JISC

Download the full report

The objectives of this project were to contribute UK security functionality documentation to the e-Framework and to compare and contrast the security mechanisms in place across the partner countries in the e-Framework to support increased interoperability. This project wasn't tasked to review the e-Framework, and hasn't undertaken that activity; but we have made some observations which represent those of a contributor rather than a reviewer.

Executive Summary

The project was split into three phases: 1) initiation and landscape study; 2) documenting core UK security services; 3) synthesis and reporting. We discussed and agreed all outputs with the JISC Programme Manager.

Project outputs

The landscape study provided a useful (and necessary) analysis of the progress that the international partners had made toward documenting their security architectures, and collated information on the security approaches of the UK e-Science grid and the UK federation. From this preliminary work, it became clear that there was not enough security documentation on the e-Framework from the international partners to meet the original objectives of this project. Accordingly, the focus shifted to documenting further UK security functionality. We have submitted a range of documentation to the e-Framework (see Section 3 of the full report and Annex B).

Key findings

The key findings are set out in full in Section 4 of the full report and are, in summary:

1. The e-Framework takes time to understand and the available documentation and support does not always help clarification.
2. The overheads for documenting should be minor if the e-Framework is incorporated in the design process from the outset, although it is difficult and time-consuming to retrospectively document existing real-world functionality
3. The e-Framework review process did not operate in a timely manner for our project.
4. Not every development project is suitable for documenting on the e-Framework
5. Functionality that does not consist of much machine-to-machine flow, and where there are few service interfaces, do not fit well with the e-Framework model
6. Using the e-Framework to compare security functionality across partners is not currently possible as there is not enough relevant e-Framework documentation published.
7. The e-Framework is not the most appropriate way of analysing security interoperability - the challenges frequently lie at policy or conceptual levels which are not adequately represented within the e-Framework

Guidance to projects contributing to the e-Framework

Some guidance to potential e-Framework contributors is provided in Section 5 of the full report. In summary:

• Not every project/service should contribute to the e-Framework; suitability should be assessed and agreed with JISC on a per project basis
• The e-Framework is most beneficial for service-based systems with reusable interfaces
• Trying to document project outputs for the e-Framework at the conclusion of the project is not the most effective approach. If the e-Framework is incorporated into the design process from the outset it can provide a structure to help with developing reusable
  software; used in this way, the overheads should be minimal
• The e-Framework model can lead to spiralling complexity in documentation. It is important to apply good diagramming practice to the development of SUMs: consider their scope carefully, and show the important information without unnecessary detail

Working with the e-Framework

This project has worked with the e-Framework to reflect on the key findings (Section 4 of the full report) and the guidance outlined in Section 5 of the full report.

The e-Framework is committed to learning from experiences to improve its approach, and the findings from this project have informed the evolution of the e-Framework, and the outputs will be factored into the community focussed validation of the e-Framework technical approach which is scheduled from June-December 2009. Annex C provides an update from Ian Dolphin (Director of the e-Framework) on how the e-Framework has evolved since this project was completed and how this project has informed these changes.

Report available electronically only