Jericho Forum
Members Meeting
May 23rd, 2008
hosted by HSBC, Canary Wharf, London, UK
Report for Public review
Actions Summary
Action 0805-6: Ian to invite ALL Members to review the outcomes from the
May 23rd meeting on
- Mapping position papers to COA structure, noting gaps
- COA Process - People Lifecycle Management
- COA Service - Identity Management & Federation
- COA Technology - Endpoint Security
- COA Process - Device Lifecycle Management
and invite members feedback and offers to contribute to writing missing position
papers and expand descriptions in all these areas
Discussion
Mapping Position Papers to COA Structure
This discussion structured our existing position papers
to reflect their contributions to COA, and added titles we need to develop
new papers (in red) for gaps in our coverage of requirements and definitions:
- Principles
- Commandments v 1.2 (Design Principles, measures for Jericho Forum blueprint)
- Collaboration Oriented Architectures
- Business Case for De-perimeterisation
- Architectures for de-perimeterisation
- Technologies
- Endpoint Security
- Secure Communication
- Secure Protocols
- Wireless
- Voice over IP
- Internet Filtering and Reporting
- Mobile Management
- Secure Data
- Enterprise Information Control and Protection (DRM)
- Processes
- People Lifecycle Management
- Risk Management
- Information Lifecycle Management -
Data/Information Management
- Device Lifecycle Management
- Enterprise Lifecycle Management
- Services
- Identity Management and Federation - Federated Identity
- Policy Management
- Information Classification
- Information Asset Management
- IT Audit
- Trust & Co-operation (not in list in COA paper?)
COA Process - People Lifecycle Management
- Process People Lifecycle Management
- Primary source reference proposed as ITIL ISO 2/002 (Section 8?)
- Key issues for COA
- Choice federate or manage direct
- Data master? (within the organisation)
- Integrate with national identity scheme
- Need to manage post employment (e.g. pensions, share schemes)
- Vetting
- Unused IDs re-use
- Lockout
re-authorisation
COA Service - Identity Management & Federation
- Services IdM and Federation
- Access management physical & logical)
- Roles + facets + persona
- Person in one place employee vs. customer vs. segregation of duties (multiple roles)
- Person working in multiple roles:
- is this just federation?
- How do you detect duplicates? (same person in multiple roles)
- Trust vs. contract vs. federated identity
- Ability to register with a common ID (Open ID)
- Ability to match and register IDs
COA Technology - Endpoint Security
- Endpoint Security validation issues
- What triggers checking?
- Able to connect?
- Fit to connect?
- Engineer it out
- Need to be risk-based
- Fit to gain access
- Fit to gain different levels of access
- Location
- Patch status
- Operating system status
- Safe to hold data
- Safe to communicate
- Ability to communicate status (including risk profile)
COA Process - Device Lifecycle Management
- Device Lifecycle Management
- Need for consistent intranet/extranet/Internet
- Provision: fixes, suitable software, patches
- On-boarding registration
- Off-boarding
- Recovery of data, & key repudiation
- Need to federate devices, & applications/services
- Endpoint Security configuration management
- Out of patch --> change personal firewall (lockout)
Priorities for Future Development
Process Lifecycle Management issues are identified above
Identity Management & Federation issues covered above
Endpoint Security issues are addressed above
Device Lifecycle Management issues are identified above
Information Management is a huge topic, involving consideration of many
issues including
- secure DRM
- Information Lifecycle Management
- Information Classification
- Information Asset Management
so we agreed to dedicate a whole day workshop to it.
We will address:
- Enterprise Lifecycle Management
- Policy management
- Trust Architecture
in our Members Meeting on July 11th.
Summary
The key intended outcomes of the meeting were achieved. Members present:
- shaped all our existing position papers and concepts into the top-level
structure described in our Collaborative Oriented Architecture (COA)
- identified key characteristics for each of COA's main components, and a
plan for delivering these
- set the core agenda for our next members meeting (July 11th) - Enterprise
Lifecycle Management, Policy management, Trust Architecture
- agreed a further 1-day members workshop in September to address the complex issues involved in
Information Management.