Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | flora-evangeline-collins |
View: | 218 times |
Download: | 3 times |
www.oasis-open.org
44 Montgomery StreetSuite 960
San Francisco, CA94104 USA
Tel +1 303 495 3123Cell +1 303 995 5387
Jim HietalaVice President, Security
Security Forum Vision & Mission The Open Group: Boundaryless Information Flow, achieved through
global interoperability in a secure, reliable and timely manner The Open Group Security Forum: To facilitate the rapid development of
secure architectures supporting boundaryless information flow through: Development of industry standards, either independently or through co-operation (adopt,
adapt, publish) Developing guides, business rationales & scenarios, use cases Developing reference and common system architectures, and support services
The Open Group also manages and supports the Jericho Forum
IT Changes Affecting Security Web 2.0 coming to most enterprises, like it or
not Consumerization of IT with mobile devices Shift in user patterns – an increasing % of user
logins are now contractors, consultants, and business partners
Perimeter security model proving ineffective at securing this evolving environment
Web Security Study
Web Application Security Consortium, 2007, and White Hat Security, analysis of 600+ sites
7% of sites compromised automatically
7.7% of sites had a high severity detectable through scanning
9 of 10 sites have at least one serious vulnerability
Average of 7 vulnerabilities/site
Security Standards Needs Exist at Multiple Levels… Security function interoperability-
SAML, XACML, etc. Implementation level…ISO27002, PCI
DSS, etc. Architecture – need for new standard
security architecture describing information-centric vs. perimeter-centric security
Standards:CDSA- Authentication APIAZN-API- Authorization APIUAS
Standards:DCE- Distributed Computing EnvironmentXBSS- Baseline Security ServicesXDSF- Distributed Security FrameworkGSS API- Generic Security Services
Standards:XDAS- Distributed Audit ServiceAPKI- Architecture for Public Key EncryptionXSSO- Single Sign-OnCDSA
Guides, White Papers:Security, Privacy, DRM, Identity Management, PKI, IdM Architectures, Security Design Patterns, Electronic Chattel Paper, Trust models, Common Core Identifiers
The Open Group Security Forum Key Accomplishments
Guides, White Papers:Information Security Strategy
12/2007: Integration of Network Applications Consortium
12/2007: Integration of Network Applications Consortium
www.oasis-open.org
The Open Group: Future Security Activities
Continued support of Jericho Forum activities Ongoing standards work in these areas:
Risk management taxonomy Secure Mobile Architectures Trust models XML platform compliance reporting Standard security architectures
Initiating Security Practitioners Conferences Workshop approach to develop understanding and
requirements around key emerging security issues such as Cloud Computing and Virtualization
Thank You!