Edited Extract from Security Forum members Meeting Report Toronto Meeting

Edited Extract from Security Forum members Meeting Report
Toronto Meeting, July 21st 2009

Security Forum and SOA WG joint members meeting - SOA & Security Guide

The outcomes from informal review (held June 19 - July 10) of the 13-page "SOA Security" document - originally intended by its authors Stuart Boardman and Nikhil Kumar as an additional chapter to the SOA WG's "SOA Source Book" - were gathered into a summary report and reviewed in a conference call held on July 14th. The report on the outcomes of that review call are available at www.opengroup.org/projects/security/soa_security. They were presented as the starting point for discussion in this Toronto joint meeting between the SOA WG and Security Forum members.

In this discussion, a prerequisite to evaluating the July 14th outcomes report was almost immediately identified as "in the light of the feedback received during the informal review, what is the most effective way to use it in our future deliverables?" Without knowing the answer to this it was impossible to decide the scale of the responses required to the review feedback. The conclusion here was that:

the original proposal to publish the 13-page SOA Security document as an additional chapter to the existing SOA Source Book is not now an acceptable goal
the SOA WG's intention is to expand their existing SOA Source Book and deliver a more comprehensive version by April 2009, and this 13-page SOA Security chapter should be expanded as part of this exercise to be incorporated as a chapter of max 50 pages in SOA Source Book version 2.
The SOA-Security Guide probably remains viable as providing a more comprehensive coverage of the information that will make up the SOA-Security version 2 chapter. This has yet to be validated as a sufficiently value-add work item, but can only be decided once the coverage in the SOA-Security version 2 Source Book is known. Meanwhile we should encourage all members interested in SOA-Security to contribute to the version 2 Source Book.

Attention then turned to the review feedback report from the July 14th conference call, which is available to members-only at https://www.opengroup.org/projects/soa-sec/protected/doc.tpl?CALLER=index.tpl&dcat=10&gdid=20062 Detailed discussion arrived at agreed actions which will be available to members on this same Web site by July 31st 2009. The authors undertook to address these actions, in the proposed max. 50-page security chapter to be included in the 2nd edition of the SoA Source Book, and in the more substantial existing draft of the SoA-Security Guide.