face library policy · 5.2.1 face registry configuration management ... standard (face technical...

The Open Group Future Airborne Capability Environment (FACE™) Consortium

Library Policy

July 2014

Prepared by The Open Group FACE Consortium Business Working Group Library Subcommittee

NAVAIR Public Release 2013-923

Distribution Statement A – “Approved for public release; distribution is unlimited”

The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 2

© Copyright 2014, The Open Group

All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or

by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior

permission of the copyright owner.

ArchiMate®, DirecNet

®, Jericho Forum

®, Making Standards Work

®, OpenPegasus

®, The Open Group

®,

TOGAF®, UNIX

®, and the Open Brand (“X Device”) are registered trademarks and Boundaryless

Information Flow™, Build with Integrity Buy with Confidence™, Dependability Through

Assuredness™, FACE™, IT4IT™, Open Platform 3.0™, Open Trusted Technology Provider™,

UDEF™, and The Open Group Certification Mark (“Open O”) are trademarks of The Open Group.

All other brands, company, and product names are used for identification purposes only and may be

trademarks that are the sole property of their respective owners.

The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy

Document Number: X1403US

Authored by The Open Group FACE Consortium.

Published by The Open Group, July 2014.

Comments relating to the material contained in this document may be submitted to:

The Open Group, 8 New England Executive Park, Burlington, MA 01803, United States

or by electronic mail to:

[email protected]

mailto:[email protected]


Contents

1. Introduction ....................................................................................................................................................... 4 1.1 Background .......................................................................................................................................... 4 1.2 Purpose ................................................................................................................................................. 4 1.3 Referenced Documents ......................................................................................................................... 4

2. FACE Library Overview ................................................................................................................................... 6 3. FACE Library Users .......................................................................................................................................... 7

3.1 Software Suppliers ............................................................................................................................... 7 3.2 System and Subsystem Integrators ....................................................................................................... 7 3.3 Customers ............................................................................................................................................. 8 3.4 FACE Verification Authorities (VAs) .................................................................................................. 8 3.5 FACE Certification Authority (CA) ..................................................................................................... 8 3.6 FACE Library Administrator................................................................................................................ 9

4. FACE Library Processes ................................................................................................................................. 10 4.1 Search for a FACE Certified Product ................................................................................................. 12 4.2 Submit a Software Product for Verification ....................................................................................... 13 4.3 Submit a Software Product for Certification ...................................................................................... 14 4.4 Submit a Software Product for Registration ....................................................................................... 15 4.5 Submit FACE Documents and Tools ................................................................................................. 16 4.6 Retrieve FACE Documents and Tools ............................................................................................... 17 4.7 Update FACE Registry Metadata ....................................................................................................... 18 4.8 Remove a Product from the FACE Registry ...................................................................................... 19

5. FACE Library Policy ....................................................................................................................................... 20 5.1 Process for Requesting/Granting User Permissions ........................................................................... 20 5.2 Configuration Management ................................................................................................................ 20

5.2.1 FACE Registry Configuration Management ........................................................................... 20 5.2.2 FACE Product Repository Configuration Management .......................................................... 20 5.2.3 FACE Reference Repository Configuration Management ...................................................... 21 5.2.4 FACE Verification Retention Repository Configuration Management................................... 21 5.2.5 FACE Certification Retention Repository Configuration Management .................................. 21


1. Introduction

1.1 Background

The purpose of the Future Airborne Capability Environment (FACE™) Consortium is to define a

common operating environment supporting portability and reuse of capability-based applications across

Department of Defense (DoD) aviation systems. To facilitate these goals, processes and guidelines are

needed to ensure conformance to the Future Airborne Capability Environment (FACE™) Technical

Standard (FACE Technical Standard), a standard of The Open Group, to provide FACE-specific business

and contracting strategies, and to provide a centralized library to enable the discovery and acquisition of

FACE Certified Products.

The goal of the FACE Library is to provide the infrastructure necessary to enable the discovery and

acquisition of FACE Certified Products. To effectively carry out this goal, the FACE Consortium requires

a well-designed and managed infrastructure that addresses the needs of all FACE Consortium

stakeholders.

1.2 Purpose

The purpose of this document is to outline the framework for the FACE Library by describing who

interacts with the FACE Library, what users need to be able to do, and how users gain access to FACE

Library components. Understanding these interactions is essential for developing policies necessary for

the management of library operations.

This document describes the relationship of the FACE Library to other FACE Consortium activities (e.g.,

FACE product development, certification and verification processes) and the internal functions necessary

to support the development and discovery of FACE Certified Products. Additionally, this document

describes detailed process flows for FACE Library operations and the policies required for effectively

managing those operations. This document, in conjunction with the FACE Library Requirements, will

provide guidance to entities tasked with developing and managing the FACE Library to ensure the

Library meets all stakeholders’ expectations.

A separate, follow-on document, the FACE Library Users’ Guide, will be developed by the FACE

Library Administrator to provide detailed, step-by-step instructions for accomplishing tasks described in

this document.

1.3 Referenced Documents

The following is a list of references used in the development of this document:

FACE Library Requirements, Version 2.1

Future Airborne Capability Environment (FACE) Technical Standard

FACE Business Guide, Version 1.1

FACE Conformance Certification Guide

FACE Conformance Policy


FACE Contract Guide


2. FACE Library Overview

The FACE Library consists of the following components (see Figure 1):

1. FACE Landing Page

2. FACE Library Portal

3. FACE Registry

4. FACE Product Repositories

5. FACE Reference Repository

6. FACE Certification Retention Repository

7. FACE Verification Retention Repositories

Figure 1: FACE Library Infrastructure

For a more detailed discussion of the structure and components of the FACE Library, please review the

FACE Library Requirements, Version 2.1.


3. FACE Library Users

In order to develop sound policies for the use and administration of the FACE Library, it is important to

have a clear understanding of the users that will interact with the FACE Library, to more effectively

enable the development, discovery, and acquisition of FACE Certified Products.

The FACE Library was developed to serve the following users:

Software Suppliers

System and Subsystem Integrators

Customers

FACE Verification Authorities (VAs)

FACE Certification Authority (CA)

FACE Library Administrator

3.1 Software Suppliers

A Software Supplier produces software products (e.g., applications, operating systems and associated

software business logic, math functions, Real-Time Operating Systems (RTOS), middleware) for both

civilian and defense avionics markets, and other commercial markets.

A Software Supplier uses the FACE Library to:

Access information about the FACE Consortium

Access FACE Consortium documentation

Access the FACE Data Model

Access FACE Consortium approved or accredited software development and test tools

Discover FACE Consortium approved or accredited VAs

Search the FACE Registry for FACE Certified Products

Submit and track progress of software products during the FACE conformance process

Submit FACE Certified Products for listing in the FACE Registry

Manage metadata information about FACE Certified Products listed in the FACE Registry

3.2 System and Subsystem Integrators

A System or Subsystem Integrator is responsible for integrating the electronic avionics content within an

aircraft or system to meet customer requirements, technical specifications, and contractual statements of

work. The System or Subsystem Integrator is responsible for generating all aircraft/system-level

requirements derived from customer-supplied specifications and allocating appropriate ones to the

avionics subsystem and its software components, including FACE conformance.


A System Integrator uses the FACE Library to:




Access the FACE Data Model



3.3 Customers

Customers seek to procure FACE Certified Products. Customers use the FACE Library to:



Access FACE Consortium approved guides or accredited software development and test tools



3.4 FACE Verification Authorities (VAs)

A FACE Verification Authority (VA) is an organization officially sanctioned by the FACE Steering

Committee to conduct For-the-Record Verification testing and for assessment of the Verification

Evidence provided by the Software Supplier. The VA role may be performed by an independent third-

party organization or a designated internal organization of the Software Supplier, so there may be

multiple VAs used for the FACE Conformance Program. More information about the VA role can be

found in the FACE Conformance Policy.

Each VA uses the FACE Library to:




Retain a copy of the Software Verification Package and Verification Results Package in a

Verification Retention Repository

3.5 FACE Certification Authority (CA)

The FACE Certification Authority (CA) is the organization sanctioned to manage the day-to-day

operation of the FACE Conformance Program. More information about the CA can be found in the FACE

Conformance Policy.

The CA uses the FACE Library to:

Receive the Verification Results Package from a FACE VA


Store the Verification Results Package in the Certification Retention Repository

Retrieve the Verification Results Package from the Certification Retention Repository

Receive the Certification Package

Issue the FACE Conformance Certificate to the Software Supplier

Archive conformance files in the Certification Retention Repository

3.6 FACE Library Administrator

The FACE Library Administrator is responsible for the day-to-day operations of the FACE Library,

according to the policies developed by the FACE Library Subcommittee. For a more detailed

understanding of the role of the FACE Library Administrator, refer to the FACE Library Administration

Plan.

The FACE Library Administrator uses the FACE Library to:

Update the FACE Library website(s)

Add or delete documents and tools from the FACE Reference Repository

Work with the CA to add, remove, or edit entries to the FACE Registry


4. FACE Library Processes

Section 3 provided a description of the users of the FACE Library. This section describes how those users

will interact with the FACE Library.

Processes identified for user interaction with the FACE Library include:

Search for a FACE Certified Product

Submit a software product for verification

Submit a software product for certification

Submit a software product for registration

Submit FACE documents and tools

Retrieve FACE documents and tools

Update FACE Registry metadata

Remove a product from the FACE Registry

The purpose of Figure 2 is to show the information exchanges between end users and the FACE Library

components identified in Section 2. For each of the data exchanges identified in Figure 2, more detailed

information, to include sequencing (the order in which tasks must be completed) and authentication

procedures, is discussed in subsequent sections.


Figure 2: FACE Library Processes


4.1 Search for a FACE Certified Product

SW Supplier Customer System Integrator Subsystem Integrator

Navigate to FACE Consortium

FACE Landing Page

Search for FACE Certified Product

Registry PageEnter Search

Criteria

Registry Metadata

Review Search Results

Search Results

FACE Library Users

Request POC Package Library

Portal

Authentication CriteriaReceive POC

Package

Authentication as a Registered

User

Figure 3: Search for a FACE Certified Product

The goal of a user searching for a FACE Certified Product is to download the product’s Point of Contact

(POC) Package. The POC Package contains all of the metadata listed in the FACE Registry for a product,

including the Software Supplier’s contact information and the Unit of Conformance’s (UoC)

identification. This enables users to discover more information about the product from the product’s

developer and initiate the process for acquiring a product listed in the FACE Registry, if desired.

To search for a FACE Certified Product, a user:

1. Navigates to the FACE Landing Page to find general information about FACE Consortium

activities.

2. Follows prompts to search for a FACE Certified Product.

3. Is transferred to the FACE Registry page, and is prompted to enter search criteria.

4. User’s search criteria are compared to all products’ metadata listed in the FACE Registry.

5. Search results are displayed for review by the user.

6. If the user wants to download the search results, the user is prompted to request a POC

Package.

7. The user must be registered with the FACE Library Portal and authenticated prior to

downloading the POC Package.

8. Once authenticated, the user is able to download a file containing all requested products’

metadata listed in the FACE Registry.


4.2 Submit a Software Product for Verification


FACE Landing Page

Search for Product Verification Information

Conformance Verification

Process Page

Enter Search Criteria

Verification Authority Listings

Search Results

Software Supplier

Receive Verification

Authority POC Package

Authentication Criteria

Library Portal

Authentication as a “Software

Supplier”

Figure 4: Submit a Software Product for Verification

The first step in the FACE Conformance Program is the Verification Process. Detailed information about

the Verification Process can be found in the FACE Conformance Policy. Software Suppliers use the

FACE Library to discover approved FACE VAs.

To discover an approved FACE VA, a Software Supplier:

1. Navigates to the FACE Landing Page and follows prompts to search for information about the

Verification Process.

2. Is transferred to the FACE Conformance Verification Process page, to find general information

about the Verification Process and to search for accredited FACE VAs.

3. Prior to searching for accredited FACE VAs, the user must be authenticated as a registered

Software Supplier via the FACE Library Portal.

4. Once authenticated, the Software Supplier can search the listing of accredited VAs, and is able

to download the results.

5. The Software Supplier enters the Verification Process in accordance with the FACE

Conformance Policy.


4.3 Submit a Software Product for Certification


FACE Landing Page

Search for Product Certification Information

Conformance Certification

Authority Page

Software Supplier

Submit Certification Package


Certification Repository

Library Portal


Supplier”

Figure 5: Submit a Software Product for Certification

When a Software Supplier completes the Verification Process, they request the VA submit the

Verification Results Package to the CA on their behalf to initiate the Certification Process.

To submit a product for FACE Conformance Certification, a Software Supplier:


Certification Process.

2. Must be authenticated by the FACE Library Portal as a registered Software Supplier.

3. Initiates the Certification Process by signing and submitting the Verification Results Package

and legal agreements to the Conformance CA for storage in the FACE Certification Retention

Repository.


4.4 Submit a Software Product for Registration


FACE Landing Page

Search for Product Registration Information

Product Registration Page

Software Supplier

Submit Registraion Package


FACE Registry

Library Portal


Supplier”

Figure 6: Submit a Software Product for Registration

After completing the Certification Process, the Software Supplier may initiate the Registration Process as

outlined in the FACE Conformance Policy. The Registration Process is complete when the FACE Library

Administrator has received the Registration Package and the supplier has met the legal and payment

requirements of the conformance certification process. The Registration Package consists of the FACE

Conformance Certificate and all product metadata as defined in the FACE Library Requirements, Version

2.1.

To submit a product for Registration in the FACE Registry, the Software Supplier:


Registration Process.

2. Must be authenticated by the FACE Library Portal as a registered Software Supplier.

3. Initiates the Registration Process by submitting the Registration Package.


4.5 Submit FACE Documents and Tools

FACE Landing Page

FACE Consortium Members’ Login

Library Admin Page

Library Administrator

Library Administrator

Verification

Reference Repository

Open Group Document / Tool Approval Process

Upload FACE Approved

Document / Tool

Notification to Library

Administrator

Figure 7: Submit FACE Documents and Tools

The FACE Library Administrator is responsible for entering or removing FACE Consortium approved

documents and tools in the FACE Reference Repository.

To submit a document or tool to the FACE Reference Repository, the developer/author:

1. Completes The Open Group document or tool approval process.

2. Logs into the FACE Consortium members’ website from the FACE Landing Page.

3. Uploads the FACE approved document or tool to the FACE Reference Repository, pending

approval by the FACE Library Administrator.

4. After being notified of a submission to the FACE Reference Repository, the FACE Library

Administrator verifies completion of The Open Group document/tool approval process and

approves submission to the FACE Reference Repository.


4.6 Retrieve FACE Documents and Tools

SW Supplier Customer System Integrator Subsystem Integrator

Initiate Search for FACE Consortium

FACE Landing Page

Search for FACE Documents / Tools

Reference Repository Page Enter Search

Criteria

Reference Repository Metadata

Review Search Results

Search Results

FACE Library Users

Request to download

Document / Tool Library Portal

Authentication CriteriaReceive Document /

Tool

Authentication as a Registered

User

Figure 8: Retrieve FACE Documents and Tools

To retrieve a document or tool from the FACE Reference Repository, a user:

1. Navigates to the FACE Landing Page and follows prompts to search for a FACE approved

document or tool.

2. Is transferred to the FACE Reference Repository page, where they are prompted to enter search

criteria.

3. The user’s search criteria are compared to all products’ metadata listed in the FACE Reference

Repository.

4. Search results are displayed for the user to review.

5. The user must be registered with the FACE Library Portal and authenticated prior to

downloading the document or tool from the FACE Reference Repository.

6. Once authenticated, the user is able to download the document or tool.


4.7 Update FACE Registry Metadata


FACE Landing Page



Software Supplier

Update Registry Entry


FACE Registry

Library Portal


Supplier”

Figure 9: Update FACE Registry Metadata

To make changes to product metadata listings, the Software Supplier will:

1. Navigate to the FACE Landing Page.

2. Navigate to the FACE Registry entry.

3. Be authenticated by the FACE Library Portal as a software product owner.

4. Make and save metadata changes to fields available to Software Suppliers.


4.8 Remove a Product from the FACE Registry

Navigate toFACE Consortium

FACE Landing Page



Software Supplier

Registry Entry Removal Request


FACE Registry

Library Portal


Supplier”

Figure 10: Remove a Product from the FACE Registry

To remove a product from the FACE Registry, the Software Supplier:

1. Navigates to the FACE Landing Page.

2. Navigates to the FACE Registry entry.

3. Must be authenticated by the FACE Library Portal as a software product owner or authorized

FACE Consortium agent.

4. Submits a request to the FACE Library Administrator for the FACE Registry entry to be

removed.


5. FACE Library Policy

Policies for operation of the FACE Library will be developed by the FACE Library Subcommittee. The

FACE Library Administrator will be responsible for the day-to-day operation of the FACE Library and

for implementing the policies developed by the FACE Library Subcommittee.

5.1 Process for Requesting/Granting User Permissions

The process for requesting and granting user permissions is managed by the FACE Library Administrator.

Users are granted access to the FACE Library based on roles assigned by the FACE Library

Administrator.

5.2 Configuration Management

One of the primary concerns of the FACE Consortium is the management of information stored

throughout the FACE Library. In order to effectively manage information, this section describes policies

for ensuring sufficient visibility and control of applicable FACE Library information.

5.2.1 FACE Registry Configuration Management

The FACE Registry has a Configuration Management (CM) Plan developed by the FACE Library

Administrator and approved by the FACE Library Subcommittee. The FACE Registry CM Plan will

address CM for the FACE Registry entries, the FACE Registry itself, and any associated FACE Registry

software. The FACE Registry CM Plan will address planning, configuration identification, configuration

control, configuration account status, and support audits and verification. Implementation of the FACE

Registry CM Plan will be performed by the FACE Library Administrator.

Each FACE Registry entry will include a predetermined set of metadata for the associated FACE

Certified Product. This metadata will include metadata generated automatically from the Certification

Process in addition to information generated by the Software Supplier. The FACE Registry CM Plan will

include processes and procedures for editing and/or updating conformance metadata by the FACE

Certification Authority. Likewise, the FACE Registry CM Plan will include the process and procedures

for editing and/or updating metadata submitted by the Software Supplier.

To ensure that the FACE Registry maintains configuration control, a set of processes for verification will

be part of the FACE Registry CM Plan. These processes will ensure that FACE Registry access is

properly controlled so that all data in the FACE Registry remains accurate and up-to-date. Additionally,

these processes will address configuration control of all software used by the FACE Registry. The FACE

Registry CM Plan will also address the process for auditing the FACE Registry, allowing for scheduled

audits and other audits, as required. Details for the verification and audit processes will be in the FACE

Registry CM Plan.

5.2.2 FACE Product Repository Configuration Management

Each Software Supplier will be responsible for storing their FACE Certified Product in a product

repository that meets the requirements identified in the FACE Library Requirements, Version 2.0. This

section outlines the approval process and the minimum CM required for an approved FACE Product

Repository.


CM of product repositories will be the responsibility of the product repository developer and/or

maintainer. FACE Product Repository Configuration Management (CM) Plans will be reviewed by the

FACE Library Administrator to ensure they address basic repository CM to include planning,

configuration identification, configuration control, configuration account status, support audits, and

verification. If the FACE Product Repository CM Plan satisfactorily address these items, it will be

approved and become an official FACE Product Repository.

5.2.3 FACE Reference Repository Configuration Management

A FACE Reference Repository Configuration Management (CM) Plan will be developed to address the

repository entries, the reference repository itself, and any associated reference repository software. The

FACE Reference Repository CM Plan should address planning, configuration identification,

configuration control, configuration account status, support audits, and verification. Development and

implementation of the FACE Reference Repository CM Plan is the responsibility of the reference

repository developer and/or maintainer.

5.2.4 FACE Verification Retention Repository Configuration Management

Each FACE Verification Authority will be responsible for developing and maintaining a FACE

Verification Retention Repository. As part of that development, each FACE Verification Authority will

develop and implement a FACE Verification Retention Repository Configuration Management (CM)

Plan. These plans will address the basic tenants of CM planning, configuration identification,

configuration control, configuration account status, support of audit, and verification.

5.2.5 FACE Certification Retention Repository Configuration Management

The FACE Certification Authority is responsible for developing and maintaining the Certification

Retention Repository. As part of these responsibilities, the FACE Certification Authority will develop and

implement a FACE Certification Repository Configuration Management (CM) Plan. This plan should

address the basic tenets of CM planning, configuration identification, configuration control, configuration

account status, support of audits, and verification.