RE: RAINS - and CAP

["Carl Reed" <creed@opengis.org>]

This just from the wire today. Interesting group. Although, I am not sure that what they do is develop "Standards" or "Open Specifications" - at from the traditional concensus standards approaches of groups like OASIS, w3C, and the OGC. It is more like they are defining an architecture based on certain best practices and recommended security standards.

 

Anyway, notice the CAP reference.

 

Cheers

 

Carl

 

 

RAINS Announces Open Specification for Sensitive Information Sharing Across State, Local and National Homeland Security Systems

More Than 30 Public and Private Sector Leaders Join Forces to Support Interoperable, Non-Proprietary Approach to Information Sharing

PORTLAND, Ore., March 29, 2004—A national coalition of leading information technology companies, non-government organizations and local, state and federal government entities today unveiled the RAINS Open Specification for Sensitive Information Sharing.  Based on RAINS’ proven Connect & Protect™ program and targeted at new Homeland Security needs, the RAINS specification provides an open alternative to the proprietary single-vendor approach by promoting interoperability and improved security within a flexible framework, open to many vendors.  At the same time, the RAINS Open Specification helps standardize information-sharing processes, procedures and systems as used at the local, state and federal level, across the nation. 

RAINS (Regional Alliances for Infrastructure and Network Security) is a not-for-profit public/private partnership committed to accelerating the development and deployment of innovative technology for homeland security.  RAINS led development of the specification in cooperation with leading organizations from the public and private sectors, including technology providers such as Intel, HP, ESRI, Inc., PeopleSoft, FORTiX, Swan Island Networks, Tripwire and Digimarc; and public sector organizations ranging from the State of Oregon to the Medical College of Georgia.

U.S. Senator Ron Wyden (D-Ore) says, “When I began working with RAINS, I was able to count the number of members on one hand; now their organization has grown into a multi-state, public-private force.  This is a tenacious, worthwhile group, and I’m proud to be their partner in bringing new technologies to the marketplace.”

The broad support the RAINS Sensitive Information Sharing Open Specification has received is due, in part, to its vendor-neutral approach. RAINS Chairman Charles Jennings said, “This specification provides an open, scalable and very affordable way to accelerate data interoperability, both at the local level and up through the various hierarchies of government and critical infrastructure. Using a transparent process managed by our non-profit public/private organization, we believe this specification will help both government and private entities share sensitive information, without sacrificing the power of free market competition.”

Open Spec Based on Proven Program
The underlying principles of the Open Specification for Sensitive Information Sharing are based on RAINS’ experience in building information sharing networks.  Using its RAINS-Net integration of interoperable Web Services technologies from RAINS’ member companies, RAINS has addressed and incorporated specific user requirements, and aggregated them into the guidelines that make up the initial Open Specification.

As an integrated, highly secure set of technologies for connecting culturally diverse, geographically dispersed organizations, RAINS-Net provides a foundation for information sharing that can adapt and scale as requirements change. Originally developed and deployed in the Pacific Northwest in 2003, RAINS-Net technology is now being adopted in other regions throughout the country. 

"In the aftermath of 9/11 the nation has been called up to take immediate steps to better identify and address the urgent needs of homeland security and emergency response.  RAINS is a pioneer in developing and delivering a new information sharing solution, and RAINS-Net meets national homeland security requirements at the regional and local level,” said Jeffrey P. Gerald of the Department of Defense’s Homeland Security Command and Control Advanced Concept Technology Demonstration (HLS C2 ACTD), which has been testing and deploying RAINS-Net technology.

Ensuring Interoperability
The Open Specification for Sensitive Information takes a rules-based — rather than architecture-based — approach to streamlining sensitive information sharing among trusted members of a local or regional network. This gives organizations the freedom to select the tools and platforms most suited to their needs, while still ensuring security and interoperability.

The specification also calls for information-sharing systems to be locally controlled. Organizations are not locked in to proprietary products or architectures, and can tailor the system to meet unique local needs and conditions. This “bottom-up, locally driven” approach ensures that each RAINS-compliant system functions optimally at the local level, but is also highly interoperable with all other regional and national systems.

“ESRI strongly supports the RAINS Open Specification and believes it provides a much-needed foundation for the growth of information sharing across organizations dedicated to homeland security and public safety. RAINS provides an excellent opportunity to demonstrate critical data sharing between public and private sector organizations supporting homeland security and homeland defense,” said ESRI president Jack Dangermond. 
The specification supports the exchange of numerous information types and functions, organized in the form of discrete Web Services.  These services include targeted alert notification, common operational picture, command-and-control functions, first response guidelines, libraries, secure e-mail, and automated field reporting — all within a common Web Services security framework.

"Intel supports the direction that RAINS is providing to bring together private sector and public agencies to define requirements and promote solution architectures for secure information exchange applications,” said Gary Haycox, Director, Strategic Initiatives, Solution Market Development Group, Intel Corporation.  "This will give users the opportunity to choose solutions from multiple vendors based on open standards and enhanced mobile capabilities as tools for collaboration, data interoperability and sensitive information sharing for local, state and homeland security."

However, while the specification promotes the use of specific Web Services and other standards, it avoids restrictive limits on precisely how these services and standards are to be engineered or deployed. This ensures maximum flexibility, efficiency and economies of scale, while still providing a framework for wide-scale data interoperability and encouraging an open, competitive marketplace.

Open Specification Guidelines
The initial Open Specification for Sensitive Information Sharing guidelines includes the following elements:

1.          Centralized directory:  RAINS will operate the UDDI Registry (Universal Description, Discovery and Integration) for all participating partners deploying Web Services (SOA).  UDDI is the building block that will enable RAINS participants to quickly, easily and dynamically find and transact with one another as parts of the RAINS-Net solution.  RAINS will be responsible for accrediting systems for operation.
2.          Existing systems:  The RAINS-Net system must be able to be deployed on existing servers and networks, co-existing with other solutions.
3.          Usability:  Notwithstanding the specialized training needs of system administrators and power users, resulting RAINS-compliant solutions must be capable of being installed and/or operated by an end user of the information sharing system without specialized training or vendor required installation.
4.          Web Services:  Where applicable Service Oriented Architecture (or, Web Services-based) systems should be employed.
5.          Standards:  Systems MUST adopt and build on existing standards—where existing standards are modified, those changes should not be considered proprietary, but part of a growing framework for security and interoperability.  Standards such as XML, Common Alert Protocol (CAP), WS-Security, WS-SecurityPolicy, WS-Trust, SAML, etc., must be used where applicable.
6.          Information usage rules:  Any information sharing between systems must carry a usage record that must be applied by subsystems and enforced where that information is displayed or used.
7.          Systems must be auditable: Any information sharing between systems must   provide mechanisms for extracting and reviewing audit trails.
8.          Survivability:  Systems as a whole must be designed to function as well as possible in emergency situations.

RAINS will continue to refine the Open Specification for Sensitive Information based on industry feedback, and welcomes involvement from other public and private organizations. For more information, please contact Richard MacKnight, RAINS-Net Director, at richard@rainsnet.org.