Read the Community Blog

Describe your experience in your own blog statements

All registered users, now have author access rights and can write their own blog statement simply by using the "Create a blog entry" menu item in the "Community" menu. Do not forget to set the section to "Community" and the category to "Read the Community Blog".

New front page image

Spent a few minutes playing with a new front page image. Aurelius suggested that the tag lines should be a little more action focussed, and I was concerned the old image had too many colors and lines (it's mandatory for lots of white space in these Web 2.0 times).

Hopefully it's a bit clearer to read and understand now.

Would you agree? I'd be interested in your feedback on the front page. Is it clear what OSA is about? Any ideas for further improvement welcomed.

Server module updated

Just uploaded the updated Server module to align with the role changes we made to the client. I found a few additional errors as I went through that I corrected, and hopefully these should now be quite stable.

We'll now put the focus on creating some more specific patterns such as wireless access that use these modules. We'll also try and move forward on the ISO mapping that is needed for the Beta release.

Security Requirements

During my discussion with Claudiu (whom I appreciate as great expert in the area of secure development), we came up with some further thoughts on what drives security requirements. Also we agreed that the currently posted categorization in the Security Requirements article (under Foundations->Definitions) is not orthogonal. Meaning that a requirement can ambigously belong to two categories. However we believe that it is never the less valuable to understand what are the potential sources for requirements. I hope the added illustration will help here.

Client Module updated

Finally got the Client module uploaded tonight after messing around all evening with it. There are so many controls that it takes ages to be sure that you have them correctly assigned to the roles, labelled and hyperlinked. If you are using IE I really encourage you to try with Firefox, Safari or Opera which support SVG graphics. That way you get the links to controls on the diagram itself, along with tooltips.

I ended up going with the ITIL roles for the actors and I started to get quite happy with these towards the end. I think that many of them will remain unused apart from esoteric patterns, but I like the fact that they cover the lifecycle in depth and will be familiar to most IT people who are used to working in large structured (or often unstructured!) organisations. For those users who don't fall into this space, you can still use the control definitions and ignore the extra information that the roles bring you.

Therefore my vote is to standardise on ITILv3 roles, and map against other standards as needed.