Collaborative Expedition Workshop #58, Tuesday, February 27, 2007 at NSF    (3EBQ)

Title: Exploring the Potentials and Realities of the Identity Management Landscape for Convergence and Service Oriented Architecture    (3EBR)

Workshop Purpose    (3EBZ)

To explore the potentials and realities of the Identity Management landscape for convergence and advancement of SOA maturity.    (3EC0)

Participants will explore relationships among identity management approaches as the research and development landscape responds to net-centricity and broad-based, cross-enterprise architecture demands. What are the opportunities for leveraging greater transparency and openness in collaborative planning in order to achieve mission agility and greater value from existing and future information assets?    (3EC1)

What are the national scenarios, i.e. National Strategy for Pandemic Influenza, where distributed identity management will be fundamental to national readiness and coordinated action by institutions?    (3GJC)

By drawing on strategic leadership and "best practices" underway, participants will learn how to conduct transparent, open dialogue and open architecture development processes in their own settings. The recent DoD report on Open Technology Development (OTD) has put the spotlight on the need for more agile information technology that transcends the high cost of insularity.    (3FOJ)

CEW#58 - Tue 27-Feb-2007 - AGENDA    (3EC3)

8:20 am - Check-in and Coffee    (3EC4)

8:30 am - Welcome and Background    (3EC5)

8:40 am - Introductions: What are your interests in light of the workshop purpose?    (3EC7)

In light of the overall workshop purpose and participant purposes, presenters will share their reflections and experiences.    (3FOB)

9:00 am - Reflections on Subject Identification in a Changing Landscape with many "universes of discourse", SteveNewcomb    (3GOJ)

Every community, and every community of practice, has peculiar ways of talking about the things that are of interest to them. Over time, these "universes of discourse" necessarily evolve and diversify.    (3FOF)

Information technology providers and their customers typically ignore these facts when systems are designed and purchased. Customers generally can't imagine systems that support constantly-changing universes of discourse, or multiple universes of discourse. Vendors don't offer such systems because customers don't demand them, and vendors have significant disincentive to offer such innovations.    (3FOG)

9:45 am - Federated Identity Management in the Law Enforcement community, US DOJ Pilot project, BorisShur, DoJ    (3G20)

10:15 am - A Rough Sketch of the Citizen Privacy Service, RichardMurphy, GSA    (3EC9)

11:00 am - Reflections from Advancing Liberty Web Services, Security Assertion Mark-up Language (SAML) and Access Control Markup Language (XACML), EveMaler and AnneAnderson, Sun Microsystems Inc.    (3ECB)

12 noon-1 pm - Networking Lunch (on your own)    (3ECI)

1:00 pm - Reflections from Advancing XRI, XDI, I-Name & OpenID - DrummondReed (Cordance), LesChasen (Neustar), AndyDale (ooTao), OwenDavis (Linksafe), DavidRecordon (Verisign) and PeterYim (CIM3) - slides ... more information    (3ECJ)

2:00 pm - Reflections from Advancing Topic Maps: Maintaining Concept Integrity as Names Change, MichelBiezunski, Infoloom    (3ECK)

3:00 pm - BREAK    (3ECL)

3:15 pm - Break-out Session: What's Needed to Create a Conducive Environment for Broad-Based, Multi-Architecture Solutions that will Accommodate SOA Maturation?    (3ECC)

4:00 pm - Fish-Bowl Session, moderated by JoiGrieg, IBM    (3ECN)

4:30 pm - Wrap-Up and Discussion of Next Steps    (3ECO)

4:30 - 5 pm - ADJOURN AND NETWORKING    (3ECP)

DiscussionForum Invitation to join the Open Discussion Forum    (3ECQ)

Communities of Practice and Communities of Interest (CoI) will benefit from knowledge-sharing around resources relevant to the workshop and initial questions for workshop discussions:    (3ECR)

1. The Identity Management Landscape    (3EFZ)

The Citizen Privacy Service (CPS) is an asynchronous component that plugs into an Enterprise Service Bus (ESB) to provide highly scaleable policy decision and policy enforcement points based on the US Privacy Act of 1974. Artificial intelligence capabilities include description logic satisfability and OWL entailment using the Pellet description logic reasoner. CPS also uses Stanford Knowledgelab's JTP to generate first order logic proofs derived from goals asserted against a distributed knowledgebase.    (3EPK)

CPS advances the current state of ESB development and provides non-repudiation during audits. CPS is useful to monitor improper disclosure of personally identifiable information during data mining and provides the highest level of information assurance that the government is protecting citizen privacy.    (3EPL)

 Technical Architecture     (3EPM)
 Formal Background     (3EPN)
 Sourceforge Project Page     (3EPO)
 CVS download    (3EPP)
 TAMI/Portia Workshop    (3EPR)

Privacy Legislation in the 110th Congress    (3FRM)

 http://osera.gov/
 http://rickmurphy.org    (3GPS)

2.0. Appreciation of Agility Potentials of Identity Management through Open Technology Development / Expanding the Possibilities Through Transparent Structure / Setting the Tone for Open Inquiry and Experimentation    (3ECS)

  1. link to GCN article on Office of Federal Procurement Policy to Implement GAO Acquisition Framework, December 6, 2006    (3ECT)
  2. Framework for Assessing the Acquisition Function at Federal Agencies, GAO, September 2005, GAO-05-218G    (3ECU)
  3. Open Technology Development Roadmap, DoD, April, 2006    (3ECV)
  4. DNI Information Sharing Environment Implementation Plan, November, 2006    (3ECW)
  5. Integrating Business and Engineering Strategy Through Modular Open Systems Approach, Cyruz Azani and Col. Kenneth Flowers, Defense AT&L, January-February, 2005    (3ECX)
  6. Designing Cyberinfrastructure for Collaboration and Innovation: Emerging Frameworks for Enabling and Controlling Knowledge, National Academies, January 29-30, 2007    (3ECY)
  7. National Information Exchange Model - http://www.niem.gov    (3ECZ)
  8. Federal Funding Accountability and Transparency Act of 2006    (3ED0)
  9. Coase's Penguin or Linux and the Nature of the Firm, by Yochai Benkler    (3ED1)
  10. Rewiring The Spy, Dec. 3, 2006, New York Times Magazine    (3ED2)

2. Questions about Agility Potentials through Transparent Structure    (3ED3)

  1. What is the emerging role of Open Technology Development (OTD) in defense agencies? in civilian agencies? How can OTD advance shared understanding of emerging potentials that currently escape notice due to fragmented and stove-piped approaches?    (3ED4)
  2. How is this approach responsive to the National Competitiveness Act?    (3ED5)
  3. Where is this new approach flourishing? Where is it not working? What needs to be created? What do we need to know?    (3ED6)
  4. Is there a productive relationship TODAY among the Data Reference Model, Service-Oriented Architecture, and Open Technology Development?    (3ED7)
  5. Is this complex, high-performance relationship reflected in the DNI Information Sharing Environment Implementation Plan, November, 2006?    (3ED8)
  6. How can we achieve a structured, repeatable process to draw out the value of data responsive to Information-Sharing Environment requirements?    (3ED9)
  7. What level of understanding is needed to forge "strength through difference" relationships among potential partners with shared common missions characterized by the need for agility in sharing information assets and aligning information-sharing architectures?    (3EDA)
  8. How are we advancing credible commitments around emerging practices characterized by transparency and openness that are needed to improve the business performance of individual institutions and joint mission-related actions?    (3EDB)
  9. What are the governance mechanisms around open commodity software within and across institutions? in global settings?    (3EDC)
  10. What are the mappings and priority cross-walks needed to leverage existing Reference Models, in particular the Data Reference Model along with the three profiles: Geo-spatial, Security and Privacy, and Records Management?    (3EDD)

3.1. Transcending Insularity: Toward Transparency in Acquisition Approaches with Open Technology Deployment and Organizational Learning Networks    (3EDE)

  1. OMB Guidance on Software Acquisition    (3EDF)
  2. Naval Enterprise Open Architecture: What Program Managers Need to Know    (3EDG)
  3. Acquisition Community Connection: Naval Open Architecture    (3EDH)
  4. DoD - Defense Procurement and Acquisition Policy    (3EDI)
  5. Balancing Practice-Centered Research and Design, David Woods and Klaus Christoffersen (See page 10 - The Engine of Innovation: Interlocking the Cycles of Research and Development)    (3EDJ)
  6. Model-Driven Architecture    (3EDK)
  7. Data Reference Model    (3EDL)
  8. Security and Privacy Profile 3.0    (3EDM)
  9. Geospatial Profile 1.1    (3EDN)
  10. Service-Oriented Architecture    (3EDO)
  11. Second Service-Oriented Architecture for E-Government Conference, Oct. 30-31, 2006    (3EDP)
  12. Practical Guide to SOA Implementation    (3EDQ)

3.2. Questions About Transcending Insularity    (3EDR)

  1. What is the balanced interplay of standards and commercial open source software that could contribute to the level of transparency needed for distributed innovation and sound acquisition?    (3EDS)
  2. How can we return to the best principles of engineering practice, together with the best emerging principles of distributed innovation, in recognition that our hardware acquisition models fail to deliver the value and agility needed for net-centric information-sharing environments (i.e. buying digital)?    (3EDT)
  3. Who is present and who is missing from the multi-stakeholder dialogue around acquisition marketplace transparency and mechanisms needed to advance quality "federated" innovations anticipated by open architecture policies?    (3EDU)
  4. What are the sources for the new performance metrics needed to incentivize the right OTD balance of autonomy and federation for collective strength and agility?    (3EDV)

4.1. Amplifying Transformative Capacity through Communities of Practice    (3EDW)

  1. Defense Intelligence Agency Case Study: Applying Network Analysis to Create a Vital Community of Practice, February, 2006    (3EDX)
  2. Guide to Implementing the Goals of DoD Directive 8320.2, “Data Sharing in a Net-Centric Department of Defense” through Communities of Interest.    (3EDY)
  3. Acquisition Community Connection: Open Architecture    (3EDZ)
  4. Acquisition Community Connection: Acquisition Research Community of Practice    (3EE0)
  5. Acquisition Community Connection: Performance-Based Acquisitions    (3EE1)
  6. Acquisition Community Connection: Software Acquisition Management    (3EE2)
  7. ACQUISITION CENTRAL - website for federal acquisition community and the government's business partners    (3EE3)
  8. Bridging Distance in Collaborations: Lessons Learned from a Broad Look at Collaborations in Science and Engineering and the Corporate World, Judith Olson    (3EE4)

4.2 Questions about Transformative Capacities of Communities of Practices    (3EE5)

  1. What are the current and growing contributions from the use of organizational network analysis (i.e. Defense Intelligence Agency Case Study: Applying Network Analysis to Create a Vital Community of Practice, February, 2006) to joint mission agility?    (3EE6)
  2. What is the role of practice-centered design (transparent collaboration) in balancing the cycles of activity toward an "engine" of innovation? (See Balancing Practice-Centered Research and Design, David Woods and Klaus Christoffersen - page 10 - The Engine of Innovation: Interlocking the Cycles of Research and Development)    (3EE7)
  3. How can OTD principles and practices support better discernment, comparison and evolution of distributed, net-centric software modules in joint capability demonstrations?    (3EE8)
  4. What can be learned from new net-centric organizing principles in settings across multiple continuums (degree of formality, degree of familiarity, size, etc,)? What are the new potentials and realities for open standards? What settings reflect the greatest maturation and balance in implementing open network principles? What are the governance principles?    (3EE9)
  5. What is the role of collaboration in advancing shared meaning and semantic agreement?    (3EEA)
  6. What can we learn about agility and high-performance from 21st century, emergent communities serving "frontline" global health and safety purposes across boundaries? (i.e. tsunami wiki and flu wiki)    (3EEB)
  7. How can we accelerate multi-sector partnerships around net-centric capabilities needed for government to work in the likely scenarios of the 21st century?    (3EEC)

5.1. Transcending the Long-Term Costs of Insularity through Open Technology Development: Total Cost of Ownership (TCO) Revisited in Acquisition Management    (3EED)

  1. Valuing Information-Sharing Agility: Easier to develop and maintain collections of information assets that increase in strategic value over time and distance (because its easier to form targeted groupings of selected data from multiple, independent collections).    (3EEE)
  2. Valuing Information-Sharing Agility: Today organizations have a negative incentive to share because of the perception of unequal value of the trade. Each partner seemingly provides strategic information assets. Both partners’ appear to receive in return, external data whose immediate value is reduced to a heap or a stack (no longer a collection subset) because of the inability to render the data in a meaningful way without undue cost and effort.    (3EEF)
  3. Valuing Information-Sharing Agility: The goal is a greater percentage of agency information assets that are strategic and whose value increases over time and is readily amenable to dynamic and long-term sharing agreements. In this way, it continues to get easier to re-use and integrate your own data along with external data. Your environment becomes more resilient and less vulnerable to decreases in the "value" of your collection, due to unstable conventions of meaning and association that thwart multiple combinations of groupings.    (3EEG)
  4. Valuing Information-Sharing Agility: In the future, the collections of information assets most able to be partially combined and shared with other collections would increase in value much faster than stand-alone, insular collections. (Similar to becoming a better tennis player through matches with other strong players) Each sharing agreement would more likely result in a win-win for both parties.    (3EEH)
  5. Valuing Information-Sharing Agility: By emphasizing web –based standards to marking up data – mission needs may be realized in the future without costly rip and replacement strategies for legacy systems or expensive point to point solutions. Wrap and reuse offers greater value and lower costs.    (3EEI)
  6. Valuing Information-Sharing Agility: In this scenario, the permanency and survivability of societal records increases because records can reside on a number of platforms in a distributed architecture.    (3EEJ)
  7. Valuing Information-Sharing Agility: The right balance of data and information independence (affordable autonomy) transcends and re-focuses the difficultities associated with achieving and maintaining platform and applications interoperability across systems.    (3EEK)

5.2. Questions about Transcending the Costs of Insularity    (3EEL)

  1. How close are we to a reference architecture implementation for interoperable services that advance net-centricity within and across information-sharing partners? What level of understanding and foresight in contracting and acquisiton is needed to achieve the desired level of re-use and agility? What is the right level of scoping - not too large (vendor lock-in) and not too small (hard to manage)?    (3EEM)
  2. How important are validation and pre-validation challenges to communities committed to joint capability demonstrations around information-sharing?    (3EEN)
  3. Can a roadmap be compiled for civilian agencies, modeled after DoD that will advance the transparent acquisition markeplace needed for increased mission agility? How well might this approach contribute to federated autonomy and "virtualization" in a manner that both addresses and transcends the concept of the Federal Government as a single, logical "enterprise" as suggested by the EA principles recently issued by the FEAPMO?    (3EEO)

Background    (3EEP)

The President’s Management Agenda (PMA) requires all federal agencies to transform the roles and relationships among people, processes, and technology in order to become a citizen-centered government. The PMA emphasizes bringing value and productivity results to citizens, businesses, and public managers.    (3EEQ)

The Federal Enterprise Architecture (FEA) is emerging as an important collaborative organizing process to promote the delivery of effective, efficient services. FEA Reference Models serve as catalysts for foresight and discernment around improved mission and business performance, including data and information-sharing. The Data Reference Model, along with the GeoSpatial Profile v1.1 and the Security and Privacy Profile 3.0 will provide a concrete means for improving the capacity for mission-related sharing, across government boundaries, while also increasing the downstream value of strategic information assets.    (3EER)

An emerging source of strength and stability in tranformational initiatives is the formation of Communities of Interest (CoI)and/ or CommunitiesofPractice. CoIs and CoPs seek to improve the common understanding needed to compose sound action in "deft formation" that yields congruence from multiple perspectives and an appreciation of the unfolding wholeness of situations. In this manner, CoIs and CoPs harmonize and amplify the creative influence of strategic leaders within institutions.    (3EES)

CoIs and CoPs are a manifestation of the unity of purpose that transcends institutions and sectors, creating the conducive environment needed for the transformation of roles and relationships among people, processes, and technology to proceed. Appreciation of this "unfolding wholeness" (from Christopher Alexender, The Nature of Order) is a necessary condition for the evolution of agile governance, discernment, and coordinated action in the "in-between space". Effective governance conditions "institutional boundaries" to respect "wholeness in relation to its parts" at every level, in order to accommodate the high-performance potential of net-centric approaches, i.e. Service-Oriented Architecture.    (3EET)

As Internet-based approaches create the potential for mission results at higher performance levels, constructive, "line of sight" communications by agency executives and practitioners within and across agency boundaries are necessary. Without an environment that supports governmentwide strategic dialogue and planning, the barriers associated with complexity and multiple perspectives cannot be transcended and expectations of citizens for national security, effective governance and services cannot be met. There are a growing number of Federal Enterprise Architecture policies (i.e. Data Reference Model) and practices (i.e. Communities of Practice, National Information Exchange Model, Information-Sharing Environment, and Open Technology Development) that are beginning to serve as the "common language" for vital communications and strategic planning. These credible, governmentwide policies and practices serve to "ground" and counter the daunting complexities of scale and specialization that impede strategic dialogue among the right parties.    (3EEU)

/AdditionalContextualBackground - from the Network of Communities of Practice    (3EEV)