The Open Group Open Platform 3.0™
You are here:  > Open Platform 3.0™ > Documents > Joint Meeting of Open Platform 3.0 and Security Forums in San Francisco
Title: Joint Meeting of Open Platform 3.0 and Security Forums in San Francisco
Version: Agenda

Topics for Discussion

Security and Safety

Given the rise of cognitive computing, the basis of security (Confidentiality, Integrity, and Availability) is being taxed with a demand for safety.  Autonomous machines, self-healing and learning systems [things] are interacting with humans, both physically and emotionally.  Can Security’s CIA become CIAS, and is this something that the Security Forum might want to confront especially in terms of an OP3 that may support cognitive components, emergent demand?  Does the Security Forum own safety assurance?  Who should own 'safety' in our OP3 world?  Do we let loss of value, life, and property go first, and let governments dictate local solutioning, or do we develop standards that reflect governance?

Risk and Assurance

Humans, systems, and machines, will be the users of systems conforming to the Open Platform 3.0 standard, and may be the instruments for connection or capability within these systems. How are risk and assurance managed to a positive result?  This is a question about who assures safety, minimizes risk (i.e., loss of revenue, life, property).

Threats to Policy

SLAs and OLAs protect humans, systems, or machines who ask for named services from a loss of value due to non-performance.  Are subversive threats to policy change to allow for system disruption a topic of concern for Security practitioners, or is this contained today?  This is a question about attacking policy to subvert SLA/OLAs.

Advanced Persistent Threats and Information Flow Risks

How do APT (advanced persistent threats), or intrusion, versus information flow risks that may multiply over time due to system complexity work for Security practitioners chartered to protect the organization?  This is a complexity versus identifying a real threat question.

Confidentiality

Given the current position of Internet confidentiality in the US and EU, how can the Open Platform 3.0 standard help to assure confidence to global organizations that the right things can/will be done?  Is this a security or a risk assurance problem?  This is a question about how we address the Open Platform 3.0 standard globally due to government differences on security.

Suggestions to how to explain the confidentiality costs to a non-EU audience when EU-confidentially rules are violated – perhaps simply due to the fact that a conforming system is a complex interaction of many core and contextual capabilities that are both in and out of org enabled?  This is an EU vs USA question that has to be solved for a global standard.

Internet of Things

Considering that IoT devices (i.e., things) are manufactured by orgs that may or may not have their devices communicate with structures, words, semantics like other things, there will be a demand to correlate and consolidate messaging of things, as in a mesh.  'Meshed' data supported the derivation of new information, insights and feedback that as individual things would be lost or be seen as non-sensical.  From a security and 'safety' perspective, assurance should be that things within ecosystems can relate to assure value, consistency, and safety (essentially, CIA+S).  The Open Platform 3.0 standard may be seen as the governor of thing behaviors to assure CIA+S.

Digital Identity Management

Digital identity denotes information that uniquely identifies an entity such as, person, group, organization, machine, sensor, actuator, or an abstract resource. Digital identity is an important aspect of the emerging digital economy. In such an economy consumers face trust issues and providers face significant business risks with growing number of security incidents and privacy concerns. A fragmented digital identity landscape makes firms vulnerable to exploitation. In addition, solutions that foster trust amongst the business ecosystem actors are increasingly needed for sustainability. Also, engaging and delivering compelling experience using traditional means to identify users across channels (or devices) is a challenge. Thus, this standard is intended to establish key concepts and framework(s) to effectively manage digital identities. It can include guidelines for proper creation, exchange, and use of digital identities across all participating players. An opportunity exists to harmonize existing standards in this space.

CounterPoint: The emerging decentralized models (as in block chain) eliminate the need for investing in the management of digital identities. These technologies use public key cryptographic techniques to bind private signing key with user initiated transaction and public verification key to ensure authenticity.

Attachments:   
Created by: c.harding on 21-Jan-16 Updated by: c.harding on 21-Jan-16
If you experience any problems with broken links, or incorrect or unexpected functionality, click here to request help.
   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page
  PHPlato: 2.0 (701) [p]