots of often overlapping products, and customers were somewhat hesitant to make big bets based on small vendors who might not be making money and might not be around in a couple years. The industry consolidation that occurred, has been largely positive – it has created fewer players, but enough to have competition, and all of them being bigger companies that you know you can bet on. That’s one trend.

From an architecture point of view, people have understood that they can’t try to solve the whole problem at once. Instead, they are picking specific problems like password management, or some life cycle management project for a smaller number of applications to focus on. For example, let’s say there are 15 applications in your organization that are causing 70% of your compliance headaches. If you focus on solving provisioning for those 15 apps you make huge progress. Although you don’t solve your whole problem at one time, if you solve that particular issue, you solve a large part of your problem and create momentum for solving the next issue after that.

About SOA, I think people are understanding the link between web services and identity-based security: They understand that without identity-based security, web services won’t work. So I think as people are starting to look at how to use web services in end-systems integration; they are realizing that is an important part of how they build applications. So we are seeing that trend getting into tools. That’s a good way to do that as well.

Federation is another one. Again, it is not solving the whole problem at once, but we are starting to see more and more situations in which it is used. For example, a big financial services company, a client of ours, was asked by one of its biggest customers to provide web-based single sign-on for its employees coming into the financial services company’s portal. We see a lot more of that and we see federation really picking up steam in a lot of different places.

Q: Where do you see identity management standards heading, and how do you see the play of open standards versus proprietary systems?

A: Open standards are a prerequisite for many of the things I talked about. Although we’d like it to move faster, when you look at developments like SAML or Liberty, there has been a lot of progress over the last 3-4 years. The web services framework, some of the basics for web services like SOAP, WSDL, and WS-Security, those are all standards now. Those are good signs. Also, Microsoft and Sun came to agreement to bury the hatchet and make friends a while back, and we certainly hope to see some concrete results from that. I think we probably will, and that there will be some convergence and coexistence of those standards. So in respect to the federation, I don’t think customers have to worry about which one to use, and don’t have to wait to see how it works out because the coexistence and convergence are already a reality in many ways. Coexistence first, and then convergence later. And I think that’s a good thing.

Top of Page

Achieving Semantic Interoperability
by Dr. Chris Harding, The Open Group
The blurring of organizational boundaries between departments, corporations, and even countries in the post-industrial world has rapidly increased the need for information sharing and communication. Business managers, aware of costs associated with inadequate interoperability and related inefficiencies and lost opportunities, are calling information to flow smoothly within and between their organizations across time zones and geographic boundaries. This results in increased pressure on CIOs and IT departments to make it happen.

How expensive can lack of interoperability be? The real costs are often hidden and not easy to quantify. A study of the US automobile manufacturing industry conducted by Research Triangle Institute (RTI) for the National Institute of Standards and Technology attributed $1 billion annual cost directly to poor information interoperability. Another RTI study, of the US construction industry, found that the difficulty of converting files from one computer format to another, and the errors resulting from improper conversion, were major contributors to the staggering $15.1 billion the industry wasted each year because of inadequate interoperability.

Today there is no argument that interoperability is a critical element for optimizing business performance and maintaining competitive advantage. The problem is, how to achieve it. IT buyers have experienced excitement over the latest technology fad, only to find themselves disillusioned as the latest big idea faded.

Let’s have a closer look at what interoperability means. At first we used to think about one computer being able to connect to another. Then came the Internet, with its magical ability to interconnect computers anywhere. But this was like installing a telephone cable between San Francisco and Shanghai, and finding that there was still a need to translate between English and Chinese. So we started talking about the problem of information interoperability. The World Wide Web and XML, which help computers to understand and translate the structure of information, go some way towards solving this problem. However, they don’t help with understanding or translating meaning – this is the issue of semantic interoperability. There is of course a danger here with this name: “Semantics” is a philosophical term, and we shouldn’t spend years arguing about the meaning of meaning. What we want is an engineering approach, backed by standards, and that approach is through the use of a robust IT architecture built upon open standards.

Are there any standards? Work in this area has been going on for a while, and there are some promising standards, even though their coverage is still incomplete. ISO 11179 defines a framework for specification and standardization of data elements . It has a simple and elegant model that characterizes a data element in terms of its object class, its properties, and its format, and it gives rules for maintaining registries of data element descriptions, or metadata. The Dublin Core initiative is working on standardized metadata for a core of essential information items such as a resource’s title, creator and date. The Universal Data Element Framework (UDEF) is an initiative to develop a standard classification for metadata similar to the Dewey Decimal classification for books based on the object class and properties concepts of ISO 11179. The World Wide Web Consortium’s standards for the Semantic Web include the Web Ontology Language (OWL), which covers the specification of vocabularies used in resource descriptions, where Ontologies are information classifications that can be processed by machines but understood by humans; they are an essential part of solving the problem of automatic translation of meaningful information.

Ontology-driven products are emerging to help companies to automate the translation and processing of information. Using these products, companies can leverage standard vocabularies, and add their own domain-specific information classifications, to associate meaning with information expressed in XML. This means that more transformation and processing logic can be driven by business rules, and less of it has to be handled by opaque and hard-to-maintain program code. Which eventually leads to lower costs, and increased efficiencies.

Government is also involved and driving adoption as well. For example, the Federal CIO Council established the Semantic Interoperability Community of Practice (SICoP) to achieve semantic interoperability and semantic data integration focused on the government sector. And l ast month, the European Commission's Interchange of Data Between Administrations (IDA) group, which focuses on facilitating exchange of information among public administrations across Europe, released a Final Version 1.0 of its European Interoperability Framework for Pan-European E-Government Services that provides recommendations and defines generic standards in respect of organizational, technical and semantic interoperability.

Simply having many standards does not solve the whole problem though. However well the problem space is covered by standards (and products certified as conformant to the standard), they MUST be put together, or architected, in ways that support information exchange. IT Architecture is becoming the discipline that separates success from failure in large or complex IT projects. The ones that succeed have a well-designed architecture that supports (and is responsive to changes in) the business need as it evolves and changes to respond to market and competitive pressures.

So how close are we to a solution? The problem of computer interoperability through the Internet, and XML providing the key to translation of information structure is close to being solved. Professional IT Architects are developing systematic approaches to mapping systems and how they evolve. The problem now is of semantic interoperability. Although it is not an easy problem, and there are still hurdles to overcome, solving it will dramatically improve the efficiency of our industry as well as commerce. The solution is already beginning to emerge, making it clear that companies that install semantic technology in well-architected solutions will reap the biggest rewards.

Semantic interoperability is arguably the most important current focus of standards activity and product development. Andy Mulholland, global CTO of Capgemini, speaks of the Semantic Wave as the next major movement in the world of computing, comparable to networking in the 1980s and 90s. And it is an essential step towards realizing the vision of Boundaryless Information Flow™, which enables secure access to integrated information whenever and wherever needed. Semantic interoperability provides near term opportunities and the vision of Boundaryless Information Flow gives a focus for ongoing work.

For more information, please contact Dr. Chris Harding

Top of Page

NEWS

The Open Group in the Media

April 12, 2005 – Computer Weekly: When is an architecture change required?
March 31, 2005 – Search Security: Filling SMTP gaps -- The secrets to using e-mail standards, part 2
March 28, 2005 – EE Times: REAL-TIME JAVA: Reliability quest fuels RT Java projects

Top of Page

Certification News
TOGAF Certification News

Architecting-the-Enterprise has registered 39 graduates of its training course as TOGAF 8 Certified, bringing the total number of TOGAF 8 Certified Professionals to 308.
Proforma Corporation has registered ProVision Enterprise 4 as conforming to the TOGAF 8 Tool Support Product Standard.

Current status of TOGAF Certified products, individuals, services, and tool support:

TOGAF 7 Certified - 28 Registered Individuals
TOGAF 8 Certified - 308 Registered Individuals

The full register is online at: http://www.opengroup.org/togaf/cert/cert_archlist.tpl

TOGAF 7 Training - 2 Registered Products from 1 Company
TOGAF 7 Professional Services - 4 Registered Services from 4 Companies
TOGAF 8 Training - 4 Registered Products from 2 Companies
TOGAF 8 Professional Services - 4 Registered Services from 4 Companies
TOGAF 8 Tool Support - 3 Registered Products from 3 Companies

The full register is online at: http://www.opengroup.org/togaf/cert/cert_prodlist.tpl

LSB Certification News
We are pleased to announce that:

SUSE LINUX Products has registered:
Novell Linux Desktop 9 for x86 with Service Pack 1as conforming to the LSB Version 2.0 Runtime Environment Product Standard for IA32.

To see the Conformance Statement please refer to the latest official list of LSB registered products at: http://www.opengroup.org/lsb/cert/register.html

For more information on the Free Standards Group Certification program, please refer to http://www.freestandards.org/certification/

SIF Certification News
We are pleased to announce that the following products have been registered:

Olympia Computing Company Inc. - Schoolmaster 5.25 with Schoolmaster SIF Agent 1.08
Education Logistics, Inc. - EDULOG 10.0 with StudentSubscriber 1.0 as conforming to the SIF-enabled Application Product Standard 1.5

as conforming to the SIF-enabled Application Product Standard 1.5

To view all current SIF certifications and Conformance Statements, please see the SIF Certification Register at http://www.opengroup.org/sif/cert/register.html

For more information on the SIF certification, please refer to: http://www.opengroup.org/sif/cert

Top of Page

The number of certified TOGAF 8 practitioners exceeds 300
We are pleased to announce that the number of certified TOGAF 8 practitioners exceeded 300.

The full register is online at: http://www.opengroup.org/togaf/cert/cert_archlist.tpl

Top of Page

John Spencer, Director of the Architecture Forum for Computer Weekly: ‘When is an architecture change required?’
In his article for Computer Weekly, John Spencer shares his thoughts on architecture change management process, discusses technical and business drivers as well as goals, and emphasizes the importance of differentiating IT architecture change management from the requirements management process.
read more

Top of Page

Sneak peek: TOGAF 8 in a book format
The Open Group is pleased to announce that its popular TOGAF 8 Enterprise Edition, which is currently available only in soft copy, will be published in a book format in the near future.

When the book becomes available, we will notify our members via email. We want to make a big impact and so, to give the book high visibility, we want to utilize Bruce Schneier’s guerilla marketing approach and encourage you to plan your purchases on Amazon for the same day. Stay tuned for more information!

Top of Page

The Open Group provides support for Hotel Technology Next Generation (HTNG) and hosting of their collaboration site
The Open Group has assisted and provided consultative services and startup support to Hotel Technology Next Generation (HTNG), which was founded in 2002 to facilitate the development of next-generation, customer-centric technologies to better meet the needs of the global hotel community.

The founding members of HTNG recognized that the hotel and hospitality industry had a need for interoperability and standardization of technology supporting both the business view and guest view of hotel operations. In most areas no formal standards exist and since there is no system provider with a meaningful market share, currently there are not even de facto standards in the front office, back office or guest service systems.

Nick Price, CTO of Mandarin Oriental Hotel Group, and a founding director of HTNG who recently became HTNG President, said: "As an industry, we are already far behind what many of our customers have in their homes, and without some major changes, we will soon be behind the average hotel guest – if we aren't already."

To attack this problem, HTNG formed workgroups in areas of identified interest. Already active workgroups include Property Web Services Solution Workgroup, Property/ Distribution Solution Workgroup, In-Room Technology Workgroup, and Architecture Workgroup.

Nick Price, a practical visionary who looks at situations as they are and quickly determines how they should be, is no stranger to The Open Group. His work in developing an enterprise architecture for Asia's largest retailer, the Dairy Farm Group, provided a riveting keynote experience for our attendees at the October 1998 conference in Singapore. This has been remembered as not only the first major TOGAF implementation but also as a quality standard for architects to follow. Parts of this presentation are still quoted in collateral for The Open Group Architecture Forum.

The Open Group has been pleased to assist and provide the startup support for HTNG, from professional facilitation of the initial work group meetings by Martin Kirk, to providing our collaborative tools for their use and hosting of their collaboration site. More recently The Open Group agreed to help develop a certification program for certifying solutions agreed by the HTNG work groups.

Top of Page

Plans for exposure of the Boundaryless Information Flow™ concept in business press – call for input
The importance of our vision of Boundaryless Information Flow™ is becoming universally recognized, and the concept, under various names, has been adopted by a number of companies. In an effort to continue the push for its global recognition, we plan to feature Boundaryless Information Flow™ in key business press in Q3 2005. But we would like our members’ help and input- what would you like to see? Share your thoughts!

please email us

Top of Page

Spotlight on recent publications - Interconnect Transport API (IT-API) Version 2.0
The Open Group is pleased to announce the Interconnect Transport API (IT-API) Version 2.0 is now available for free download.

This document is published in association with the Interconnect Software Consortium (ICSC) (www.opengroup.org/icsc). The IT-API defines interfaces for direct interaction with the RDMA-capable transports. The IT-API Version 2.0 Specification covers the Reliable Connection and Unreliable Datagram services of the InfiniBand transport, the iWARP transport (which also provides a Reliable Connection service), and VIA networks.

download the publication

Top of Page

CONFERENCES

Join us for the IT Architecture Practitioners Conference Europe 2005 - Don’t miss out! Spaces for this premier event are filling up fast!

Dublin, April 25-27, 2005 - Registrations are growing fast!
In parallel with Member Meetings, April 25-29, 2005

The Open Group’s Dublin IT Architecture Practitioners Conference will offer over 75 different perspectives on the hottest topics in IT architecture, cover key trends and best practices, and provide an opportunity to benchmark your own technology against others.

With 12 streams and over 230 attendees from 20 countries already confirmed to attend, the conference promises to be our largest IT architecture event held in Europe ever.

Join us for 3 days of informative sessions filled with expert presentations, case studies, workshops, and discussion of best practices and learn how your company can maximize ROI of its IT architecture in support of its revenue goals.

About the conference
The conference will address some of the hottest topics in enterprise architecture - both from strategic and implementation point of view, suitable for corporate strategists and architecture practitioners.

Keynote addresses

Minister of State, Tom Kitt, T.D., Department of the Taoiseach, Repubic of Ireland, with special responsibility for the Information Society
Colm Butler, Principal Officer of the Information Society Policy Unit at the Department of the Taoiseach, Republic of Ireland

see the full program and complete list of speakers

What will you experience

Presentations on the practice and profession of enterprise architecture
Highly practical workshops on the relationships of enterprise architecture to technology, to business transformation, and to ROI
Study of enterprise architecture development, its integration and necessary infrastructure support
Hands-on workshop on how to set up and run an Enterprise Architecture practice
Review of in-depth case studies

Proceedings

If you are unable to attend the event in person or would like to order additional sets of documentation for your colleagues, proceedings will be available for purchase at $99 per set for members and $299 for non-members, excluding shipping and any applicable sales tax. The proceedings will be available three weeks after the conference takes place.