- Source: Jericho Forum
The Jericho Forum was an international group working to define and promote de-perimeterisation. It was initiated by David Lacey from the Royal Mail, and grew out of a loose affiliation of interested corporate CISOs (Chief Information Security Officers), discussing the topic from the summer of 2003, after an initial meeting hosted by Cisco, but was officially founded in January 2004. It declared success, and merged with The Open Group industry consortium's Security Forum in 2014.
The problem
It was created because the founding members claimed that no one else was appropriately discussing the problems surrounding de-perimeterisation. They felt the need to create a forum to define and solve consistently such issues. One of the earlier outputs of the group is a position paper entitled the Jericho Forum Commandments which are a set of principles that describe how best to survive in a de-perimeterised world.
Membership
The Jericho Forum consisted of "user members" and "vendor members". Originally, only user members were allowed to stand for election. In December 2008 this was relaxed, allowing either vendor or user members to be eligible for election. The day-to-day management was provided by the Open Group.
While the Jericho Forum had its foundations in the UK, nearly all the initial members worked for corporates and had global responsibilities, and involvement grew to Europe, North America and Asia Pacific.
Results
After the initial focus on defining the problem, de-perimeterisation, the Forum then moved onto focussing on defining the solution, which it delivered in the publication of the Collaboration Oriented Architecture (COA) paper and COA Framework paper.
The next focus of the Jericho Forum was "Securely Collaborating in Clouds", which involves applying the COA concepts to the emerging Cloud Computing paradigm. The basic premise is that a collaborative approach is essential to gain most value from "the cloud". Much of this work was transferred to the Cloud Security Alliance for use in its "guidance" document.
The final (major) piece of the Jericho Forum's work (from 2009) was around Identity, culminating in 2011 with the publication of their Identity, Entitlement & Access Management Commandments.
In its final months the Jericho Forum contributed thinking to the debate around "Smart Data" and this was handed over to the Security forum within The Open Group to continue, while the work on Identity has been continued by the Global Identity Foundation.
Success and closure
The Jericho Forum declared success and sunsetted at the London conference of the OpenGroup on 29 October 2013 (video).
The Jericho Forum work on identity has been carried on by the Global Identity Foundation, a not-for-profit organisation working to define the components of a global digital identity ecosystem, with the Identity "commandments" directly translating into the principles behind Identity 3.0.
Key publications
Visioning White Paper - What is Jericho Forum? (v1.0, February 2005)
Jericho Forum Commandments [v1.0, April 2006] (v1.2, May 2007) also white paper format (W124 v1.2, 15 May 2007)
Trust and Co-operation (v1.0, December 2006) also (W128 v1.0, 15 December 2006)
White Paper - Business rationale for de-perimeterisation (v1.0, January 2007) also (W127 v2.0, 15 January 2007)
Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration (v1.0, April 2009) also (W126, 15 April 2009)
Jericho Forum Self-Assessment Scheme (v1.0, March 2010) also (G124, 15 March 2010)
Jericho Forum “Identity” Commandments (v1.0, May 2011) also white paper format (W125 v1.0, 16 May 2011) and webinar (D045, 18 January 2012)
Framework for Secure Collaboration-Oriented Architectures (O-SCOA) (G127, 19 September 2012)
Jericho Forum Identity Commandments: Key Concepts (G128, 28 September 2012)
Trust Ecosystem (G141, 14 January 2014)
Smart Data for Secure Business Collaboration (W140, 14 January 2014)
Managing Network Entities in a Collaborative World (W141, 21 January 2014)
Protecting Information: Steps for a Secure Data Future (W142, 28 January 2014)
The Need for Data Principles (W143, 30 January 2014)
Identity Videos:-
Identity Video #1 - Identity First Principles. Introductory blog.
Identity Video #2 - Operating with Personas. Introductory blog.
Identity Video #3 - Trust and Privacy. Introductory blog.
Identity Video #4 - Entities & Entitlement. Introductory blog.
Identity Video #5 - Building a Global Identity Ecosystem. Introductory blog.
Position papers
The Need for Inherently Secure Protocols (v1.0, April 2006)
VoIP in a de-perimeterised world (v1.0, April 2006)
Wireless in a de-perimeterised world (v1.0, April 2006)
Internet Filtering & Reporting (v1.1, July 2006)
“Enterprise Information Protection & Control” (Digital Rights Management)(v1.0, October 2006)
End Point Security (v1.0, October 2006)
Federated Identity (v1.0, November 2006)
Business rationale for de-perimeterisation (v1.0, January 2007)
Information Access Policy Management (v1.0, March 2007)
IT Audit in a De-perimeterised Environment (v1.0, May 2007)
Principles for Managing Data Privacy (v1.0, May 2007)
Data/Information Management (v1.0, July 2007)
The Need for Inherently Secure Communications (v1.0, January 2008)
Mobile working in the de-perimeterised environment (v1.0, May 2008)
Collaboration Oriented Architectures [COA] (v1.0, April 2008)
COA Process - Person Lifecycle management (draft v0.1, July 2008)
COA Process - Endpoint Security (v1.0, October 2008)
COA Process - Risk Lifecycle Management (v1.0, November 2008)
COA Framework (v2.0, November 2008)
COA Process - Device Lifecycle Management (v1.0, November 2008)
COA Secure Protocols – Mobile Management (v1.1, December 2008)
COA Secure Data: Enterprise Information Protection & Control (v1.0, January 2009)
COA Information Lifecycle Management (v1.0, January 2009)
External articles
Alan Lawson “A World without Boundaries” Butler Review Journal Article April 2005 http://www.butlergroup.com/research/DocView.asp?ID={BD1E4C70-F644-42F1-903E-CDBC09A38B8D} [Membership required to access document] “Deperimeterisation has become more than an interesting idea it is now a requirement for many organisations. Vendors have shown an increasing willingness to listen to the user community, but in the absence of a coherent voice from the end-users themselves, may have been uncertain about to whom they should be listening. As long as Jericho [Forum] can continue to build upon its foundations and successfully integrate vendor input into its ongoing strategies, then we see no reason why this community should not become a strong and valuable voice in the years ahead.”
Paul Stamp, & Robert Whiteley with Laura Koetzle & Michael Rasmussen “Jericho Forum Looks To Bring Network Walls Tumbling Down” Forrester http://www.forrester.com/Research/Document/Excerpt/0,7211,37317,00.html [Chargeable document] “The Jericho Forum is turning current security models on their heads, and it’s likely to affect much more than the way companies look at orthodox IT security. Jericho’s approach touches on domains like digital rights management, network quality of service, and business partner risk management.”
Angela Moscaritolo "Cloud computing presents next challenge" SC World Congress Dec 2008 http://www.scmagazineus.com/SC-World-Congress-Cloud-computing-presents-next-challenge/article/122288/ "Jericho Forum – which has been preaching the notion of security in an open-network environment since the group was founded more than four years ago – next year plans to focus on the necessary steps to secure the cloud. But the forum is relying on IT security professionals for help, Seccombe said. “The very idea of bolting on security when you have already moved to the cloud is dumb,” he said. “You can't bolt security into the cloud; you need to build it in.”
See also
Jericho Forum Commandments
Collaboration Oriented Architecture
The Global Identity Foundation
The Cloud Security Alliance
References
External links
The Open Group
Commandments: the areas and principles of the Jericho forum
The Jericho Forum Identity Commandments