Issue 14133: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? (rms-ftf) Source: TethersEnd Consulting (Mr. Larry L. Johnson, larry.johnson(at)tethersend.com) Nature: Uncategorized Issue Severity: Summary: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? [JRMS Remaining Issue] Resolution: Revised Text: Actions taken: July 28, 2009: received issue Discussion: End of Annotations:===== s is issue # 14133 How many In Force authentication methods can there be? Does there have to be at least one in force at all times? How many In Force authentication methods can there be? Does there have to be at least one in force at all times? From: "PrescottD" To: "'RMS-FTF@omg.org'" Subject: Issue 14133: Date: Thu, 4 Mar 2010 14:37:00 -0500 X-Mailer: Microsoft Outlook, Build 10.0.2627 X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5,1.2.40,4.0.166 definitions=2010-03-04_08:2010-02-06,2010-03-04,2010-03-04 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1003040181 Two Questions 1. How many In Force authentication methods can there be? As many as have been used, that is that if a record is associated with an authenticity method and the authenticity method is "in force" for that record (or set as the case may be) then the that method must be kept. This gets to the management of the records whereby I would expect the records manager would be monitoring this and updating authenticity methods to keep them current and up with best in practice, etc., etc. So - if an authenticity method is associated with a managed record it must be kept until it is superseded. When an authenticity method is no longer associated with any managed records (or sets) then it can be discharged from being managed. The model supports this viewpoint. 2. Does there have to be at least one in force at all times? Neither the model nor the original functional requirements demand an authentication method be in force at any time. HOWEVER, this should be reconsidered because how do you know the managed record being managed after it is set as a managed record is in fact what it was when you put it there. Without an authentication method to apply to the record when it is set aside as a managed record you have an unreliable environment for managing the record (sets). THEREFORE I recommend an authentication method be mandatory, at least one shall be en force at the time the document is set aside as a record and the authentication be set at the immediate time of the set aside. From: "PrescottD" To: "'Larry L. Johnson'" , "'RMS-FTF@omg.org'" Subject: RE: Issue 14133: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? Date: Sat, 6 Mar 2010 13:39:51 -0500 X-Mailer: Microsoft Outlook, Build 10.0.2627 X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5,1.2.40,4.0.166 definitions=2010-03-06_02:2010-02-06,2010-03-05,2010-03-05 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1003060180 Comments below. -----Original Message----- From: Larry L. Johnson [mailto:Larry.Johnson@TethersEnd.com] Sent: Friday, March 05, 2010 4:30 PM To: 'RMS-FTF@omg.org' Subject: RE: Issue 14133: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? It seems that inForce is an over-loaded concept. It means authentication methods that are actually "active" methods, i.e. there are records whose authentication is still based on that method. Perhaps we should change the name of the attribute to something like "active"? Is there buried in the inForce concept a "currentlyUsed" authentication method, i.e., newly set-aside records should be validated with this preferred, current method? Can there be more than one such method? (My gut feeling is "No", but the question needs to be posed and answered... who would select among the options and how?) COMMENT: That is what I took "en force" to mean, that is the one currently being used. I took the others, the ones not "en force" as being valid because there were still records that had been authenticated with it/them but had not been updated to use the "en force" authentication. Perhaps some adjectives are required. As to: "an authentication method be mandatory, at least one shall be en force at the time the document is set aside as a record and the authentication be set at the immediate time of the set aside": We have been meticulous in being business process agnostic in the RMS specification. It has almost been a "prime directive" as a guiding principle. Although having an active and inForce authentication process is good records management practice, I think it is outside the purview of the RMS to enforce good practices. The RMS is intentionally minimalistic. "Best Practices" might be best left to a separate document on the use of RMS rather than try to dictate those practices. "Best Practice" will evolve... the RMS needs to accommodate whatever they are. Further, such best practices may be quite different depending on the business domain/milieu in which the records are being managed. COMMENT: Good records management requires a type of authentication or you are not really doing records management you are doing document management. Let me provide a paper example. In the old days, the records were centrally located and under the watchful eye of an adminsitrator who would be responsible for locking the cabinet with the records at the end of the day. Some processes included logging the cablinet open and closed, others inlcuded check out registers, but all were under the control of somebody. This was because this was the authentication method that assured the records were complete, have not been tampered with, and were not forgeries. This was not a nice to have, it was requried or there was no way an attestation of the evidence they represent could be made. Consideration for some type of authentication should be made, this is parralell to the requrement that only a copy of a record be provided on a request. Regards, Larry Larry L. Johnson Chair, OMG RMS Finalization Task Force http://gov.omg.org/gov-ftf-rms.htm mailto:rms-ftf@omg.org TethersEnd Consulting 2023 Cleveland St Clearwater, FL 33765-3107 V/F: 888-502-9847 V/F: 202-449-5637 http://www.TethersEnd.com/ -------------------------------------------------------------------------------- From: PrescottD [mailto:drp@tethersend.com] Sent: Thursday, March 04, 2010 2:37 PM To: 'RMS-FTF@omg.org' Subject: Issue 14133: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? Two Questions 1. How many In Force authentication methods can there be? As many as have been used, that is that if a record is associated with an authenticity method and the authenticity method is "in force" for that record (or set as the case may be) then the that method must be kept. This gets to the management of the records whereby I would expect the records manager would be monitoring this and updating authenticity methods to keep them current and up with best in practice, etc., etc. So - if an authenticity method is associated with a managed record it must be kept until it is superseded. When an authenticity method is no longer associated with any managed records (or sets) then it can be discharged from being managed. The model supports this viewpoint. 2. Does there have to be at least one in force at all times? Neither the model nor the original functional requirements demand an authentication method be in force at any time. HOWEVER, this should be reconsidered because how do you know the managed record being managed after it is set as a managed record is in fact what it was when you put it there. Without an authentication method to apply to the record when it is set aside as a managed record you have an unreliable environment for managing the record (sets). THEREFORE I recommend an authentication method be mandatory, at least one shall be en force at the time the document is set aside as a record and the authentication be set at the immediate time of the set aside. From: "Larry L. Johnson" To: "'RMS-FTF@omg.org'" Subject: RE: Issue 14133: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? Date: Fri, 5 Mar 2010 16:29:51 -0500 X-Mailer: Microsoft Office Outlook 11 Thread-Index: Acq70iTlg0H2S69mR/eqLNt0eDqzigA1f0ow X-ACL-Warn: { X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - capricorn.lunarpages.com X-AntiAbuse: Original Domain - omg.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - TethersEnd.com X-Source: X-Source-Args: X-Source-Dir: It seems that inForce is an over-loaded concept. It means authentication methods that are actually "active" methods, i.e. there are records whose authentication is still based on that method. Perhaps we should change the name of the attribute to something like "active"? Is there buried in the inForce concept a "currentlyUsed" authentication method, i.e., newly set-aside records should be validated with this preferred, current method? Can there be more than one such method? (My gut feeling is "No", but the question needs to be posed and answered... who would select among the options and how?) As to: "an authentication method be mandatory, at least one shall be en force at the time the document is set aside as a record and the authentication be set at the immediate time of the set aside": We have been meticulous in being business process agnostic in the RMS specification. It has almost been a "prime directive" as a guiding principle. Although having an active and inForce authentication process is good records management practice, I think it is outside the purview of the RMS to enforce good practices. The RMS is intentionally minimalistic. "Best Practices" might be best left to a separate document on the use of RMS rather than try to dictate those practices. "Best Practice" will evolve... the RMS needs to accommodate whatever they are. Further, such best practices may be quite different depending on the business domain/milieu in which the records are being managed. Regards, Larry Larry L. Johnson Chair, OMG RMS Finalization Task Force http://gov.omg.org/gov-ftf-rms.htm mailto:rms-ftf@omg.org TethersEnd Consulting 2023 Cleveland St Clearwater, FL 33765-3107 V/F: 888-502-9847 V/F: 202-449-5637 http://www.TethersEnd.com/ -------------------------------------------------------------------------------- From: PrescottD [mailto:drp@tethersend.com] Sent: Thursday, March 04, 2010 2:37 PM To: 'RMS-FTF@omg.org' Subject: Issue 14133: How many In Force authentication methods can there be? Does there have to be at least one in force at all times? Two Questions 1. How many In Force authentication methods can there be? As many as have been used, that is that if a record is associated with an authenticity method and the authenticity method is "in force" for that record (or set as the case may be) then the that method must be kept. This gets to the management of the records whereby I would expect the records manager would be monitoring this and updating authenticity methods to keep them current and up with best in practice, etc., etc. So - if an authenticity method is associated with a managed record it must be kept until it is superseded. When an authenticity method is no longer associated with any managed records (or sets) then it can be discharged from being managed. The model supports this viewpoint. 2. Does there have to be at least one in force at all times? Neither the model nor the original functional requirements demand an authentication method be in force at any time. HOWEVER, this should be reconsidered because how do you know the managed record being managed after it is set as a managed record is in fact what it was when you put it there. Without an authentication method to apply to the record when it is set aside as a managed record you have an unreliable environment for managing the record (sets). THEREFORE I recommend an authentication method be mandatory, at least one shall be en force at the time the document is set aside as a record and the authentication be set at the immediate time of the set aside. [JRMS Remaining Issue]