Example Interoperability Framework

An entire IF can take several dozen pages. Table 17-1 shows four entries from an interoperability framework. The example shows parts of two subareas: Encryption Standards and Federation Standards. These would be a larger table of external standards that the organization supports.

Table 17-1. Portion of an interoperability framework

2.3 Encryption Standards

    

Description

Reference

Status

Review

Notes

XMLsig

http://www.w3.org/TR/xmldsig-core/

Approved

Annually

XML Signature Syntax and Processing (XMLsig) is defined by W3C. W3C Recommendation 12.02.2002.

XMLenc

http://www.w3.org/TR/xmlenc-core/

Approved

Annually

XML-Encryption Syntax and Processing. W3C Recommendation

10.12.2002.

XML Encryption is used to secure encrypted transport of content. Used when security on the transport-level (such as SSL) is not sufficient.

2.4 Federation Standards

    

SAML (Security Assertions Markup Language) Version 1.1

http://www.oasis-open.org/committees/download.php/6837/sstc-saml-tech-overview-1.1-cd.pdf

Approved

Annually

OASIS/SSTC Version 1.1 - 22.09.2003. SAML enables single sign-on and enables federated identification mechanisms.

SAML (Security Assertions Markup Language) Version 2.0

http://www.oasis-open.org/committees/download.php/7874/sstc-saml-tech-overview-2.0-draft-01.pdf

Emerging

Quarterly

SAML 2.0 is currently a draft specification. Use in production project is subject to approval and supporting product availability.


Notice that the emerging SAML 2.0 standard is reviewed more frequently and that its use is made subject to approval by the notes. These reviews need not be lengthy or subject to the formal governance process unless something like the status is going to change.

The document shown here is formatted as a table. This is a common way to format an IF, but you can see that it suffers from some limitations because there is insufficient space to include many details. Also, simply publishing the IF as a paper document, or an Excel spreadsheet on the Web, limits its usefulness. A large IF should be put into a content management system and made available over the Web in a variety of formats, including a table-based summary for quick browsing with links to detail pages for each standard. These detail pages should contain all of the information shown in Table 17-1 along with other useful information such as supporting standards, the relationship of the standard to others, projects inside the organization that employ the standard, links to procurement information, and the contact information for subject-matter experts.

One good example of an online interoperability framework is the Danish government's Reference Profile.[*] Like any good IF, this online resource gives members of the Danish government's IT community useful information on what standards are supported and how to find out more information about them. In addition, the online application allows the IF to be searched and for each individual standard, users can retrieve a detail page, link to the standard's official reference document, save the standard in a bookmark, or write a review.