- Managers Guides
- Data Privacy
- Guide to PKI
- Identity Mgt
- Access Control
- Security Patterns
- Secure Messaging
How we work
Open Group Security Standards/Guides
The Security Forum maintains a rolling 12-month Activities Plan for its activities, by
continually reviewing current requirements, trends, and available and emerging
technologies, and formally updating its Activities Plan at each quarterly meeting.
Plans through to end-2002
- Write and publish at least 2 more guides to add to the Managers Guide
to Information Security (MGIS), to form a series with a common informal, informative,
narrative style. The next guide will address issues surrounding Data Privacy.
- Produce a Draft 1.0 Guide to Security Patterns (GSP), for restricted public review, and
continue with further development of security pattern definitions, leading to publication
of a complete GSP guide by April 2002
- See opportunities to develop open source implementation code for Security Forum API
- Investigate opportunities to exploit "federation credentials" - the
intermediate space between authentication and authorization, where loose coupling enables
introduction of additional attributes that are useful for security purposes.
- Explore the value of adopting an existing draft High-Level Security Services API
specification and associated implementation code, for development to become an Open Group
Technical Standard. The API is described as providing around 12 API calls that it then
maps down to whichever security infrastructure that lies beneath it - e.g. CDSA, Java.
Through this means, the complexities of the security infrastructure's APIs are hidden from
the application writer, who then only has to deal with some 12 API calls.
- Develop requirements and understanding of the issues surrounding Identity Management
- Provide security expertise to the Real Time Security Group, to support their work on
including acceptable levels of security in real time systems, and developing protection
profiles that meet the US Common Criteria requirements.
- Widen the area of interest in the Security Forum by including varied Security Briefing
sessions in which invited experts from selected vertical market sectors give
presentations, as part of an outreach effort to grow our membership. This includes
providing tutorials explaining security issues from both technology and business
perspectives, particularly for legal/regulatory issues, vertical industry sectors,
certification schemes, AES, PKI, Real Time operating systems, intrusion detection,
evidence collecting (forensics), Privacy, Public Infrastructure (converting Intranets to
Internet), and Security Economics (risk versus cost).
- Work on integrating solutions to practical security problems experienced by customers,
particularly through availability of open source.
The Security Forum has liaisons with other consortia who are active in information
It also maintains close working with other Open Group Forums to ensure cros-discipline
issues are properly addressed.
See the Liaisons link for more information about these
Other Conferences and Shows
Who to Contact