Crew,
This is in reference to ER 209337,
which is the scoping ER, as stated in its Summary field. The Security
lifecycle, at least in my feeble mind, is broken up into three phases as
articulated below.
1.
Phase 1 of Security: Complete the SCOPING of COSMOS 1.0 Security by
Jan 25 (i8).
2.
Phase 2 of Security will be determining a technical approach.
Phase 2 of Security is an i9 deliverable. This will include technical choices
in regards to Authentication / Encryption-while-data-is-in-flight / RUDIMENTARY
(read MDR-level) Authorization with user and admin roles. Please do not say
that COSMOS needs to provide field level Security within an MDR J J J; this is
an exercise for the user…
3.
Phase 3 of Security will be a REFERENCE implementation subject to
the scope defined in Phase 1 and the technical choices made in Phase 2. I
see this as an i10 deliverable.
To close off, I will spawn the ERs
for Phase 2 and Phase 3 of Security… So here is the Security roadmap:
Security Phase 1 SCOPING / USE
CASES à i8 – January 25, 2008
Security Phase 2 TECHNICAL APPROACH
CHOSEN à i9 – March 7, 2008
Security Phase 3 REFERENCE IMPLEMENTATION
DONE à i10 – May 2, 2008
The upshot: We will NOT have ANY
Security reference implementation to show in EclipseCon… IS THAT OK?
In closing, today in the 10AM call, we need to close off on
the scope of Security and review / approve the Security Use Cases
Thanks,
Jimmy
Mohsin
Cell +1-609-635-1703