Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Security Forum

Return to Security home page
Current work:

- Managers Guides


- Data Privacy


- Guide to PKI

- Identity Mgt

- Access Control

- Security Patterns

- Secure Messaging


Useful links:

Security topics

Info sources


How we work

Open Group Security Standards/Guides


Future Directions

The Security Forum maintains a rolling 12-month Activities Plan for its activities, by continually reviewing current requirements, trends, and available and emerging technologies, and formally updating its Activities Plan at each quarterly meeting.

Plans through to end-2002

  • Write and publish at least 2 more guides to add to the Managers Guide to Information Security (MGIS), to form a series with a common informal, informative, narrative style. The next guide will address issues surrounding Data Privacy.
  • Produce a Draft 1.0 Guide to Security Patterns (GSP), for restricted public review, and continue with further development of security pattern definitions, leading to publication of a complete GSP guide by April 2002
  • See opportunities to develop open source implementation code for Security Forum API standards.
  • Investigate opportunities to exploit "federation credentials" - the intermediate space between authentication and authorization, where loose coupling enables introduction of additional attributes that are useful for security purposes.
  • Explore the value of adopting an existing draft High-Level Security Services API specification and associated implementation code, for development to become an Open Group Technical Standard. The API is described as providing around 12 API calls that it then maps down to whichever security infrastructure that lies beneath it - e.g. CDSA, Java. Through this means, the complexities of the security infrastructure's APIs are hidden from the application writer, who then only has to deal with some 12 API calls.
  • Develop requirements and understanding of the issues surrounding Identity Management
  • Provide security expertise to the Real Time Security Group, to support their work on including acceptable levels of security in real time systems, and developing protection profiles that meet the US Common Criteria requirements.
  • Widen the area of interest in the Security Forum by including varied Security Briefing sessions in which invited experts from selected vertical market sectors give presentations, as part of an outreach effort to grow our membership. This includes providing tutorials explaining security issues from both technology and business perspectives, particularly for legal/regulatory issues, vertical industry sectors, certification schemes, AES, PKI, Real Time operating systems, intrusion detection, evidence collecting (forensics), Privacy, Public Infrastructure (converting Intranets to Internet), and Security Economics (risk versus cost).
  • Work on integrating solutions to practical security problems experienced by customers, particularly through availability of open source.


The Security Forum has liaisons with other consortia who are active in information security.

It also maintains close working with other Open Group Forums to ensure cros-discipline issues are properly addressed.

See the Liaisons link for more information about these liaisons.


Next meeting
Past meetings

Other Conferences and Shows

Members Only

Enter Here

Who to Contact

Enter Here

Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2015