GSA SWID Tag Certification Meeting in Washington DC - March 24th, 2010

Put the date on your calendar - March 24th, 2010 in Washington DC from 9 AM - 3 PM Eastern.

The meeting location will be at the CA offices near the Dulles Aiport making it convenient for anyone travelling to the event for the day.

TagVault.org, the GSA, other government organizations, Software Publishers, SAM tool providers and other interested parties interested in creating the certification requirement for government purchased software will get together for a kick off working group session.

Government agencies  - learn how you can specify the requirements for certified software identification tags to help with your compliance program.  Note that Government agencies can join TagVault.org for free.

Software publishers - get involved now to help specify the certification expectations and procedures that will be rolled in to government purchasing process.

Software purchasers - get involved in the working group to understand how you can leverage the same certification process used by the government to ensure proper identification of software in your networking environment.  Don't get surprised by software audit findings in the future.

Tool vendors - get involved to understand how software identification data can be used to create reports that benefit your customers more.

TagVault.org has already specified the initial certification requirements for SWID tags.  These requirements include conformance to the ISO/IEC 19770-2:2009 standard, as well as ensuring the XML is valid.  In addition, certification includes the following:

  • Registration of the regid used by the organization (to ensure consistency in identification)
  • Use of consistent TagVault.org member defined terminology for terms
  • Validation that any member defined digital signatures match the certified publisher
  • Validation that any extended XSDs are defined appropriately and accessible via the Internet

The working group will define additional requirements beyond the initial certification requirements that enable the most effective analysis and analytics for government agencies.  These may include details such as product_category, channel_type or customer_type.  Imagine having software details from any SAM tool being able to automatically feed data into a dashboard such as the Federal IT Dashboard.  End-user organizations can obviously benefit from this type of dashboard as well!

Organizations that are members of TagVault.org above the adopter level are able to be involved in TagVault.org working groups.  Join TagVault.org now to be involved in this working group!

Location

This meeting will take place at the CA office near the Dulles Airport making it convenient for anyone travelling to the event for the day.

Agenda

  • Overview of the 19770-2:2009 specification – what’s there, why it’s there and how it’s intended to be used.
  • Overview of the work in progress on the 19770-3 draft defining the structure for software entitlement tags.
  • Overview of the SmartBuy program, the purchasing process and how changes to the purchasing process are implemented.
  • Differences between the GSA and DoD identification requirements. 
  • Overview of other Government agencies who may have different software purchasing procedures and how SWID tags may be able to help them.
  • Overview of the TagVault.org tag creation and signing tool.  What does a digitally signed SWID tag allow organizations to do?
  • Overview of the TagVault.org registration and certification process.  Including details on what a publically available TagVault.org registry will provide to the market and details on the TagVault.org/ITAM Review contest on the best use of tags – how are SAM tools looking to maximize the value of SWID tags?
  • Expectations of what is likely appropriate/required for certification levels for Government agencies (and, in reality, enterprise level organizations as well). 
Note, the mandatory elements identified in the standard are a minimal set because the OWG creating the standard wanted to ensure rapid industry adoption of the standard.  Adding a handful of additional elements (which are already defined in the optional section of the specification) will provide significantly more value to software purchasers.  Also, creating a secondary certification level that includes file details can provide even further value from a security and provenance perspective.
  • Define the additional elements required for Government defined certification levels and the rationale behind these requirements.
  • Identify distribution venues that can be used to provide information to software publishers on what’s required for certification and how they can create certified tags for their products accurately, inexpensively and efficiently.

Get Involved

Become a TagVault.org member today - software publishers, this will provide you with the tools, registration and certification processes you need to be ahead of the GSA requirements.  Other organizations interested in effective SAM programs are also welcome to participate in these meetings.  All members above the adopter level can attend and provide your feedback to the process.