Summary of oral comments (2IH)
- EA brings order out of chaos (2I5)
- EA often too narrowly defined (2I7)
- Role of certification/stds: (2IB)
- security - understated role in EA, too often an afterthought (2IC)
- importance of interoperability/standards - interoperability can enable innovation through links between activities. On the other hand, don't get locked in to here and now - need to discover "grains of sand" that don't belong but turn out to be very valuable "pearls". (2ID)
- Best practice example: security training - incorporated into everyone's daily login procedure @ State Dept. (2IE)
- Purpose of BPs - in security can serve to do end-run around a requirement ie risk assessments, including mitigation plan (2IF)
- supplement or replace a process (2IG)
Participants: (2D7)
- James Disbrow (DoE / Energy Information Admin.): Modeling energy flow from resource to emissions (2GH)
- John Evans, NASA Geospatial Interoperability Office and FGDC GIRM (2GI)
- Russ Ruggiero, OASIS: interoperability, e.g. J2EE (2GJ)
- Joseph Gueron, USAID: group resp. for EA (2GK)
- Dan Pitton, DoE Environmental Mgmt: computer security mgmt. (2GL)
- Melanie Cohen, HUD: IT Strategy and business architect -- e.g. Mortgage & Loan Insurance Pgm. (2GM)
- Greg Frey, chief architect, EOP: business model changes; interoperability for flexibility & risk mgmt. (2GN)
- Angela Duin, Booz-Allen Hamilton (2GO)
- Ronke Luke-Boone: DoE / Environmental Mgmt. (2GP)
Real-time discussion notes: (2EQ)
Gueron: should we agree on the intended output of an EA effort? Or at least the purpose of an EA? (2GQ)
Disbrow: related: my recent thinking about whole educational curriculum on energy -- in that case with visual, rather than semantic, links (2GR)
Pitton: how about "order out of chaos" as a goal? (2GS)
Luke-Boone: goal is getting everyone heading in a common direction -- everyone should be able to answer the question "what are the strategic goals?" (2GT)
Gueron: OMB wants to optimize IT investments across federal agencies (2GU)
Disbrow: get an overview and control of assets and liabilities (2GV)
Gueron: I take exception to that view; IT is too critical to rely on the as-is. Instead, get the strategic view of capabilities and gaps. (2GW)
Evans: tension between cost-savers / streamliners and strategic planners (2GX)
Frey: efficiency gains don't really save much compared to radically new kinds of business (2GY)
Disbrow: e.g. Veteran's Administration case history: no-one thought to use the IT infrastructure to provide a hotline for veterans to correct data records. (2GZ)
Frey: a major question is, "what is the nterprise for our EA"? (2H0)
Ruggiero: EA is only a concept @ this point; its goal is to improve quality of service (2H1)
Disbrow: but gov't funding / budgeting is far from straightforward -- e.g. earmarks -- so you can't just follow funding to determine the priorities & architecture (2H2)
Gueron: does EA have anything to say about business process in general - - not just automated or IT (2H3)
Cohen: Yes. One of the difficulties with EA is that it's currently seen as a CIO topic. Collaborative relationships with business architects are key. (2H4)
Luke-Boone: Yes; an example: In my agency, the IT were asked to state human capital goals! Another example: mission personnel ("hardhat people") are expected to track their compliance to PMA goals like competitive-sourcing! (2H5)
Gueron: Do we perhaps need an interest group focused on goals other than serving Joe Q Public? This model has been useful; but it's not the only one. (2H6)
Luke-Boone: Indeed, there are other sides to what the government does, like security. Things like performance metrics are often completely irrelevant (e.g., to Chief Counsel lawyers). (2H7)
Pitton: Security mgmt. is an essential consideration for Enterprise Architecture (2H8)
Gueron: complete risk avoidance vs. risk mgmt.; indeed, EA should take security into account; BUT the security folks need more of a risk avoidance mindset. (2H9)
Gueron: take "sensitive but unclassified" -- could an EA group provide a precise definition of that? (2HA)
Pitton: EA should take security Certification & Accreditation more fully into account. (2HB)
Gueron: here's a concept: a "security gradient," an essential part of any metadata; should be carried in the Enterprise data model. (2HC)
Pitton: take the VA case we heard about earlier: my question: who's taking the risk -- who's the Designated Approving Authority (DAA) who takes responsibility for certification / accreditation? DAA and CIO are sometimes, but not always the same person. Enterprise architects often forget that. (2HD)
Gueron: at State Dept., daily login procedure requires answering a security question -- force-fed security training! (2HE)
Disbrow: 1995: DoE put out an EA that was used in a graduate textbook; but later on this was trashed and neever used (2HF)
What is EA anyway? (2ED)
Pitton: EA is an attempt to extrude order out of chaos. When you fail, you get Los Alamos! (2HG)
Gueron: EA is a management tool to rationalize / optimize IT investments. (2HH)
Cohen: EA structures the whole of the organization (2HI)
Disbrow: EA is a holistic representation of the whole, layered by core business functions. (2HJ)
Luke-Boone: blueprint of where you are, where you'd like to be, and how to get there. (2FV)
Frey: a process for planning and managing IT investments. (2HK)
Ruggiero: a proposed concept to improve the efficiency and quality of government services (2HL)
Evans: a standards-based, consensus-based structure whose goal is effectiveness, efficiency, flexibility, and risk mitigation for the long term. (2HM)
Gueron: I take exception to including interoperability. Only if it serves my agency's need! That topic belongs at a more technical level. (2HN)
Disbrow: But bringing together the organization's multiple stovepipes is an important EA goal! (2HO)
Gueron: Gracefully incorporating new technology is an important goal too; whereas standards would seem to preclude innovation. (2HP)