Joint Meeting of the Security and Open Platform 3.0™ Forums
Objective of Meeting
This was a joint meeting of the Open Platform 3.0 Forum and the Security Forum, held at The Open Group London event. It was chaired by Thorbjørn Ellefsen.
The planned agenda was as follows:
- FAIR Analysis of the Open Platform 3.0 Snapshot
- Identification of areas of the Snapshot where the Security Forum should provide input
- Identity and Access Management capabilities of Open Platform 3.0. (This item was not discussed for lack of time.)
The objectives of performing a FAIR Analysis of the Open Platform 3.0 Snapshot are not only to gain insight into the Open Platform 3.0 standard, but also to gain feedback on the method itself and to establish methods of collaborative working between Forums.
Risks are inevitably use-case-dependent, and ideally a FAIR analysis would be performed for different threats in each use-case scenario. The analysis here will, however, be a generic one. It will help us understand risks associated with Open Platform 3.0 as compared with other platform standards.
KPIs for evaluation of the effectiveness of the method could include:
- More people contributing
- More text created
Thor had assembled a package solution for collaborative analysis including Ardoq with the separate products Jira (a collaborative tool for software development teams) and Kanban (a method for managing knowledge work with an emphasis on just-in-time delivery while not overloading the team members). Ardoq does not have specific FAIR analysis capabilities, but is a powerful general collaboration tool. It allows collaborative editing of documents including documents imported from Microsoft® Word. In principle (this may need some development work), the edited documents could be exported back to Word for publication.
The package allows the definition of analysis terms and parameters, such as vulnerability, and the association of these with sections of the document, with the addition of explanatory material for the analysis. A particularly useful feature is the ability to edit ArchiMate® diagrams. This feature enables the addition of "traffic light" annotations to diagram components, to give a high-level assessment of the risks associated with them.
Licensing of Ardoq for use in Open Group activities is a matter of commercial negotiation, and is being discussed between Ardoq and The Open Group. Meanwhile, Capgemini is kindly making the facility available on a limited scale for use by Open Group members. Members wishing to participate in the FAIR analysis of the Open Platform 3.0 Snapshot should contact Thor to obtain an account under this arrangement.
Thor said that there are some open source tools emerging, and it may be that these will be the best long-term solution, but we should use proprietary tools until they are established. The Open Group policy is to use open products where possible, or develop resources in-house, but to permit use of proprietary products (for example, WebEx) where this does not give adequate facilities.
The application of the package in this way requires an understanding of FAIR. This is a precise method that needs care in use, and the investment of effort to gain the necessary understanding is not trivial.
The Security Forum will commence the analysis with assistance from Open Platform 3.0 members, and the two Forums will coordinate to discuss progress.
The most important section of the Snapshot for analysis purposes is the chapter on Capabilities, and this should be addressed first. Within that chapter, there is no particular priority for addressing individual capabilities.
We should consider how the resulting analysis should be published. It could, for example, become part of the document itself, or an attachment or appendix.
It was agreed to hold a further joint meeting at the Austin event in July to discuss the assessment further. By then, a significant amount of work should have been done. The next joint meeting is scheduled for Thursday, July 21 (1100-1230) at the next Open Group Members' meeting in Austin TX.