Re: [smartgrid-discuss] Draft charter for proposed OASIS Energy Interoperation Technical Committee

["Benjamin A. Rolfe" <ben@blindcreek.com>]

To re-iterate the obvious...
There are also a number of non-standard (vendor specific) methods which are 
widely deployed by now which address the same layers and application spaces 
being discussed here, likewise several vendors have addressed the same 
problems being discussed. The proliferation of non-standard (and thus 
non-interoperable) solutions is exactly the situation we are trying to 
change.  There seems to be a great deal of practical experience to draw 
upon. I have to adamantly agree that creating new redundant standards isn't 
much help and should be avoided. It seems looking at what vendors who have 
succeeded in penetrating the utility biz have done and how that differs from 
what is already in standards should be a very helpful step in showing where 
existing standards need to be enhanced.

Just my $0.02 worth.

-Ben

----- Original Message ----- 
From: "John Gillerman" <johng@sisconet.com>
To: "'Marty Burns'" <burnsmarty@aol.com>; 
<smartgrid-discuss@lists.oasis-open.org>
Sent: Monday, February 16, 2009 4:47 PM
Subject: RE: [smartgrid-discuss] Draft charter for proposed OASIS Energy 
Interoperation Technical Committee


> Marty,
>
> I could not agree with you more.  Specifically, believe I our time is best
> spent on the semantics of the payloads exchanged - i.e. the new standard
> (content specific) transactions required.  There are a large number of
> technical (content neutral) standards that utilities and intermediate
> systems already employ.  Unless we identify unique requirements that are 
> not
> fulfilled by existing technical (content neutral) standards, we need to
> carefully consider if we need to create more.
>
> John
>
> -----Original Message-----
> From: Marty Burns [mailto:burnsmarty@aol.com]
> Sent: Monday, February 16, 2009 6:58 PM
> To: smartgrid-discuss@lists.oasis-open.org
> Subject: Re: [smartgrid-discuss] Draft charter for proposed OASIS Energy
> Interoperation Technical Committee
>
> All,
>
> I agree that security is absolutely important and essential. However, it
> is also important that OpenADR and similar efforts do not develop any
> security components. Instead uniform security methodologies should be
> seamlessly adopted in supporting the underlying messaging. I would try
> to focus this TC on a narrow scope so that it does one thing extremely 
> well.
>
> Cheers,
> Marty
>
> Arshad Noor wrote:
>> OASIS TC's are made up, unfortunately, of either business-focused
>> TC's or security-focused TC's.  As a result, the business TC's do
>> a great job of capturing business-requirements, but rarely address
>> security issues (despite the evidence of increasing attacks against
>> applications on the internet), while security TC's tend to focus
>> on hard-core security without addressing the business drivers to
>> ensure their focus and adoption.
>>
>> Two TC's that have departed from this norm are the OASIS Enterprise
>> Key Management Infrastructure (EKMI) TC and the OASIS LegalXML
>> eNotarization (eNotary) TC.
>>
>> The EKMI TC has not only developed a hard-core cryptographic
>> key-management protocol - the Symmetric Key Services Markup
>> Languague (SKSML), but also focuses on creating Implementation,
>> Operations and Audit Guidelines to ensure that implementations of
>> EKMI are in compliance with legal/contractual regulations for
>> data-security.  This was stated as an objective within the TC's
>> charter at its inception two years ago.  As a result, besides
>> security people, the TC includes IT Auditors, application
>> developers and IT consultants all of whom are focused on meeting
>> security *and* business objectives.
>>
>> The LegalXML eNotarization TC has just created a protocol called
>> the eNotarization Markup Language (ENML) designed to electronically
>> notarize electronic documents.  While ENML was designed to serve the
>> real-estate industry primarily, it is generic enough that it can be
>> used to re-engineer any business process that relies on notarized
>> paper documents.  This not only saves money, but speeds up the
>> business transaction and improves the integrity of data-capture in
>> applications.  ENML specifically addresses security as a core
>> component in the protocol because of the impact electronically
>> notarized documents can have in the multi-trillion dollar real-
>> estate industry.
>>
>> There is even a document titled "Security implications of ENML"
>> within the TC's repository to inform legal and business people on
>> what they need to know about securing and trusting eNotarized
>> documents.
>>
>> My suggestion is have the new Energy Interop TC specifically
>> include security features (identifying individually desired
>> features) as part of its deliverables to ensure the TC meets its
>> charter objectives.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> Edward Koch wrote:
>>> Neil,
>>>
>>> You are absolutely correct.  I know that you are very involved in the
>>> AMI-SEC effort and my hope is that much of the requirements from that
>>> will be input to the OpenADR task group within UCAIug and therefore
>>> become part of the OASIS/UCAIug collaboration.  Darren Highfill has
>>> been very involved with setting up the OpenADR task group within
>>> UCAIug so I'm fairly confident that this topic will not be ignored.
>>>
>>> I've never been involved with an OASIS TC, but it is safe to say that
>>> OASIS does have a lot of experience with cyber security.  I'm just
>>> not sure how they address this cross cutting issue within their other
>>> TC's.  Can someone that has more direct experience with OASIS comment
>>> on this topic?
>>>
>>> -ed koch
>>>
>>> ------------------------------------------------------------------------
>>>
>>> *From:* ngreenfield@aep.com [mailto:ngreenfield@aep.com]
>>> *Sent:* Monday, February 16, 2009 2:03 PM
>>> *To:* William Cox
>>> *Cc:* Mary Ann Piette; smartgrid-discuss@lists.oasis-open.org
>>> *Subject:* Re: [smartgrid-discuss] Draft charter for proposed OASIS
>>> Energy Interoperation Technical Committee
>>>
>>> Well, I'm not a member, but for someone who's well immersed in my own
>>> organization's Smart Grid initiative, I would say that one critical
>>> component missing in this draft proposal is a discussion around cyber
>>> security.
>>>
>>> There are a number of interrelated factors that need to be considered
>>> relative to cyber security and the Smart Grid, including the basic
>>> attributes (primary security services) of */Confidentiality/*,
>>> */Integrity/*, */Availability/*, */Accounting/Auditing/*,
>>> */Identification/*, */Authentication/*, */Authorization /*and
>>> */Non-repudiation/*.  Privacy is another attribute, but it relies
>>> upon the others and is mainly a consideration of laws and regulations
>>> and how it relates to the individual.
>>> There are a lot of factors involved with the implementation of the
>>> Smart Grid and it relies heavily on cyber security.
>>>
>>> Best regards,
>>>
>>> Neil Greenfield
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> smartgrid-discuss-unsubscribe@lists.oasis-open.org
>> For additional commands, e-mail:
>> smartgrid-discuss-help@lists.oasis-open.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: smartgrid-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: 
> smartgrid-discuss-help@lists.oasis-open.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: smartgrid-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: 
> smartgrid-discuss-help@lists.oasis-open.org
>
>