face library policy · 5.2.1 face registry configuration management ... standard (face technical...
TRANSCRIPT
The Open Group Future Airborne Capability Environment (FACE™) Consortium
Library Policy
July 2014
Prepared by The Open Group FACE Consortium Business Working Group Library Subcommittee
NAVAIR Public Release 2013-923
Distribution Statement A – “Approved for public release; distribution is unlimited”
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 2
© Copyright 2014, The Open Group
All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or
by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior
permission of the copyright owner.
ArchiMate®, DirecNet
®, Jericho Forum
®, Making Standards Work
®, OpenPegasus
®, The Open Group
®,
TOGAF®, UNIX
®, and the Open Brand (“X Device”) are registered trademarks and Boundaryless
Information Flow™, Build with Integrity Buy with Confidence™, Dependability Through
Assuredness™, FACE™, IT4IT™, Open Platform 3.0™, Open Trusted Technology Provider™,
UDEF™, and The Open Group Certification Mark (“Open O”) are trademarks of The Open Group.
All other brands, company, and product names are used for identification purposes only and may be
trademarks that are the sole property of their respective owners.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy
Document Number: X1403US
Authored by The Open Group FACE Consortium.
Published by The Open Group, July 2014.
Comments relating to the material contained in this document may be submitted to:
The Open Group, 8 New England Executive Park, Burlington, MA 01803, United States
or by electronic mail to:
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 3
Contents
1. Introduction ....................................................................................................................................................... 4 1.1 Background .......................................................................................................................................... 4 1.2 Purpose ................................................................................................................................................. 4 1.3 Referenced Documents ......................................................................................................................... 4
2. FACE Library Overview ................................................................................................................................... 6 3. FACE Library Users .......................................................................................................................................... 7
3.1 Software Suppliers ............................................................................................................................... 7 3.2 System and Subsystem Integrators ....................................................................................................... 7 3.3 Customers ............................................................................................................................................. 8 3.4 FACE Verification Authorities (VAs) .................................................................................................. 8 3.5 FACE Certification Authority (CA) ..................................................................................................... 8 3.6 FACE Library Administrator................................................................................................................ 9
4. FACE Library Processes ................................................................................................................................. 10 4.1 Search for a FACE Certified Product ................................................................................................. 12 4.2 Submit a Software Product for Verification ....................................................................................... 13 4.3 Submit a Software Product for Certification ...................................................................................... 14 4.4 Submit a Software Product for Registration ....................................................................................... 15 4.5 Submit FACE Documents and Tools ................................................................................................. 16 4.6 Retrieve FACE Documents and Tools ............................................................................................... 17 4.7 Update FACE Registry Metadata ....................................................................................................... 18 4.8 Remove a Product from the FACE Registry ...................................................................................... 19
5. FACE Library Policy ....................................................................................................................................... 20 5.1 Process for Requesting/Granting User Permissions ........................................................................... 20 5.2 Configuration Management ................................................................................................................ 20
5.2.1 FACE Registry Configuration Management ........................................................................... 20 5.2.2 FACE Product Repository Configuration Management .......................................................... 20 5.2.3 FACE Reference Repository Configuration Management ...................................................... 21 5.2.4 FACE Verification Retention Repository Configuration Management................................... 21 5.2.5 FACE Certification Retention Repository Configuration Management .................................. 21
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 4
1. Introduction
1.1 Background
The purpose of the Future Airborne Capability Environment (FACE™) Consortium is to define a
common operating environment supporting portability and reuse of capability-based applications across
Department of Defense (DoD) aviation systems. To facilitate these goals, processes and guidelines are
needed to ensure conformance to the Future Airborne Capability Environment (FACE™) Technical
Standard (FACE Technical Standard), a standard of The Open Group, to provide FACE-specific business
and contracting strategies, and to provide a centralized library to enable the discovery and acquisition of
FACE Certified Products.
The goal of the FACE Library is to provide the infrastructure necessary to enable the discovery and
acquisition of FACE Certified Products. To effectively carry out this goal, the FACE Consortium requires
a well-designed and managed infrastructure that addresses the needs of all FACE Consortium
stakeholders.
1.2 Purpose
The purpose of this document is to outline the framework for the FACE Library by describing who
interacts with the FACE Library, what users need to be able to do, and how users gain access to FACE
Library components. Understanding these interactions is essential for developing policies necessary for
the management of library operations.
This document describes the relationship of the FACE Library to other FACE Consortium activities (e.g.,
FACE product development, certification and verification processes) and the internal functions necessary
to support the development and discovery of FACE Certified Products. Additionally, this document
describes detailed process flows for FACE Library operations and the policies required for effectively
managing those operations. This document, in conjunction with the FACE Library Requirements, will
provide guidance to entities tasked with developing and managing the FACE Library to ensure the
Library meets all stakeholders’ expectations.
A separate, follow-on document, the FACE Library Users’ Guide, will be developed by the FACE
Library Administrator to provide detailed, step-by-step instructions for accomplishing tasks described in
this document.
1.3 Referenced Documents
The following is a list of references used in the development of this document:
FACE Library Requirements, Version 2.1
Future Airborne Capability Environment (FACE) Technical Standard
FACE Business Guide, Version 1.1
FACE Conformance Certification Guide
FACE Conformance Policy
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 5
FACE Contract Guide
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 6
2. FACE Library Overview
The FACE Library consists of the following components (see Figure 1):
1. FACE Landing Page
2. FACE Library Portal
3. FACE Registry
4. FACE Product Repositories
5. FACE Reference Repository
6. FACE Certification Retention Repository
7. FACE Verification Retention Repositories
Figure 1: FACE Library Infrastructure
For a more detailed discussion of the structure and components of the FACE Library, please review the
FACE Library Requirements, Version 2.1.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 7
3. FACE Library Users
In order to develop sound policies for the use and administration of the FACE Library, it is important to
have a clear understanding of the users that will interact with the FACE Library, to more effectively
enable the development, discovery, and acquisition of FACE Certified Products.
The FACE Library was developed to serve the following users:
Software Suppliers
System and Subsystem Integrators
Customers
FACE Verification Authorities (VAs)
FACE Certification Authority (CA)
FACE Library Administrator
3.1 Software Suppliers
A Software Supplier produces software products (e.g., applications, operating systems and associated
software business logic, math functions, Real-Time Operating Systems (RTOS), middleware) for both
civilian and defense avionics markets, and other commercial markets.
A Software Supplier uses the FACE Library to:
Access information about the FACE Consortium
Access FACE Consortium documentation
Access the FACE Data Model
Access FACE Consortium approved or accredited software development and test tools
Discover FACE Consortium approved or accredited VAs
Search the FACE Registry for FACE Certified Products
Submit and track progress of software products during the FACE conformance process
Submit FACE Certified Products for listing in the FACE Registry
Manage metadata information about FACE Certified Products listed in the FACE Registry
3.2 System and Subsystem Integrators
A System or Subsystem Integrator is responsible for integrating the electronic avionics content within an
aircraft or system to meet customer requirements, technical specifications, and contractual statements of
work. The System or Subsystem Integrator is responsible for generating all aircraft/system-level
requirements derived from customer-supplied specifications and allocating appropriate ones to the
avionics subsystem and its software components, including FACE conformance.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 8
A System Integrator uses the FACE Library to:
Access information about the FACE Consortium
Access FACE Consortium documentation
Access FACE Consortium approved or accredited software development and test tools
Access the FACE Data Model
Discover FACE Consortium approved or accredited VAs
Search the FACE Registry for FACE Certified Products
3.3 Customers
Customers seek to procure FACE Certified Products. Customers use the FACE Library to:
Access information about the FACE Consortium
Access FACE Consortium documentation
Access FACE Consortium approved guides or accredited software development and test tools
Discover FACE Consortium approved or accredited VAs
Search the FACE Registry for FACE Certified Products
3.4 FACE Verification Authorities (VAs)
A FACE Verification Authority (VA) is an organization officially sanctioned by the FACE Steering
Committee to conduct For-the-Record Verification testing and for assessment of the Verification
Evidence provided by the Software Supplier. The VA role may be performed by an independent third-
party organization or a designated internal organization of the Software Supplier, so there may be
multiple VAs used for the FACE Conformance Program. More information about the VA role can be
found in the FACE Conformance Policy.
Each VA uses the FACE Library to:
Access information about the FACE Consortium
Access FACE Consortium documentation
Access FACE Consortium approved or accredited software development and test tools
Retain a copy of the Software Verification Package and Verification Results Package in a
Verification Retention Repository
3.5 FACE Certification Authority (CA)
The FACE Certification Authority (CA) is the organization sanctioned to manage the day-to-day
operation of the FACE Conformance Program. More information about the CA can be found in the FACE
Conformance Policy.
The CA uses the FACE Library to:
Receive the Verification Results Package from a FACE VA
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 9
Store the Verification Results Package in the Certification Retention Repository
Retrieve the Verification Results Package from the Certification Retention Repository
Receive the Certification Package
Issue the FACE Conformance Certificate to the Software Supplier
Archive conformance files in the Certification Retention Repository
3.6 FACE Library Administrator
The FACE Library Administrator is responsible for the day-to-day operations of the FACE Library,
according to the policies developed by the FACE Library Subcommittee. For a more detailed
understanding of the role of the FACE Library Administrator, refer to the FACE Library Administration
Plan.
The FACE Library Administrator uses the FACE Library to:
Update the FACE Library website(s)
Add or delete documents and tools from the FACE Reference Repository
Work with the CA to add, remove, or edit entries to the FACE Registry
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 10
4. FACE Library Processes
Section 3 provided a description of the users of the FACE Library. This section describes how those users
will interact with the FACE Library.
Processes identified for user interaction with the FACE Library include:
Search for a FACE Certified Product
Submit a software product for verification
Submit a software product for certification
Submit a software product for registration
Submit FACE documents and tools
Retrieve FACE documents and tools
Update FACE Registry metadata
Remove a product from the FACE Registry
The purpose of Figure 2 is to show the information exchanges between end users and the FACE Library
components identified in Section 2. For each of the data exchanges identified in Figure 2, more detailed
information, to include sequencing (the order in which tasks must be completed) and authentication
procedures, is discussed in subsequent sections.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 11
Figure 2: FACE Library Processes
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 12
4.1 Search for a FACE Certified Product
SW Supplier Customer System Integrator Subsystem Integrator
Navigate to FACE Consortium
FACE Landing Page
Search for FACE Certified Product
Registry PageEnter Search
Criteria
Registry Metadata
Review Search Results
Search Results
FACE Library Users
Request POC Package Library
Portal
Authentication CriteriaReceive POC
Package
Authentication as a Registered
User
Figure 3: Search for a FACE Certified Product
The goal of a user searching for a FACE Certified Product is to download the product’s Point of Contact
(POC) Package. The POC Package contains all of the metadata listed in the FACE Registry for a product,
including the Software Supplier’s contact information and the Unit of Conformance’s (UoC)
identification. This enables users to discover more information about the product from the product’s
developer and initiate the process for acquiring a product listed in the FACE Registry, if desired.
To search for a FACE Certified Product, a user:
1. Navigates to the FACE Landing Page to find general information about FACE Consortium
activities.
2. Follows prompts to search for a FACE Certified Product.
3. Is transferred to the FACE Registry page, and is prompted to enter search criteria.
4. User’s search criteria are compared to all products’ metadata listed in the FACE Registry.
5. Search results are displayed for review by the user.
6. If the user wants to download the search results, the user is prompted to request a POC
Package.
7. The user must be registered with the FACE Library Portal and authenticated prior to
downloading the POC Package.
8. Once authenticated, the user is able to download a file containing all requested products’
metadata listed in the FACE Registry.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 13
4.2 Submit a Software Product for Verification
Navigate to FACE Consortium
FACE Landing Page
Search for Product Verification Information
Conformance Verification
Process Page
Enter Search Criteria
Verification Authority Listings
Search Results
Software Supplier
Receive Verification
Authority POC Package
Authentication Criteria
Library Portal
Authentication as a “Software
Supplier”
Figure 4: Submit a Software Product for Verification
The first step in the FACE Conformance Program is the Verification Process. Detailed information about
the Verification Process can be found in the FACE Conformance Policy. Software Suppliers use the
FACE Library to discover approved FACE VAs.
To discover an approved FACE VA, a Software Supplier:
1. Navigates to the FACE Landing Page and follows prompts to search for information about the
Verification Process.
2. Is transferred to the FACE Conformance Verification Process page, to find general information
about the Verification Process and to search for accredited FACE VAs.
3. Prior to searching for accredited FACE VAs, the user must be authenticated as a registered
Software Supplier via the FACE Library Portal.
4. Once authenticated, the Software Supplier can search the listing of accredited VAs, and is able
to download the results.
5. The Software Supplier enters the Verification Process in accordance with the FACE
Conformance Policy.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 14
4.3 Submit a Software Product for Certification
Navigate to FACE Consortium
FACE Landing Page
Search for Product Certification Information
Conformance Certification
Authority Page
Software Supplier
Submit Certification Package
Authentication Criteria
Certification Repository
Library Portal
Authentication as a “Software
Supplier”
Figure 5: Submit a Software Product for Certification
When a Software Supplier completes the Verification Process, they request the VA submit the
Verification Results Package to the CA on their behalf to initiate the Certification Process.
To submit a product for FACE Conformance Certification, a Software Supplier:
1. Navigates to the FACE Landing Page and follows prompts to search for information about the
Certification Process.
2. Must be authenticated by the FACE Library Portal as a registered Software Supplier.
3. Initiates the Certification Process by signing and submitting the Verification Results Package
and legal agreements to the Conformance CA for storage in the FACE Certification Retention
Repository.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 15
4.4 Submit a Software Product for Registration
Navigate to FACE Consortium
FACE Landing Page
Search for Product Registration Information
Product Registration Page
Software Supplier
Submit Registraion Package
Authentication Criteria
FACE Registry
Library Portal
Authentication as a “Software
Supplier”
Figure 6: Submit a Software Product for Registration
After completing the Certification Process, the Software Supplier may initiate the Registration Process as
outlined in the FACE Conformance Policy. The Registration Process is complete when the FACE Library
Administrator has received the Registration Package and the supplier has met the legal and payment
requirements of the conformance certification process. The Registration Package consists of the FACE
Conformance Certificate and all product metadata as defined in the FACE Library Requirements, Version
2.1.
To submit a product for Registration in the FACE Registry, the Software Supplier:
1. Navigates to the FACE Landing Page and follows prompts to search for information about the
Registration Process.
2. Must be authenticated by the FACE Library Portal as a registered Software Supplier.
3. Initiates the Registration Process by submitting the Registration Package.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 16
4.5 Submit FACE Documents and Tools
FACE Landing Page
FACE Consortium Members’ Login
Library Admin Page
Library Administrator
Library Administrator
Verification
Reference Repository
Open Group Document / Tool Approval Process
Upload FACE Approved
Document / Tool
Notification to Library
Administrator
Figure 7: Submit FACE Documents and Tools
The FACE Library Administrator is responsible for entering or removing FACE Consortium approved
documents and tools in the FACE Reference Repository.
To submit a document or tool to the FACE Reference Repository, the developer/author:
1. Completes The Open Group document or tool approval process.
2. Logs into the FACE Consortium members’ website from the FACE Landing Page.
3. Uploads the FACE approved document or tool to the FACE Reference Repository, pending
approval by the FACE Library Administrator.
4. After being notified of a submission to the FACE Reference Repository, the FACE Library
Administrator verifies completion of The Open Group document/tool approval process and
approves submission to the FACE Reference Repository.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 17
4.6 Retrieve FACE Documents and Tools
SW Supplier Customer System Integrator Subsystem Integrator
Initiate Search for FACE Consortium
FACE Landing Page
Search for FACE Documents / Tools
Reference Repository Page Enter Search
Criteria
Reference Repository Metadata
Review Search Results
Search Results
FACE Library Users
Request to download
Document / Tool Library Portal
Authentication CriteriaReceive Document /
Tool
Authentication as a Registered
User
Figure 8: Retrieve FACE Documents and Tools
To retrieve a document or tool from the FACE Reference Repository, a user:
1. Navigates to the FACE Landing Page and follows prompts to search for a FACE approved
document or tool.
2. Is transferred to the FACE Reference Repository page, where they are prompted to enter search
criteria.
3. The user’s search criteria are compared to all products’ metadata listed in the FACE Reference
Repository.
4. Search results are displayed for the user to review.
5. The user must be registered with the FACE Library Portal and authenticated prior to
downloading the document or tool from the FACE Reference Repository.
6. Once authenticated, the user is able to download the document or tool.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 18
4.7 Update FACE Registry Metadata
Navigate to FACE Consortium
FACE Landing Page
Search for Product Registration Information
Product Registration Page
Software Supplier
Update Registry Entry
Authentication Criteria
FACE Registry
Library Portal
Authentication as a “Software
Supplier”
Figure 9: Update FACE Registry Metadata
To make changes to product metadata listings, the Software Supplier will:
1. Navigate to the FACE Landing Page.
2. Navigate to the FACE Registry entry.
3. Be authenticated by the FACE Library Portal as a software product owner.
4. Make and save metadata changes to fields available to Software Suppliers.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 19
4.8 Remove a Product from the FACE Registry
Navigate toFACE Consortium
FACE Landing Page
Search for Product Registration Information
Product Registration Page
Software Supplier
Registry Entry Removal Request
Authentication Criteria
FACE Registry
Library Portal
Authentication as a “Software
Supplier”
Figure 10: Remove a Product from the FACE Registry
To remove a product from the FACE Registry, the Software Supplier:
1. Navigates to the FACE Landing Page.
2. Navigates to the FACE Registry entry.
3. Must be authenticated by the FACE Library Portal as a software product owner or authorized
FACE Consortium agent.
4. Submits a request to the FACE Library Administrator for the FACE Registry entry to be
removed.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 20
5. FACE Library Policy
Policies for operation of the FACE Library will be developed by the FACE Library Subcommittee. The
FACE Library Administrator will be responsible for the day-to-day operation of the FACE Library and
for implementing the policies developed by the FACE Library Subcommittee.
5.1 Process for Requesting/Granting User Permissions
The process for requesting and granting user permissions is managed by the FACE Library Administrator.
Users are granted access to the FACE Library based on roles assigned by the FACE Library
Administrator.
5.2 Configuration Management
One of the primary concerns of the FACE Consortium is the management of information stored
throughout the FACE Library. In order to effectively manage information, this section describes policies
for ensuring sufficient visibility and control of applicable FACE Library information.
5.2.1 FACE Registry Configuration Management
The FACE Registry has a Configuration Management (CM) Plan developed by the FACE Library
Administrator and approved by the FACE Library Subcommittee. The FACE Registry CM Plan will
address CM for the FACE Registry entries, the FACE Registry itself, and any associated FACE Registry
software. The FACE Registry CM Plan will address planning, configuration identification, configuration
control, configuration account status, and support audits and verification. Implementation of the FACE
Registry CM Plan will be performed by the FACE Library Administrator.
Each FACE Registry entry will include a predetermined set of metadata for the associated FACE
Certified Product. This metadata will include metadata generated automatically from the Certification
Process in addition to information generated by the Software Supplier. The FACE Registry CM Plan will
include processes and procedures for editing and/or updating conformance metadata by the FACE
Certification Authority. Likewise, the FACE Registry CM Plan will include the process and procedures
for editing and/or updating metadata submitted by the Software Supplier.
To ensure that the FACE Registry maintains configuration control, a set of processes for verification will
be part of the FACE Registry CM Plan. These processes will ensure that FACE Registry access is
properly controlled so that all data in the FACE Registry remains accurate and up-to-date. Additionally,
these processes will address configuration control of all software used by the FACE Registry. The FACE
Registry CM Plan will also address the process for auditing the FACE Registry, allowing for scheduled
audits and other audits, as required. Details for the verification and audit processes will be in the FACE
Registry CM Plan.
5.2.2 FACE Product Repository Configuration Management
Each Software Supplier will be responsible for storing their FACE Certified Product in a product
repository that meets the requirements identified in the FACE Library Requirements, Version 2.0. This
section outlines the approval process and the minimum CM required for an approved FACE Product
Repository.
The Open Group Future Airborne Capability Environment (FACE™) Consortium: Library Policy 21
CM of product repositories will be the responsibility of the product repository developer and/or
maintainer. FACE Product Repository Configuration Management (CM) Plans will be reviewed by the
FACE Library Administrator to ensure they address basic repository CM to include planning,
configuration identification, configuration control, configuration account status, support audits, and
verification. If the FACE Product Repository CM Plan satisfactorily address these items, it will be
approved and become an official FACE Product Repository.
5.2.3 FACE Reference Repository Configuration Management
A FACE Reference Repository Configuration Management (CM) Plan will be developed to address the
repository entries, the reference repository itself, and any associated reference repository software. The
FACE Reference Repository CM Plan should address planning, configuration identification,
configuration control, configuration account status, support audits, and verification. Development and
implementation of the FACE Reference Repository CM Plan is the responsibility of the reference
repository developer and/or maintainer.
5.2.4 FACE Verification Retention Repository Configuration Management
Each FACE Verification Authority will be responsible for developing and maintaining a FACE
Verification Retention Repository. As part of that development, each FACE Verification Authority will
develop and implement a FACE Verification Retention Repository Configuration Management (CM)
Plan. These plans will address the basic tenants of CM planning, configuration identification,
configuration control, configuration account status, support of audit, and verification.
5.2.5 FACE Certification Retention Repository Configuration Management
The FACE Certification Authority is responsible for developing and maintaining the Certification
Retention Repository. As part of these responsibilities, the FACE Certification Authority will develop and
implement a FACE Certification Repository Configuration Management (CM) Plan. This plan should
address the basic tenets of CM planning, configuration identification, configuration control, configuration
account status, support of audits, and verification.