OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

smartgrid-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [smartgrid-discuss] Draft charter for proposed OASIS EnergyInteroperation Technical Committee


Toby,

 

I agree.  I should have said semantics and profiles. 

 

John

 


From: tobyconsidine@gmail.com [mailto:tobyconsidine@gmail.com] On Behalf Of Toby Considine
Sent: Monday, February 16, 2009 7:32 PM
To: Marty Burns
Cc: smartgrid-discuss@lists.oasis-open.org
Subject: Re: [smartgrid-discuss] Draft charter for proposed OASIS Energy Interoperation Technical Committee

 

Marty nailed it.

Perhaps a sub-committee could be focused on defining the profiles assembling existing security standards would be in line. Such a sub-committee could recomend a profile for market operations (borrow one of the trading house profiles), a profile for secure operations (the space SCADA Security is in now) and another for retail operations

tc

On Mon, Feb 16, 2009 at 6:58 PM, Marty Burns <burnsmarty@aol.com> wrote:

All,

I agree that security is absolutely important and essential. However, it is also important that OpenADR and similar efforts do not develop any security components. Instead uniform security methodologies should be seamlessly adopted in supporting the underlying messaging. I would try to focus this TC on a narrow scope so that it does one thing extremely well.

Cheers,
Marty



Arshad Noor wrote:

OASIS TC's are made up, unfortunately, of either business-focused
TC's or security-focused TC's.  As a result, the business TC's do
a great job of capturing business-requirements, but rarely address
security issues (despite the evidence of increasing attacks against
applications on the internet), while security TC's tend to focus
on hard-core security without addressing the business drivers to
ensure their focus and adoption.

Two TC's that have departed from this norm are the OASIS Enterprise
Key Management Infrastructure (EKMI) TC and the OASIS LegalXML
eNotarization (eNotary) TC.

The EKMI TC has not only developed a hard-core cryptographic
key-management protocol - the Symmetric Key Services Markup
Languague (SKSML), but also focuses on creating Implementation,
Operations and Audit Guidelines to ensure that implementations of
EKMI are in compliance with legal/contractual regulations for data-security.  This was stated as an objective within the TC's
charter at its inception two years ago.  As a result, besides
security people, the TC includes IT Auditors, application
developers and IT consultants all of whom are focused on meeting
security *and* business objectives.

The LegalXML eNotarization TC has just created a protocol called
the eNotarization Markup Language (ENML) designed to electronically
notarize electronic documents.  While ENML was designed to serve the
real-estate industry primarily, it is generic enough that it can be
used to re-engineer any business process that relies on notarized
paper documents.  This not only saves money, but speeds up the
business transaction and improves the integrity of data-capture in
applications.  ENML specifically addresses security as a core
component in the protocol because of the impact electronically
notarized documents can have in the multi-trillion dollar real-
estate industry.

There is even a document titled "Security implications of ENML"
within the TC's repository to inform legal and business people on
what they need to know about securing and trusting eNotarized
documents.

My suggestion is have the new Energy Interop TC specifically
include security features (identifying individually desired
features) as part of its deliverables to ensure the TC meets its
charter objectives.

Arshad Noor
StrongAuth, Inc.

Edward Koch wrote:

Neil,

You are absolutely correct.  I know that you are very involved in the AMI-SEC effort and my hope is that much of the requirements from that will be input to the OpenADR task group within UCAIug and therefore become part of the OASIS/UCAIug collaboration.  Darren Highfill has been very involved with setting up the OpenADR task group within UCAIug so I'm fairly confident that this topic will not be ignored.

I've never been involved with an OASIS TC, but it is safe to say that OASIS does have a lot of experience with cyber security.  I'm just not sure how they address this cross cutting issue within their other TC's.  Can someone that has more direct experience with OASIS comment on this topic?

-ed koch

------------------------------------------------------------------------

*From:* ngreenfield@aep.com [mailto:ngreenfield@aep.com]
*Sent:* Monday, February 16, 2009 2:03 PM
*To:* William Cox
*Cc:* Mary Ann Piette; smartgrid-discuss@lists.oasis-open.org
*Subject:* Re: [smartgrid-discuss] Draft charter for proposed OASIS Energy Interoperation Technical Committee

Well, I'm not a member, but for someone who's well immersed in my own organization's Smart Grid initiative, I would say that one critical component missing in this draft proposal is a discussion around cyber security.

There are a number of interrelated factors that need to be considered relative to cyber security and the Smart Grid, including the basic attributes (primary security services) of */Confidentiality/*, */Integrity/*, */Availability/*, */Accounting/Auditing/*, */Identification/*, */Authentication/*, */Authorization /*and */Non-repudiation/*.  Privacy is another attribute, but it relies upon the others and is mainly a consideration of laws and regulations and how it relates to the individual. There are a lot of factors involved with the implementation of the Smart Grid and it relies heavily on cyber security.

Best regards,

Neil Greenfield


---------------------------------------------------------------------
To unsubscribe, e-mail: smartgrid-discuss-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: smartgrid-discuss-help@lists.oasis-open.org


---------------------------------------------------------------------
To unsubscribe, e-mail: smartgrid-discuss-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: smartgrid-discuss-help@lists.oasis-open.org




--
________________________________________
"When one door closes, another opens; but we often look so long and so regretfully upon the closed door that we do not see the one which has opened for us." -- Alexander Graham Bell
________________________________________
Toby Considine
Chair, OASIS oBIX TC http://www.oasis-open.org
Co-Chair, OASIS Technical Advisory Board
Toby.Considine@gmail.com
TC9, Inc
Phone: (919)619-2104
blog: www.NewDaedalus.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]