The Open Group : Making Standards Work
About The Open Group The Open Group Forums Certification Consortia Services
HOME   |   SITE MAP   |   SEARCH  

  Become a Member of The Open Group The Open Group Member Area  
Government Programs Events Bookstore & Downloads Newsroom Contact The Open Group
You are here: Newsroom > Member Newsletters
News
Press Releases
The Open Group in the Media
Newsletters

Journalist Resources
Fast Facts
Management Team
Governing Board
Events
Quotable Quotes
Publications





The Open Group's Platinum Members
Member Newsletters


Issue 1, 2005

Welcome to a new edition of The Open Group Member Newsletter! We hope it will be a valuable resource for our members, and a tool as useful as The Open Group website.

Please let us know if there is anything you would like to see in this newsletter, or on our website, by e-mailing us. We look forward to hearing your feedback.

In This Issue:

FEATURES

NEWS CONFERENCES EVENTS THE WEB OTHER
FEATURES

Rewards And Pitfalls Of Identity Management

By Dr. Chris Harding, The Open Group

Companies that diligently use standard data management products and techniques might assume that all their corporate information is safe. However, that is not the case. Some kinds of information need special care and attention – for example financial information, or, even more so, information related to personal identities.

Identity fraud is a growing problem. Organized crime often uses identity theft to raise money to fund operations such as people trafficking and drug smuggling. Gartner Research estimates that just "phishing" attacks alone cost US banks and credit card companies $1.2 billion last year. According to Computer Associates’ security guru Mick Coady, identity theft is much easier than most people think; personal information can be relatively easily obtained for about $500-1,000 per record.

Increasingly, governments realize the problem of identity fraud, and legislation is being put in place that regulates who can see what information. In the US, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley (GLB) Act mandate privacy of personal information in the healthcare and financial spheres. In Europe, the European Data Protection Directive restricts access to personal information. Other countries such as Canada and Australia have similar laws.

Unfortunately, having the legislation in place is only the first step. To make the legislation have any impact, organizations need effective, reliable identity management.

Well-implemented identity management systems not only help with regulatory compliance and preventing fraud, but can also increase operational efficiency, tighten security, and improve customer experience. For example, identity provisioning systems, which speed up the process of allocating access permissions to business systems and information, can dramatically reduce the time that it takes to make a new employee productive. In addition, they can eliminate the problem of ex-employees having continued access to systems because no one has thought to remove those permissions. Identity-based access control with simplified sign-on can ensure that the right people - and only the right people - have speedy access to the right systems and information.

Identity management also plays a critical role in enabling personalized user interfaces, which provide a better user experience and subsequently result in attracting and retaining customers. Amazon leads the way, but is followed by many other web retailers and customer-facing organizations.

If it’s so great, why doesn’t everybody implement it? Here comes the challenge - implementing effective, interoperable identity management can be very tricky.

First of all, each enterprise has its own individual identity management requirements. Based on its specific needs, it must have a solution for a combination of different functions. The most common functions include control of access to information, privacy management, human resources, customer relations management, supply chain management, "White pages" directory, web services, and custom corporate applications. There are many good identity management products as well as third-party services that perform different identity-related functions, such as identity storage, provisioning, single-sign on, identification through smart cards or biometrics, information synchronization, federation, and policy management. However, most solutions on the market are point solutions, which are not easy to match to a set of requirements within a coherent architecture, and which often do not interoperate. There is no overall, off-the-shelf solution.

Matching solutions to requirements and ensuring interoperability requires standards. However, identity management products and standards are still emerging, and the picture can be confusing. There has been rapid progress in Web Services Specifications for identity management, and in the Liberty Alliance project, although these two approaches are often seen as being in competition. There are several XML-based identity-related standards, including the Directory Services Mark-up Language (DSML), the Service Provisioning Mark-up language (SPML), the Extensible Access Control Markup Language (XACML), and the Security Assertions Mark-up Language (SAML). The Public Key Infrastructure (PKI) bandwagon might look to have stalled. However, PKI has the potential to be an important identity management technology, and its supporters may yet get their wagon back into gear. In addition, there are some unstandardized technologies that can provide effective point solutions – for example, password synchronization.

The common problem that adds to the challenge is that the identity information itself, which is available in organizations’ directories and databases, is often fragmented, and can be of poor quality. A large corporation may have many stores of identity information (many thousands, if PC and PDA address lists are included) that often contain records for the same people, although sometimes with different additional information. People's personal circumstances, and their roles within the organization, change frequently; information stores are not always updated; and errors accumulate.

So how do you find your way through this fog, and figure out how to make identity management effective for your organization?

The Liberty Alliance Project and the Web Services Specifications initiative are working on different approaches to identity federation, and are developing standards profiles for sign-on and attribute retrieval. The Organization for the Advancement of Structured Information Standards (OASIS) develops XML-based standards for packaging and secure transport of identity information, including SAML and the other mark-up languages mentioned earlier. ISO/IEC JTC 1 SC 37 (a formal international standards body) is defining standards, including data formats and APIs, for biometric technologies. Work on PKI is being done in the pkix group of the Internet Engineering Task Force (IETF). Most of these bodies publish information about their standards and encourage participation in their work.

Industry consortia such as Network Applications Consortium (NAC), EEMA - the independent European association for e-business, and The Open Group provide a way of getting involved at a less technical level. Through participation in group activities and networking with people that are deploying solutions and designing products, they help its members gain an understanding of what the value of the technologies is to enterprises, how they can be deployed, as well as giving them an option to influence the direction that the industry is taking.

Identity management is a new discipline; it can be confusing, and hard to understand. But there are some good sources of information, and opportunities for involvement in the development of identity management standards and practice. The rewards for getting on top of this technology are improved efficiency, security and customer satisfaction, easier compliance with regulation, and protection against fraud. Giving identity information special treatment is not easy, but the reward will make the effort worthwhile.

For more information, please contact Dr. Chris Harding

Top of Page


NEWS

The Open Group in the Media

The Open Group in the Press

Press Releases

1/12/05 - The Open Group Debuts Open Source Licensing of DCE Source Code

12/10/04 - The Open Group Announces Certification Program for IT Architects

Top of Page


Certification News

TOGAF Certification News

The number of TOGAF 8 Certified Professionals exceeded 200.

Current status of TOGAF Certified products, individuals, services, and tool support:

  • TOGAF 7 Certified - 28 Registered Individuals
  • TOGAF 7 Training - 3 Registered Products from 2 Companies
  • TOGAF 7 Professional Services - 7 Registered Services from 7 Companies
  • TOGAF 7 Tool Support - 2 Registered Products from 2 Companies
  • TOGAF 8 Certified - 226 Registered Individuals
  • TOGAF 8 Training - 4 Registered Products from 2 Companies
  • TOGAF 8 Professional Services - 4 Registered Services from 4 Companies
  • TOGAF 8 Tool Support - 2 Registered Products from 2 Companies

The full register is online at: http://www.opengroup.org/togaf/cert/register.html

LSB Certification News

We are pleased to announce that:

  • TimeSys has registered CGL 2.0 Reference Distribution from TimeSys 1.0 as conforming to the LSB Runtime Environment for PPC32 version 1.3 Product Standard.
  • MandrakeSoft has registered Mandrakelinux Corporate Server 3.0 as conforming to the LSB Runtime Environment for IA32 version 2.0 Product Standard.
  • Sun Wah Linux Limited has registered RAYS LX 1.0 as conforming to the LSB Runtime Environment for IA32 version 2.0 Product Standard
  • SUSE Linux AG has registered SUSE LINUX Enterprise Server 9:
  • For AMD64 & Intel EM64T with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for AMD64
  • For IBM POWER with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for PPC32
  • For IBM POWER with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for PPC64
  • For IBM S/390 with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for S390
  • For IBM zSeries with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for S390X 
  • For Itanium Processor Family with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for IA64 
  • For x86 with Service Pack 1 as conforming to LSB Version 2.0 Runtime Environment Product Standard for IA32

To see the Conformance Statement please refer to the latest official list of LSB registered products at: http://www.opengroup.org/lsb/cert/register.html

For more information on the Free Standards Group Certification program, please refer to http://www.freestandards.org/certification/

SIF Certification News

We are pleased to announce that the following products have been registered:

  • As conforming to the SIF-enabled Application Product Standard 1.5:
    • eScholar Complete Data Warehouse 6.x - from eScholar LLC
    • Riverdeep - Riverdeep LMS 2.5 and above with ZIAgent 3.x
    • Easy IEP(r) 5.14 and above - from Public Consulting Group, Inc.
    • MealTime 2.x  -  from CLM Group
    • Microsoft Class Server 4.0 - from Microsoft
      STIOffice 7.0 - from Software Technology, Inc.
  • As conforming to the SIF-enabled Application Product Standard 1.1:
  • Lunchbox Product Suite  - version 5.X - from Data Futures

To view all current SIF certifications and Conformance Statements, please see the SIF Certification Register at http://www.opengroup.org/sif/cert/register.html

For more information on the SIF certification, please refer to: http://www.opengroup.org/sif/cert

WAP Certification News

The following products from LG Electronics have been registered as conforming to the WAP 2.0 Product Specification:

  • LG L3100 Version 1.0
  • LG C1200 Version 1.0
  • LG C1100 Version 1.0
  • LG A7110 Version 1.0

For all current WAP certifications and Conformance Statements, please see the WAP Certification Register at http://www.opengroup.org/wap/cert/register_wap2.html

Top of Page


New Test Suite for POSIX Multipurpose Real-time Profile

We are pleased to announce the first general availability release of VSPSE54-2003-1.0. Release 1.0 is the first general release of VSPSE54-2003, the Open Group Verification Suite for system interfaces and headers in the PSE54 profile of POSIX.13  2003. It is an indicator of compliance for part of the POSIX: Certified by IEEE and The Open Group Certification program, specifically for the PSE54 Multipurpose Real-time 1003.13 TM 2003 System Product Standard.

Combined with latest release of the POSIX Shell and Utilities conformance test suite (VSC-PCTS2003-1.4) this provides comprehensive test coverage for this important real-time profile that is expected to be referenced in upcoming procurements.

Top of Page


Standards News

ARM 4.0, Issue 4.0, Version 2.0

The Open Group is pleased to announce the publication of the Application Response Measurement (ARM) Issue 4.0, Version 2 Technical Standards. They may be downloaded, free of charge:

Two Corrigenda accompany the Technical Standards:

ICSC ES-API Issue 1.0

The Interconnect Software Consortium is pleased to announce the release of Issue 1.0 of the Extended Software API.

The standard can be downloaded from the ICSC website, www.opengroup.org/icsc, in PDF format.

* CMPI Technical Standard

The Open Group is pleased to announce the publication of the Common Manageability Protocol Interface (CMPI) Technical Standard.

It may be downloaded, free of charge:

Top of Page


Software Development Times talks to James de Raeve about The Open Group IT Architect Certification Program

SD Times interviewed James de Raeve, The Open Group’s Vice President of Certification, about the organization’s new certification program, which will set an industry-wide baseline for IT Architect profession, provide a standard for their skills and expertise, and create a foundation for trust between suppliers and customers. read the article

Top of Page


Spotlight on Recent Publications

The Open Group IT Architect Certification Program - White Paper

The large IT projects that succeed have a well designed architecture that supports the business need as it evolves and changes to respond to market and competitive pressures.

This document is a proposal to The Open Group membership and also to practicing IT architects – and companies who employ them – with an interest in helping to define and shape the program.

download the document

SLA Management Handbook, Volume 4

The Open Group is pleased to announce the publication of the SLA Management Handbook, Volume 4. This is a joint publication with the TeleManagement Forum, who produced Volumes 1-3.

download the handbook, free of charge

Top of Page


CONFERENCES

Conference Wrap-Up: Boundaryless Information Flow™: Architecting Identity Management

The January 24-28, 2005 conference took place at the Hyatt at Fisherman’s Wharf in San Francisco, CA, USA.

The event spotlighted the progress made on enabling interoperable identity management solutions, and introduced key concepts of architecting identity management including trust, identity management and authentication; provisioning; permissions management and authorization; and directories and their roles. It discussed the business value of identity management, the most effective measures for cost/benefit assessment, limiting legal liability, and how to make informed decisions.

Keynote address:

  • Jamie Lewis, CEO and Research Chair, Burton Group;
  • Stuart McIrvine, Director of IBM Corporate Security Strategy;
  • Dr. Gene Schultz, Principal Engineer, Lawrence Berkeley National Laboratory

Speakers included:

Conor Cahill, Liberty Alliance, Chief Architect at AOL; Mary Dixon, Deputy Director, Defense Manpower Data Center (DMDC); Patrick Gannon, President & CEO, OASIS; Chris Greenslade, Frietuna Consultants Ltd; Ed Harrington, Data Access Technologies; Jim Hosmer, Principal Architect, CTO-EIS, Lockheed Martin; John Mori, Vice President, IT Division, VISA USA; Anthony Nadalin, Distinguished Engineer, Chief Security Architect, IBM; Steve Neville, Senior Manager, Identity Management, Entrust; Richard Paine, Advanced Computing Technologist, Boeing; Rakesh Radhakrishnan, Enterprise IT Architect, Sun; Ramaswamy Rangarajan, Principal Network Systems Designer, Sprint; Gavenraj Sodhi, eTrust Brand Product manager,Computer Associates; Justin Taylor, Chief Strategist, Digital Identity, Office of the CTO, Novell Inc.; Fred Wettling, Chair, Network Applications Consortium; Ron Williams, Sr. Enterprise Architect, IBM
read more

Conference proceedings are available at: http://opengroup.org/public/member/proceedings/q105/

Top of Page


Look ahead to Dublin in April 2005: Enterprise ArchITecture Europe 2005, and Member Meetings

The conference, which will take place in Jurys Ballsbridge Hotel in Dublin on April 25-27, 2005,will address some of the hottest topics in enterprise architecture - both from strategic and implementation points of view. Attendees will be both corporate strategists and architecture practitioners.

What will you experience:

  • Presentations on the practice and profession of enterprise architecture
  • Highly practical workshops on the relationships of enterprise architecture to technology, to business transformation, and to ROI
  • Study of enterprise architecture development, its integration and necessary infrastructure support
  • Hands-on workshop on how to set up and run an Enterprise Architecture practice
  • Review of in-depth case studies

Keynote Speakers

  • Minister of State, Tom Kitt, T.D., Department of the Taoiseach, Repubic of Ireland,with special responsibility for the Information Society
  • Colm Butler, Principal Officer of the Information Society Policy Unit at the Department of the Taoiseach, Republic of Ireland

The Open Group Member Meetings will be conducted in parallel, April 25-29, 2005.

Top of Page


EVENTS

Industry Events Calendar

Events of The Open Group

IT Architecture Practitioners Conference Europe 2005
April 25-29, 2005
Dublin, Ireland
http://www.opengroup.org/events

IT Architecture Practitioners Conference
July 18-22, 2005
N ew York, USA
http://www.opengroup.org/events

IT Architecture Practitioners Conference
October 17-21, 2005
USA – location tba
http://www.opengroup.org/events

Other Industry Events

The Third e-Crime Congress: Securing business reputation - Sustaining consumer confidence
April 5-6, 2005
Victoria Park Plaza Hotel
London, UK
www.e-crimecongress.org

InfoSec World™ 2005
April 4- 6, 2005
Coronado Springs Resort
Orlando, FL
http://www.misti.com/VirtProgISW/program.asp

OASIS Symposium
April 24-29, 2005
Marriott Hotel
New Orleans, LA
http://www.oasis-open.org/events/symposium_2005/

Digital ID World Conference 2005
May 10-13, 2005
Hyatt Regency Embarcadero
San Francisco, CA
http://conference.digitalidworld.com/2005/index.php

TeleManagement World
May 16-19, 2005
Acropolis Convention Center Nice, France
http://www.tmforum.org/browse.asp?catID=2194

Global Integration Summit 2005
Theme: Real World Integration - Steps to Success
May 23-25, 2005
Fairmont Banff Springs, Alberta, Canada
www.globalintegrationsummit.com 
The Open Group members are eligible for the IC member pricing which offers a 1005.00 savings off the non-member pricing.

Catalyst Conference North America 2005
July 13-15, 2005
Manchester Grand Hyatt
San Diego, CA
https://www.burtongroup.com/catalyst/

Top of Page


THE WEB


Top Downloads from the Web

Top 10 publications downloads in December 2004

  • The Single UNIX Specification, Version 3
  • TOGAF, Version 8 'Enterprise Edition'
  • Security Design Patterns
  • Distributed TP: The XA Specification
  • X/Open Single Sign-On Service (XSSO) - Pluggable Authentication
  • DCE 1.1: Remote Procedure Call
  • Identity Management
  • Single UNIX Specification, Version 2 - 6 Vol. Set for UNIX 98 Hardcopy
  • UNIX 03
  • DRDA V3 Vol. 1: Distributed Relational Database Architecture
  • Common Security: CDSA and CSSM, Version 2 (with corrigenda)

Top 10 page views in December 2004

  1. The Open Group home
  2. The Single UNIX® Specification, Version 2: Keyword search page
  3. The Base Specifications, Issue 6
  4. Open Motif home
  5. A-Z Index
  6. TOGAF 8 welcome page
  7. Contacts
  8. Open Motif Downloads
  9. Search page
  10. CDE home
Top of Page


OTHER


Final Thoughts...

Please let us know if there are other subjects you would like to see covered in this newsletter, if you have any comments on any story or article in the newsletter, or to send letters to the editor for possible publication in the future.

You can contact us at memnews-feedback@opengroup.org . We look forward to hearing from you, and will see you next month.

 

    
   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page