The Jericho Forum was an international group working to define and promote

de-perimeterisation In information security, de-perimeterisation is the removal of a boundary between an organisation and the outside world. De-perimeterisation is protecting an organization's systems and data on multiple levels by using a mixture of encryption, secure ...

. It was initiated by David Lacey from the Royal Mail, and grew out of a loose affiliation of interested corporate CISOs (Chief Information Security Officers), discussing the topic from the summer of 2003, after an initial meeting hosted by

Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...

, but was officially founded in January 2004. It declared success, and merged with

The Open Group The Open Group is a global consortium that seeks to "enable the achievement of business objectives" by developing "open, vendor-neutral technology standards and certifications." It has over 840 member organizations and provides a number of servi ...

industry consortium's Security Forum in 2014.

The problem

It was created because the founding members claimed that no one else was appropriately discussing the problems surrounding de-perimeterisation. They felt the need to create a forum to define and solve consistently such issues. One of the earlier outputs of the group is a position paper entitled th
Jericho Forum Commandments
which are a set of principles that describe how best to survive in a de-perimeterised world.

Membership

The Jericho Forum consisted of "user members" and "vendor members". Originally, only user members were allowed to stand for election. In December 2008 this was relaxed, allowing either vendor or user members to be eligible for election. The day-to-day management was provided by the

Open Group The Open Group is a global consortium that seeks to "enable the achievement of business objectives" by developing "open, vendor-neutral technology standards and certifications." It has over 840 member organizations and provides a number of servi ...

. While the Jericho Forum had its foundations in the UK, nearly all the initial members worked for corporates and had global responsibilities, and involvement grew to Europe, North America and Asia Pacific.

Results

After the initial focus on defining the problem,

, the Forum then moved onto focussing on defining the solution, which it delivered in the publication of the

Collaboration Oriented Architecture Collaboration (from Latin ''com-'' "with" + ''laborare'' "to labor", "to work") is the process of two or more people, entities or organizations working together to complete a task or achieve a goal. Collaboration is similar to cooperation. Most ...

(COA) paper and COA Framework paper. The next focus of the Jericho Forum was "Securely Collaborating in Clouds", which involves applying the COA concepts to the emerging Cloud Computing paradigm. The basic premise is that a collaborative approach is essential to gain most value from "the cloud". Much of this work was transferred to th
Cloud Security Alliance
for use in it
"guidance" document
The final (major) piece of the Jericho Forum's work (from 2009) was around Identity, culminating in 2011 with the publication of their Identity, Entitlement & Access Management Commandments. In its final months the Jericho Forum contributed thinking to the debate around "Smart Data" and this was handed over to the Security forum within

to continue, while the work on Identity has been continued by th
Global Identity Foundation

Success and closure

The Jericho Forum declared success and sunsetted at the London conference of the

OpenGroup The Open Group is a global consortium that seeks to "enable the achievement of business objectives" by developing "open, vendor-neutral technology standards and certifications." It has over 840 member organizations and provides a number of servi ...

on 29 October 2013
video
. The Jericho Forum work on identity has been carried on by th
Global Identity Foundation
a

not-for-profit A nonprofit organization (NPO) or non-profit organisation, also known as a non-business entity, not-for-profit organization, or nonprofit institution, is a legal entity organized and operated for a collective, public or social benefit, in co ...

organisation working to define the components of a global digital identity ecosystem, with the Identity "commandments" directly translating into the principles behin
Identity 3.0

Key publications

* Visioning White Paper - What is Jericho Forum
(v1.0, February 2005)
* Jericho Forum Commandments [v1.0, April 2006
(v1.2, May 2007)
''also white paper format'
(W124 v1.2, 15 May 2007)
* Trust and Co-operatio
(v1.0, December 2006)
''also'
(W128 v1.0, 15 December 2006)
* White Paper - Business rationale for de-perimeterisatio
(v1.0, January 2007)
''also'
(W127 v2.0, 15 January 2007)
* Cloud Cube Model: Selecting Cloud Formations for Secure Collaboratio
(v1.0, April 2009)
''also'
(W126, 15 April 2009)
* Jericho Forum Self-Assessment Schem
(v1.0, March 2010)
''also'
(G124, 15 March 2010)
* Jericho Forum “Identity” Commandment
(v1.0, May 2011)
''also white paper format'
(W125 v1.0, 16 May 2011)
''and webinar'
(D045, 18 January 2012)
* Framework for Secure Collaboration-Oriented Architectures (O-SCOA
(G127, 19 September 2012)
* Jericho Forum Identity Commandments: Key Concept
(G128, 28 September 2012)
* Trust Ecosyste
(G141, 14 January 2014)
* Smart Data for Secure Business Collaboratio
(W140, 14 January 2014)
* Managing Network Entities in a Collaborative Worl
(W141, 21 January 2014)
* Protecting Information: Steps for a Secure Data Futur
(W142, 28 January 2014)
* The Need for Data Principle
(W143, 30 January 2014)
*Identity Videos:- *
Identity Video #1 - Identity First Principles

Introductory blog
*
Identity Video #2 - Operating with Personas

Introductory blog
*
Identity Video #3 - Trust and Privacy

Introductory blog
*
Identity Video #4 - Entities & Entitlement

Introductory blog
*
Identity Video #5 - Building a Global Identity Ecosystem

Introductory blog

Position papers

* The Need for Inherently Secure Protocol
(v1.0, April 2006)
* VoIP in a de-perimeterised worl
(v1.0, April 2006)
* Wireless in a de-perimeterised worl
(v1.0, April 2006)
* Internet Filtering & Reportin
(v1.1, July 2006)
* “Enterprise Information Protection & Control” (Digital Rights Managemen
(v1.0, October 2006)
* End Point Securit
(v1.0, October 2006)
* Federated Identit
(v1.0, November 2006)
* Business rationale for de-perimeterisatio
(v1.0, January 2007)
* Information Access Policy Managemen
(v1.0, March 2007)
* IT Audit in a De-perimeterised Environmen
(v1.0, May 2007)
* Principles for Managing Data Privac
(v1.0, May 2007)
* Data/Information Managemen
(v1.0, July 2007)
* The Need for Inherently Secure Communication
(v1.0, January 2008)
* Mobile working in the de-perimeterised environmen
(v1.0, May 2008)
* Collaboration Oriented Architectures [COA
(v1.0, April 2008)
* COA Process - Person Lifecycle managemen
(draft v0.1, July 2008)
* COA Process - Endpoint Securit
(v1.0, October 2008)
* COA Process - Risk Lifecycle Managemen
(v1.0, November 2008)
* COA Framewor
(v2.0, November 2008)
* COA Process - Device Lifecycle Managemen
(v1.0, November 2008)
* COA Secure Protocols – Mobile Managemen
(v1.1, December 2008)
* COA Secure Data: Enterprise Information Protection & Contro
(v1.0, January 2009)
* COA Information Lifecycle Managemen
(v1.0, January 2009)

External articles

# Alan Lawson “A World without Boundaries” ''Butler Review Journal Article'' April 2005 http://www.butlergroup.com/research/DocView.asp?ID= [Membership required to access document] “Deperimeterisation has become more than an interesting idea it is now a requirement for many organisations. Vendors have shown an increasing willingness to listen to the user community, but in the absence of a coherent voice from the end-users themselves, may have been uncertain about to whom they should be listening. As long as Jericho orumcan continue to build upon its foundations and successfully integrate vendor input into its ongoing strategies, then we see no reason why this community should not become a strong and valuable voice in the years ahead.” # Paul Stamp, & Robert Whiteley with Laura Koetzle & Michael Rasmussen “Jericho Forum Looks To Bring Network Walls Tumbling Down” ''Forrester'' http://www.forrester.com/Research/Document/Excerpt/0,7211,37317,00.html hargeable document“The Jericho Forum is turning current security models on their heads, and it’s likely to affect much more than the way companies look at orthodox IT security. Jericho’s approach touches on domains like digital rights management, network quality of service, and business partner risk management.” # Angela Moscaritolo "Cloud computing presents next challenge" ''SC World Congress Dec 2008'' '' http://www.scmagazineus.com/SC-World-Congress-Cloud-computing-presents-next-challenge/article/122288/ "Jericho Forum – which has been preaching the notion of security in an open-network environment since the group was founded more than four years ago – next year plans to focus on the necessary steps to secure the cloud. But the forum is relying on IT security professionals for help, Seccombe said. “The very idea of bolting on security when you have already moved to the cloud is dumb,” he said. “You can't bolt security into the cloud; you need to build it in.”

References

{{Reflist

External links

The Open Group

Commandments
the areas and principles of the Jericho forum
The Jericho Forum Identity Commandments
Data security