Collaboration Oriented Architecture
COA Position Paper
Board of Management, Jericho Forum®
CISO & Snr Enterprise Information Architect,
Questions at the end, please!
Apart from points of clarification.
• Technically an Open Group Forum
• Founded by CISO‟s of multinational companies in January
2004 to respond to…
• Today: 42 Member Companies and growing
Act as a catalyst to accelerate the achievement of the collective vision, by:
• Defining the problem space
• Communicating the collective vision
• Challenging constraints and creating an environment for innovation
• Demonstrating the market
• Influencing future products, services, and standards
Desired Future State
and Gov‟t Position Papers
Forum Use Cases
Standards and Solutions
• The journey so far…
• Defined the issue, and created noise around …
– We don‟t apologise for the controversy!
• Created the Commandments, there are 11!
• Created a generic Roadmap
• Trademarked: Jericho Forum
• Created Inherently Secure Communications Paper
• Published the COA Position Paper
Why the COA Position Paper?
• We had defined the Problem…
• We had developed a set of “Principles” in
• We had created a roadmap
(Though not rich with content)
• We realised we needed to provide more
details around the Solution….
COA: The Papers Framework
• Why Should I Care?
• Components of COA
• Recommended Solution/Response
• The Way Forward
Aim: To provide a guiding framework that
enables Secure Information Sharing in a
Aligned to the Jericho Forum
Commandments 4-8 pertaining to
Surviving in a Hostile World
Need for Trust
Identity Management and Federation
Traditional approaches to architecting
security solutions are aimed at securing
organizational borders, and the network,
reinforcing a „perimeterised‟ perspective.
This is contrary to the future business
needs of most organisations.
A Lilly segway
• We are changing from a FIPCo to a FIPNet.
– Fully Integrated Pharmaceutical Company
– Fully Integrated Pharmaceutical Network
• Collaboration will be a core capability.
Why Should I care?
• De-perimeterisation is happening NOW!
• COA is the framework that will allow
appropriately architected business-driven
solutions to be developed and delivered.
• Adopting COA allows the added value of
de-perimeterisation while mitigating the
additional risks to your organizations.
Components of COA
- Known parties
- End Point Security/Assurance
- Secure Communications
- Secure Protocols
- Content Monitoring
- Legal, Regulatory, Contractual
Processes - Content Protection
Services Enterprise Solution Attributes
- Federated Identity Usability/Manageability
- Policy Management Availability
- Data/Information Management Efficiency/Performance
- Classification Effectiveness
- Audit Agility
An Architects‟ View
• A section that describes how existing
standards, protocols and frameworks
should be used and supplemented with
additional standards, tools, and services to
• Implementing COA builds upon existing
standards and practises to enable
effective and secure collaboration
• COA provides a high level pattern to allow
legacy applications to be re-architected to
be collaboration oriented.
• It takes a different mindset, and new
services, both in the cloud and around the
The way forward
• The COA position paper sketches the skeleton
• We need to collectively refine / develop the
standards, tools and services in more detailed
• Many of which can, and should be taken up by
the Security Forum and ultimately service
• Example :
Inherently Secure Communications Standard
Trust / Classification Framework….