80 likes | 196 Views
www.oasis-open.org. Jim Hietala Vice President, Security. 44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387 j.hietala@opengroup.org www.opengroup.org. Security Forum Vision & Mission.
E N D
www.oasis-open.org Jim Hietala Vice President, Security 44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387 j.hietala@opengroup.org www.opengroup.org
Security Forum Vision & Mission • The Open Group: Boundaryless Information Flow, achieved through global interoperability in a secure, reliable and timely manner • The Open Group Security Forum: To facilitate the rapid development of secure architectures supporting boundaryless information flow through: • Development of industry standards, either independently or through co-operation (adopt, adapt, publish) • Developing guides, business rationales & scenarios, use cases • Developing reference and common system architectures, and support services • The Open Group also manages and supports the Jericho Forum
IT Changes Affecting Security • Web 2.0 coming to most enterprises, like it or not • Consumerization of IT with mobile devices • Shift in user patterns – an increasing % of user logins are now contractors, consultants, and business partners • Perimeter security model proving ineffective at securing this evolving environment
7% of sites compromised automatically 7.7% of sites had a high severity detectable through scanning 9 of 10 sites have at least one serious vulnerability Average of 7 vulnerabilities/site Web Security Study Web Application Security Consortium, 2007, and White Hat Security, analysis of 600+ sites
Security function interoperability- SAML, XACML, etc. Implementation level…ISO27002, PCI DSS, etc. Architecture – need for new standard security architecture describing information-centric vs. perimeter-centric security Security Standards Needs Exist at Multiple Levels…
The Open Group Security Forum KeyAccomplishments Guides, White Papers: Security, Privacy, DRM, Identity Management, PKI, IdM Architectures, Security Design Patterns, Electronic Chattel Paper, Trust models, Common Core Identifiers Guides, White Papers: Information Security Strategy Standards: CDSA- Authentication API AZN-API- Authorization API UAS 12/2007: Integration of Network Applications Consortium Standards: XDAS- Distributed Audit Service APKI- Architecture for Public Key Encryption XSSO- Single Sign-On CDSA Standards: DCE- Distributed Computing Environment XBSS- Baseline Security Services XDSF- Distributed Security Framework GSS API- Generic Security Services
The Open Group: Future Security Activities Continued support of Jericho Forum activities Ongoing standards work in these areas: Risk management taxonomy Secure Mobile Architectures Trust models XML platform compliance reporting Standard security architectures Initiating Security Practitioners Conferences Workshop approach to develop understanding and requirements around key emerging security issues such as Cloud Computing and Virtualization www.oasis-open.org