This just from the wire today. Interesting group. Although, I am not sure
that what they do is develop "Standards" or "Open Specifications" - at from the
traditional concensus standards approaches of groups like OASIS, w3C, and
the OGC. It is more like they are defining an architecture based on certain
best practices and recommended security standards.
Anyway, notice the CAP reference.
RAINS Announces Open Specification for Sensitive Information Sharing
Across State, Local and National Homeland Security Systems
More Than 30
Public and Private Sector Leaders Join Forces to Support Interoperable,
Non-Proprietary Approach to Information Sharing
PORTLAND, Ore., March 29,
2004�A national coalition of leading information technology companies,
non-government organizations and local, state and federal government entities
today unveiled the RAINS Open Specification for Sensitive Information
Sharing. Based on RAINS� proven Connect & Protect� program and
targeted at new Homeland Security needs, the RAINS specification provides an
open alternative to the proprietary single-vendor approach by promoting
interoperability and improved security within a flexible framework, open to many
vendors. At the same time, the RAINS Open Specification helps standardize
information-sharing processes, procedures and systems as used at the local,
state and federal level, across the nation.
RAINS (Regional
Alliances for Infrastructure and Network Security) is a not-for-profit
public/private partnership committed to accelerating the development and
deployment of innovative technology for homeland security. RAINS led
development of the specification in cooperation with leading organizations from
the public and private sectors, including technology providers such as Intel,
HP, ESRI, Inc., PeopleSoft, FORTiX, Swan Island Networks, Tripwire and Digimarc;
and public sector organizations ranging from the State of Oregon to the Medical
College of Georgia.
U.S. Senator Ron Wyden (D-Ore) says, �When I began
working with RAINS, I was able to count the number of members on one hand; now
their organization has grown into a multi-state, public-private force.
This is a tenacious, worthwhile group, and I�m proud to be their partner in
bringing new technologies to the marketplace.�
The broad support the
RAINS Sensitive Information Sharing Open Specification has received is due, in
part, to its vendor-neutral approach. RAINS Chairman Charles Jennings said,
�This specification provides an open, scalable and very affordable way to
accelerate data interoperability, both at the local level and up through the
various hierarchies of government and critical infrastructure. Using a
transparent process managed by our non-profit public/private organization, we
believe this specification will help both government and private entities share
sensitive information, without sacrificing the power of free market
competition.�
Open Spec Based on Proven Program
The underlying
principles of the Open Specification for Sensitive Information Sharing are based
on RAINS� experience in building information sharing networks. Using its
RAINS-Net integration of interoperable Web Services technologies from RAINS�
member companies, RAINS has addressed and incorporated specific user
requirements, and aggregated them into the guidelines that make up the initial
Open Specification.
As an integrated, highly secure set of technologies
for connecting culturally diverse, geographically dispersed organizations,
RAINS-Net provides a foundation for information sharing that can adapt and scale
as requirements change. Originally developed and deployed in the Pacific
Northwest in 2003, RAINS-Net technology is now being adopted in other regions
throughout the country.
"In the aftermath of 9/11 the nation has
been called up to take immediate steps to better identify and address the urgent
needs of homeland security and emergency response. RAINS is a pioneer in
developing and delivering a new information sharing solution, and RAINS-Net
meets national homeland security requirements at the regional and local level,�
said Jeffrey P. Gerald of the Department of Defense�s Homeland Security Command
and Control Advanced Concept Technology Demonstration (HLS C2 ACTD), which has
been testing and deploying RAINS-Net technology.
Ensuring
Interoperability
The Open Specification for Sensitive Information takes a
rules-based � rather than architecture-based � approach to streamlining
sensitive information sharing among trusted members of a local or regional
network. This gives organizations the freedom to select the tools and platforms
most suited to their needs, while still ensuring security and
interoperability.
The specification also calls for information-sharing
systems to be locally controlled. Organizations are not locked in to proprietary
products or architectures, and can tailor the system to meet unique local needs
and conditions. This �bottom-up, locally driven� approach ensures that each
RAINS-compliant system functions optimally at the local level, but is also
highly interoperable with all other regional and national systems.
�ESRI
strongly supports the RAINS Open Specification and believes it provides a
much-needed foundation for the growth of information sharing across
organizations dedicated to homeland security and public safety. RAINS provides
an excellent opportunity to demonstrate critical data sharing between public and
private sector organizations supporting homeland security and homeland defense,�
said ESRI president Jack Dangermond.
The specification supports the
exchange of numerous information types and functions, organized in the form of
discrete Web Services. These services include targeted alert notification,
common operational picture, command-and-control functions, first response
guidelines, libraries, secure e-mail, and automated field reporting � all within
a common Web Services security framework.
"Intel supports the direction
that RAINS is providing to bring together private sector and public agencies to
define requirements and promote solution architectures for secure information
exchange applications,� said Gary Haycox, Director, Strategic Initiatives,
Solution Market Development Group, Intel Corporation. "This will give
users the opportunity to choose solutions from multiple vendors based on open
standards and enhanced mobile capabilities as tools for collaboration, data
interoperability and sensitive information sharing for local, state and homeland
security."
However, while the specification promotes the use of specific
Web Services and other standards, it avoids restrictive limits on precisely how
these services and standards are to be engineered or deployed. This ensures
maximum flexibility, efficiency and economies of scale, while still providing a
framework for wide-scale data interoperability and encouraging an open,
competitive marketplace.
Open Specification Guidelines
The initial
Open Specification for Sensitive Information Sharing guidelines includes the
following
elements:
1.
Centralized directory: RAINS will operate the UDDI Registry (Universal
Description, Discovery and Integration) for all participating partners deploying
Web Services (SOA). UDDI is the building block that will enable RAINS
participants to quickly, easily and dynamically find and transact with one
another as parts of the RAINS-Net solution. RAINS will be responsible for
accrediting systems for
operation.
2. Existing
systems: The RAINS-Net system must be able to be deployed on existing
servers and networks, co-existing with other solutions.
3. Usability:
Notwithstanding the specialized training needs of system administrators and
power users, resulting RAINS-compliant solutions must be capable of being
installed and/or operated by an end user of the information sharing system
without specialized training or vendor required
installation.
4. Web
Services: Where applicable Service Oriented Architecture (or, Web
Services-based) systems should be
employed.
5.
Standards: Systems MUST adopt and build on existing standards�where
existing standards are modified, those changes should not be considered
proprietary, but part of a growing framework for security and
interoperability. Standards such as XML,
Common Alert Protocol
(CAP), WS-Security, WS-SecurityPolicy, WS-Trust, SAML, etc., must
be used where
applicable.
6.
Information usage rules: Any information sharing between systems must
carry a usage record that must be applied by subsystems and enforced where that
information is displayed or
used.
7. Systems must
be auditable: Any information sharing between systems must provide
mechanisms for extracting and reviewing audit
trails.
8.
Survivability: Systems as a whole must be designed to function as well as
possible in emergency situations.
RAINS will continue to refine the Open
Specification for Sensitive Information based on industry feedback, and welcomes
involvement from other public and private organizations. For more information,
please contact Richard MacKnight, RAINS-Net Director, at
richard@rainsnet.org.