[Oscmis] FYI - DISA makes 50 apps available - DISA and OSSI - CMIS

Davis, Michael H CIV SPAWAR, 5.0.2 / CSE Michael.H.Davis at navy.mil
Thu Oct 22 09:48:15 CDT 2009 

It's really about DISA's CMIS and now partnership with OSSI to make it "open" for all. (see enclosed links)

I Think it's a great idea and much needed in the government, yet I wonder about the "built in IA / security" and C&A products that come with that (and also support DOD reciprocity therein)... No small factor...   As a complete offering would have these elements as part of their "PPL"   The DISA folks I copied will know more than I.  

Whether "their methodology is worth entering into a major C2 weapon system."  is an interesting question, as it seems they took an overall "applications" approach, versus whole system like NECC, which has significant development hurdles as we all know...  How all that operates in an "open"  SOA/Service environment (and common infrastructure or CCE), is unclear to me (as is their C&A process), but it seems no one has got that to work yet...  And as we know, clearly not the level of IA / security needed...  As we continue to propose that NO ONE gets the enterprise access control right to make all this work...  Automatically... And cross domain / COI... As your USAF ACC efforts also show...  (of course we suggest that "ZBAC" can help make that aspect more tractable and more effective too, though we all have many systemic IA&A elements to still work to get "cyber IFF" to work... Whether that is ABAC to ZBAC)


DISA's internally developed Corporate Management Information System, CMIS is a Web-based federal workforce management and administrative software suite with nearly 50 applications and tools to manage human resource, training, security, acquisition and related functions ... 
The objective of the Cooperative Research and Development Agreement (CRADA) between the Defense Information Systems Agency (DISA) and the Open Source Software Institute (OSSI), is to perform the COOPERATIVE WORK described in the SOW in partnership with academia, the private sector and other organizations to: (1) research enhanced capabilities and functionality (i.e. security and other unique features) for DISA SOFTWARE; and (2) create DERIVATIVE WORKS such as GOVERNMENT-Off-the-Shelf and commercial products that may be integrated with DISA SOFTWARE for use by the DOD, the GOVERNMENT, state and local governments, and the public. 

OSSI is tasked with making available copies of the Open Source Corporate Management Information System (OSCMIS) under the Open Software License version 3.0.   To get a copy of their license go to
http://www.oss-institute.org/index.php?option=com_content&task=view&id=332&Itemid=210
And / or engage OSCMIS at oss-institute.org


-----Original Message-----
From: Strini, Bob A CTR USAF ACC ACC/A8CI [mailto:Bob.Strini.ctr at langley.af.mil] 
Sent: Thursday, October 22, 2009 6:22
To: Davis, Michael H CIV SPAWAR, 5.0.2 / CSE
Cc: Vandemeulebroecke, Peter CIV SPAWARSYSCEN-ATLANTIC, 60000; Hendricks, James D CAPT SPAWAR, 51720; Stewart, Mike M CIV SPAWAR, 51300; Howell, Terry D CIV PEO C4I; Zimmerman, Lee CIV SPAWARSYSCEN-PACIFIC, 53030; Cereola, Joseph CAPT SPAWAR, 5.0
Subject: RE: FYI - DISA makes 50 apps available for others to use and improve

Mike,

I just went to the link provided and Gov't Comp News (GCN) talks about what was done but no links to actually contact DISA was provided. The list of apps developed is not readily available. Does anyone on this email trail
(DISA?) have a link or POC that can support the sharing of the apps?

Appreciate any help to determine if what they developed and their methodology is worth entering into a major C2 weapon system.

R,

Bob Strini
GCIC/JI
ACC/A8CI

http://www.disa.mil/news/pressreleases/2009/ossi_031709.html

DISA AND OSSI LAUNCH FORMAL COLLABORATION OF FEDERAL IT SYSTEM


ARLINGTON, Va - The Defense Information Systems Agency announced the establishment of a Cooperative Research and Development Agreement (CRADA) with Open Source Software Institute (OSSI) today. The agreement will pave the way for collaboration and partnerships between the federal government, non-profit organizations, academia, and industry to research and develop cutting-edge software for users in DoD, governments at all levels, and the public. 

The CRADA focuses on release of an open source version of DISA's internally developed Corporate Management Information System. CMIS is a Web-based federal workforce management and administrative software suite with nearly 50 applications and tools to manage human resource, training, security, acquisition and related functions for more than 16,000 DISA users worldwide "CMIS is a core product within the DISA's IT systems," said Jack Penkoske, Director of Manpower, Personnel and Security. "We have a lot invested in CMIS and many other government agencies want to adopt it. Why not let them, using the CRADA and an open source model? And why not also open it to industry, academia, and the Open Source community? This approach not only lets them use CMIS but also lets us leverage their good ideas and modifications to improve DISA's system, and we believe this will be a win-win for all involved."

The announcement was made during a presentation at the National Security Agency and DISA Technology Transfer Showcase hosted at the John Hopkins University's Applied Physics Laboratory in Laurel, Md. The event featured executives from both agencies who provided insights into their latest technologies made available for licensing through Technology Transfer programs.

"We did not want to re-invent the wheel," said Richard Nelson, DISA's Chief of Personnel Systems Support Branch at the Manpower, Personnel and Security Directorate. "We knew we had a solid product with CMIS, and we use it every day. After we decided the best way to create enhancements and modifications was through a collaborative partnership involving the non-profit sector, academia and industry, we looked for a partner who had experience with government, specifically DoD, as well as commercial and open source community connections. OSSI has provided technical and open source licensing expertise as well as insights in adoption and distribution strategies. And in using the CRADA vehicle, we can collaboratively pursue the three foci of research, development, and training to support of this project." 

"Creating an Open Source CMIS is important in several ways," said John Weathersby, Executive Director of the Open Source Software Institute. "First, software developed by Government employees falls under "public domain." By distributing the program under an open source license, the Government retains access to the system without having to worry that they'll have to repay for the development of something that was originally created with public funds."

"Secondly, since CMIS is now released under an open source license, commercial, academic and non-profit entities can adopt and support the system, as long as they adhere to the license agreement. There are two license variants available from OSSI: the Open Source License v.3 and the Academic Free License v.3," he said.

"And finally, this demonstrates that the Government is looking forward to find ways of using open source as a valuable tool within their IT enterprise," Weathersby said. "We applaud DISA's foresight and believe it will enhance the viability of the CMIS program. It is a wise use of both technical and economic resources. We look forward to working with DISA and other government agencies who are joining this effort and will provide a schedule for updates and support services in the coming days."



-----Original Message-----
From: Davis, Michael H CIV SPAWAR, 5.0.2 / CSE [mailto:Michael.H.Davis at navy.mil]
Sent: Tuesday, October 20, 2009 12:45 PM
To: Cereola, Joseph CAPT SPAWAR, 5.0; Zimmerman, Lee CIV SPAWARSYSCEN-PACIFIC, 53030
Cc: Vandemeulebroecke, Peter CIV SPAWARSYSCEN-ATLANTIC, 60000; Hendricks, James D CAPT SPAWAR, 51720; Stewart, Mike M CIV SPAWAR, 51300; Howell, Terry D CIV PEO C4I
Subject: FYI - DISA makes 50 apps available for others to use and improve

So, seems the time has come for "government-sponsored open-source software"

BUT will the major SW vendors play well there?  Even as those 50 apps are "COTS" based...

Seems SOA should also be done this way...  (where "Services / Agencies"
provide their best core / global services to the common DoD pool...) (yet we sort of tried that with "DII COE" and....)(still, the commercial world already does that well - rather like all those apps/services for the
Ipod...;-))

Still, I bet they did not integrate in "adequate security" yet... As NO ONE really has.... (re: distributed transitive trust, security service chaining,
etc...) ;-((
YET if they come with a C&A package TOO, a pedigree of sorts (aka, a PPL package)that can be actually used wrt DOD reciprocity, THAT will be
impressive....;-))


DISA makes 50 applications available for others to use and improve By Joab Jackson Oct 12, 2009 

The Defense Information Systems Agency is taking a new approach that could promote the reuse of its applications at other agencies by making its internal software open source. 
http://www.1105newsletters.com/t.do?id=3555994:194304


Web link's article verbige is enclsoed belew for easier skiming.....

For seemingly as long as the Defense Department has deployed software, its leaders have pursued an elusive goal: software reuse. After a military service spent the money to develop a piece of software or commissioned a contractor to build an application, information technology chiefs have sought to find a way for other branches of the military to reuse that code.
Software reuse could save money and increase uniformity of operations. 

Now, the Defense Information Systems Agency has latched onto a new approach that could help achieve that goal by making its own internal software open source.

Earlier this year, DISA released as open source a suite of more than 50 different applications, collectively named the Open Source Corporate Management Information System (OSCMIS). 
http://gcn.com/articles/2009/08/18/disa-open-source-application.aspxThe idea is that other government agencies and commercial firms could reuse the software for their own purposes. And if a few of the users are savvy enough to make a few changes that improve the underlying code and then share those improvements with DISA, everyone involved would reap the benefits of the open-source model.

The team at DISA's personnel systems support branch have written about 50 open-source applications that could not be obtained commercially.

The idea was the brainchild of Richard Nelson, chief of DISA's personnel systems support branch at the Manpower, Personnel and Security Directorate.
Nelson has a team of seven hot-shot developers who developed the applications in the OSCMIS package. Like the rest of the military, DISA relies mostly on commercial software. However, for at least some office tasks, the agency could not find an affordable or appropriate commercial offering. Commercial products were either too expensive or did not fit the government's workflows and requirements. In some cases, software that could handle the task did not exist. 

The OSCMIS package is a collection of programs written by Nelson's staff that fill those gaps. The developers started creating the applications in 2006, and most applicatins use Microsoft SQL Server for a database and Adobe ColdFusion for the Web-based user interfaces. They are production use programs - already used on a regular basis by more than 16,000 military personnel worldwide. The 50 programs handle duties such as human resources management, training, security, acquisition and related functions.
Twenty-three were developed in the last half of 2008, including more than a few that were complex in scope.

"The merits of the team's approach are apparent in the speed, ease of use, and accuracy of the delivered solutions," said Barry Leffew, vice president of Adobe's public-sector division.

Although the suite of applications is a success story, Nelson took an uncharacteristically brave step for a program manager: He opened his code for outside inspection and use. He consulted with DISA's legal team, and in March, the agency signed a cooperative research and development agreement with the Open Source Software Institute (OSSI), a nonprofit organization that promotes the open-source model to government, to help release the source code of the programs for other organizations to inspect and possibly reuse. Because DISA, as a government agency, cannot copyright its programs, OSSI holds the copyright and offers OSCMIS under Version 3 of the Open-source License.

By making the code open source, DISA "hopes to get access to more developers in the common community," Nelson said. The programs are fully functional, but there are always more features that could be added and technical issues to be resolved.

"My people are extremely fast, though we have to keep tweaking stuff, too, as regulations and procedures change," Nelson said. "So there is no way they'll be able to finish out the whole suite itself." By placing OSCMIS in the open-source community, others might enhance the software as a byproduct of inserting it into their own systems.

"DISA was able to recognize and leverage the open-source economic model,"
said John Weathersby, president of OSSI. By now, most industry observers note that the open-source model of collaborative development is one that can pay off by sharing the development among everyone who uses the product. In government procurement practices though, the open-source model is still largely a novel one. 

Last month, Nelson and OSSI held a demonstration of the software's capabilities in Washington, showing a packed room how some of the programs worked. Many officials, from agencies such as the General Services Administration and Air Force, showed an interest in the applications, although just as many people in the audience had questions about the process of releasing government software as open source, which Nelson and his team are documenting.

The questions Nelson received were broad and varied. Can it still be called open-source if it relies on proprietary products from Microsoft and Adobe?
Nelson replied that open-source databases could be used in place of SQL Server, though the stored procedures would need to be rewritten. Someone else asked if the code would be posted online. Not yet, replied Nelson, adding that the OSCMIS distribution could be obtained on a DVD from DISA if requested by a government agency and through OSSI if requested by a nongovernment organization.

After demonstrating the software, Nelson's office has had requests every day from other government agencies for the package. Although it's too early to tell if the idea of government-sponsored open-source software will take off, much less pay off, Nelson and DISA have done much to generate interest in the possibility.

"It takes leadership within an organization to recognize the opportunity of open source and to have the fortitude to go for it," Weathersby said of DISA. "They're working outside the box."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5216 bytes
Desc: not available
URL: <http://oss-institute.org/pipermail/oscmis_oss-institute.org/attachments/20091022/292dd873/attachment-0001.bin>

More information about the OSCMIS mailing list