The Jericho Forum is an organization advocating innovation in e-commerce security. Here, Jeroen Willemsen, researcher at Capgemini, a forum member, discusses the idea behind the "Collaboration-Oriented Architecture" position paper published earlier this year.

A master class was held at the Jericho Forum conference in London earlier this year on how to implement solutions that provide effective secure operations in what the forum calls "de-perimeterized environments" where the network perimeter is acknowledged to largely be disappearing as businesses become more intertwined through e-commerce. Among the solutions: building a collaboration-oriented architecture. Is COA really the Holy Grail for future information security? How does it work? Are there downsides? To find the answers, I need to take you on a journey through the COA Framework.

The COA Framework in a nutshell

The framework defines four components that are necessary to provide security that meets the business requirements in a de-perimeterized environment. They are:
* Processes: To manage and maximize the value of collaborations, a set of processes are necessary to enable a new revolution in information-sharing without risks getting out of hand. The process component contains five processes: risk management, and life-cycle management of personae, devices, information and entire enterprises.
* Services: The services component focuses on securing the collaboration. The COA Framework defines the following services: identity management and federation, policy management, information classification, information asset management, and audit.
* Principles: This component contains a set of guiding principles that include requirements and constraints. These provide the cornerstone of the framework and follow Jericho Forum principles four to eight. The core principle is based on trust: how you trust each other and how you maintain that state of trust.
* Attributes: The attributes help to determine if the framework is implemented correctly.

The COA Framework also defines a set of technologies that provide endpoint security, secure communications and secure data.

What does the COA Framework provide?

We already have enough trouble keeping up with what it takes to maintain our current security requirements. Imagine what it will be like when we have to maintain our own security requirements and those of each of our collaborating parties. The Jericho Forum principles include security mechanisms that should reduce complexity in a collaborative environment. Too much complexity is a security risk all by itself. Collaborating with multiple parties requires rethinking your security principles. If the burden to implement security based on this new way of thinking is too great, the temptation to simply not do it will be too inviting and risks will not be addressed.