www.oasis-open.org

44 Montgomery StreetSuite 960

San Francisco, CA94104 USA

Tel +1 303 495 3123Cell +1 303 995 5387

j.hietala@opengroup.orgwww.opengroup.org

Jim HietalaVice President, Security

Security Forum Vision & Mission The Open Group: Boundaryless Information Flow, achieved through

global interoperability in a secure, reliable and timely manner The Open Group Security Forum: To facilitate the rapid development of

secure architectures supporting boundaryless information flow through: Development of industry standards, either independently or through co-operation (adopt,

adapt, publish) Developing guides, business rationales & scenarios, use cases Developing reference and common system architectures, and support services

The Open Group also manages and supports the Jericho Forum

IT Changes Affecting Security Web 2.0 coming to most enterprises, like it or

not Consumerization of IT with mobile devices Shift in user patterns – an increasing % of user

logins are now contractors, consultants, and business partners

Perimeter security model proving ineffective at securing this evolving environment

Web Security Study

Web Application Security Consortium, 2007, and White Hat Security, analysis of 600+ sites

7% of sites compromised automatically

7.7% of sites had a high severity detectable through scanning

9 of 10 sites have at least one serious vulnerability

Average of 7 vulnerabilities/site

Security Standards Needs Exist at Multiple Levels… Security function interoperability-

SAML, XACML, etc. Implementation level…ISO27002, PCI

DSS, etc. Architecture – need for new standard

security architecture describing information-centric vs. perimeter-centric security

Standards:CDSA- Authentication APIAZN-API- Authorization APIUAS

Standards:DCE- Distributed Computing EnvironmentXBSS- Baseline Security ServicesXDSF- Distributed Security FrameworkGSS API- Generic Security Services

Standards:XDAS- Distributed Audit ServiceAPKI- Architecture for Public Key EncryptionXSSO- Single Sign-OnCDSA

Guides, White Papers:Security, Privacy, DRM, Identity Management, PKI, IdM Architectures, Security Design Patterns, Electronic Chattel Paper, Trust models, Common Core Identifiers

The Open Group Security Forum Key Accomplishments

Guides, White Papers:Information Security Strategy

12/2007: Integration of Network Applications Consortium

12/2007: Integration of Network Applications Consortium

www.oasis-open.org

The Open Group: Future Security Activities

Continued support of Jericho Forum activities Ongoing standards work in these areas:

Risk management taxonomy Secure Mobile Architectures Trust models XML platform compliance reporting Standard security architectures

Initiating Security Practitioners Conferences Workshop approach to develop understanding and

requirements around key emerging security issues such as Cloud Computing and Virtualization

Thank You!