OG0-092 techniques - TOGAF 9 Part 2 Updated: 2023

Industry pundits, application security professionals, development managers, developers and legal teams alike realize that the world has changed. Rather than writing code, developers assemble components, making them more productive personally and also enabling them to meet the better, faster, cheaper goals imposed by the companies they work for. And most organizations find out—like it or not—that their code under management is comprised north of 50% open—source components.

It seems that the use of open source, with faster, better, cheaper benefits and operational, security and intellectual property risk, ought to be addressed both in architecture and governance frameworks. How might an organization map the use of popular architecture and governance frameworks with the policies and processes necessary to govern and manage the use of open source? In order to accomplish this mapping, let’s consider extending the combined use of TOGAF and COBIT, two popular frameworks.

To put us all on the same page, let’s first align on a definition of architecture. Because I like standards, can we all agree to use the ISO/EID definition? “Fundamental concepts or properties of a system in its environment embodied in its elements, relationships, and in the principles of its design and evolution (ISO/IED 42010).” So, it’s all about the structure of a system.

The Open Group Architectural Framework has evolved to help enterprise architecture structure architectural domains, including business, data, application and technology. If its use is successful, it informs the structure for enterprise architecture, and informs the processes and techniques around software development. It helps organizations avoid re-inventing the wheel, and as a vendor, tool and technology-neutral open standard, TOGAF can complement other frameworks.

Where does open source fit in? As described by Dave Lounsbury, CTO and Vice President of The Open Group, the considered use of open source fits in all four domains. In business architecture, requirements are defined and readiness for change is analyzed. In application architecture, component guidance is backed up by an audit and inventory. In data architecture, governance and project metadata are determined. And under technical architecture, technology opportunities are considered. Under these domains, governance, including capability and compliance assessments, is determined by an architecture board. Sounds great. And in fact, we’re getting close to addressing the business need, the “why this matters.” But how are key performance indicators determined, and broader IT governance and processes (including a broader set of stakeholders) established? If TOGAF supplies a methodology to add structure for enterprise architecture processes and technology, COBIT can help organizations implement TOGAF and connect it to other IT processes.

What of COBIT? Control Objectives for Information and Related Technologies is a framework created by ISACA for IT management and governance. With COBIT 5 (the latest version), ISACA has attempted to consolidate major ISACA frameworks and research, and to better align with other major frameworks (e.g. TOGAF, ITIL) and standards in the marketplace, with the goal of becoming an “overarching” framework enabling greater IT efficiencies. Essentially, according to Mauritz Kloppers, an independent IT management advisor, they’ve “harmonized practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK.” In COBIT language, “The COBIT 5 goals translate stakeholder needs into specific, practical and customized goals within the context of the enterprise, IT-related goals and enabler goals.”

Relative to governing and managing the use of open-source components while addressing operational and security risk, I’ve found COBIT to be very useful by leveraging their “Risk IT Key Management Practices,” which is a combination of Evaluate, Direct and Monitor (EDM) processes for governance of enterprise IT and Align, Plan and Organize (APO) processes for management of enterprise IT. I simply extend these governance and management processes to govern and manage the use of open-source components. Similarly, they’ve established governance and management processes pertaining to enterprise architecture, and then tied practices to a RACI (Responsible, Accountable, Consulted, Informed) chart.

While TOGAF adds structure for enterprise architecture, processes and techniques, COBIT puts TOGAF into context by relating architectural processes to all other IT processes. And COBIT, through RACI charts, adds responsibilities for TOGAF, helping organizations implement TOGAF and connect it to broader IT processes. To complete the circle, COBIT also adds key performance indicators for TOGAF. Nice.

So what’s my beef? If open-source use is as prevalent as industry experts and your own open-source use analysis indicates, why aren’t these frameworks explicit in calling out the need for its governance and management? Rather than “extending” their use, shouldn’t these frameworks be explicit about addressing open-source project use?

Many would argue that open-source use has hit a “tipping point,” that it has helped accelerate the rate of innovation for mobile, cloud and Big Data, while affecting how individuals and organizations are creating software. The increased amount of co-opetition among organizations through the use of open source (see Lodestone, OpenMAMA, GENIVI) is another indicator of its industry acceptance and game-changing capability. In my view, COBIT’s Risk IT Key Management Practices should be explicit about risk from the use of open-source components, and these risks should be in scope. Risk factors, including loss of IP, security vulnerabilities, license conflicts and obligations, and export controls, need to be addressed directly.

And TOGAF should not just make an association, but be explicit in business architecture, application architecture, data architecture and technical architecture domains regarding the added benefits. These benefits and risks of open source can then “cascade” into the broader IT governance and management COBIT framework.

Phil Marshall is Senior Product Marketing Manager with Black Duck Software.

• By Dave Emerson
• Cover Story

Summary

A detailed look at O-PAS™ Standard, Version 1.0

By Dave Emerson

Process automation end users and suppliers have expressed interest in a standard that will make the industry much more open and modular. In response, the Open Process Automation™ Forum (OPAF) has worked diligently at this task since November 2016 to develop process automation standards. The scope of the initiative is wide-reaching, as it aims to address the issues associated with the process automation systems found in most industrial automation plants and facilities today (figure 1).

It is easy to see why a variety of end users and suppliers are involved in the project, because the following systems are affected:

• manufacturing execution system (MES)
• distributed control system (DCS)
• human-machine interface (HMI)
• programmable logic controller (PLC)
• input/output (I/O)

In June 2018, OPAF released a technical reference model (TRM) snapshot as industry guidance of the technical direction being taken for the development of this new standard. The organization followed the TRM snapshot with the release of the OPAS™ Version 1.0 in January 2019. Version 1.0 addresses the interoperability of components in federated process automation systems. This is a first stop along a three-year road map with annual releases targeting the themes listed in table 1.

Table 1. The O-PAS Standard three-year release road map addresses progressively more detailed themes.

By publishing versions of the standard annually, OPAF intends to make its work available to industry expeditiously. This will allow suppliers to start building products and returning feedback on technical issues, and this feedback-along with end user input-will steer OPAS development. O-PAS Version 1.0 was released as a preliminary standard of The Open Group to allow time for industry feedback.

The OPAF interoperability workshop in May 2019 is expected to produce feedback to help finalize the standard. The workshop allows member organizations to bring hardware and software that support O-PAS Version 1.0, testing it to verify the correctness and clarity of this preliminary standard. The results will not be published but will be used to update and finalize the standard.

Figure 1. A broad sampling of suppliers and end users are highly interested in the scope of the OPAS under development by OPAF, because it touches on all the key components of industrial automation systems: hardware (I/O), the communication network, system software (e.g., run time, namespace), application software, and the data model. 

Some terminology

For clarity, a summary of the terminology associated with the OPAF initiative is:

• The Open Group: The Open Group is a global consortium that helps organizations achieve business objectives through technology standards. The membership of more than 625 organizations includes customers, systems and solutions suppliers, tool vendors, integrators, academics, and consultants across multiple industries.
• Open Process Automation Forum: OPAF is an international forum of end users, system integrators, suppliers, academia, and other standards organizations working together to develop a standards-based, open, secure, and interoperable process control architecture. Open Process Automation is a trademark of The Open Group.
• O-PAS Standard, Version 1.0 (O-PAS): OPAF is producing the OPAS Standard under the guidance of The Open Group to define a vendor-neutral reference architecture for construction of scalable, reliable, interoperable, and secure process automation systems.

Standard of standards

Creating a "standard of standards" for open, interoperable, and secure automation is a complex undertaking. OPAF intends to speed up the process by leveraging the valuable work of various groups in a confederated manner.

The OPAS Standard will reference existing and applicable standards where possible. Where gaps are identified, OPAF will work with associated organizations to update the underlying standard or add OPAS requirements to achieve proper definition. Therefore, OPAF has already established liaison agreements with the following organizations:

• Control System Integrators Association (CSIA)
• Distributed Management Task Force (DMTF), specifically for the Redfish API
• FieldComm Group
• Industrial Internet Consortium (IIC)
• International Society of Automation (ISA)
• NAMUR
• OPC Foundation
• PLCopen
• ZVEI

Additionally, OPAF is in discussions with AutomationML and the ISA Security Compliance Institute (ISCI) as an ISA/IEC 62443 validation authority. In addition to these groups, the OPC Foundation has joined OPAF as a member, so no liaison agreement is required.

As an example of this cooperation in practice, OPAS Version 1.0 was created with significant input from three existing standards, including:

• ISA/IEC 62443 (adopted by IEC as IEC 62443) for security
• OPC UA adopted by IEC as IEC 62541 for connectivity
• DMTF Redfish for systems management (see www.dmtf.org/standards/redfish)

Next step: Configuration portability

Configuration portability, now under development for OPAS Version 2.0, will address the requirement to move control strategies among different automation components and systems. This has been identified by end users as a requirement to allow their intellectual property (IP), in the form of control strategies, to be portable. Existing standards under evaluation for use in Version 2.0 include:

• IEC 61131-3 for control functions
• IEC 16499 for execution coordination
• IEC 61804 for function blocks

O-PAS Version 3.0 will address application portability, which is the ability to take applications purchased from software suppliers and move them among systems within a company in accordance with applicable licenses. This release will also include the first specifications for hardware interfaces.

Under the OPAS hood

The five parts that make up O-PAS Version 1.0 are listed below with a brief summary of how compliance will be Checked (if applicable):

• Part 1 — Technical Architecture Overview (informative)
• Part 2 — Security (informative)
• Part 3 — Profiles
• Part 4 — Connectivity Framework (OCF)
• Part 5 — System Management

Part 1 - Technical Architecture Overview (informative) describes an OPAS-conformant system through a set of interfaces to the components. Read this section to understand the technical approach OPAF is following to create the O-PAS.

Part 2 - Security (informative) addresses the necessary cybersecurity functionality of components that are conformant to OPAS. It is important to point out that security is built into the standard and permeates it, as opposed to being bolted on as an afterthought. This part of the standard is an explanation of the security principles and guidelines that are built into the interfaces. More specific security requirements are detailed in normative parts of the standards. The detailed normative interface specifications are defined in Parts 3, 4, and 5. These parts also contain the associated conformance criteria.

Part 3 - Profiles  defines sets of hardware and software interfaces for which OPAF will develop conformance tests to make sure products interoperate properly. The O-PAS Version 1 profiles are:

• Level 1 Interoperability Hardware Profile: A certified product claiming conformance to this profile shall implement OSM-Redfish.
• Level 2 Interoperability Hardware Profile: A certified product claiming conformance to this profile shall implement OSM-Redfish BMC.
• Level 1 Interoperability Software Profile: Software claiming conformance to this profile shall implement OCF-001: OPC UA Client/Server Profile.
• Level 2 Interoperability Software Profile: Software claiming conformance to this profile shall implement OCF-002: OPC UA Client/Server and Pub/Sub Profile.

The term "Level" in the profile names refers to profile levels.

Part 4 - Connectivity Framework (OCF) forms the interoperable core of the system. The OCF is more than just a network, it is the underlying structure allowing disparate components to interoperate as a system. The OCF will use OPC UA for OPAS Versions 1.0, 2.0, and 3.0.

Part 5 - System Management covers foundational functionality and interface standards to allow the management and monitoring of components using a common interface. This part will address hardware, operating systems and platform software, applications, and networks-although at this point Version 1.0 only addresses hardware management.

Conformance criteria are identified by the verb "shall" within the O-PAS text. An OPAF committee is working on a conformance guide document that will be published later this year, which explains the conformance program and requirements for suppliers to obtain a certification of conformance.

Technical architecture

The OPAS Standard supports communication interactions that are required within a service-oriented architecture (SOA) for automation systems by outlining the specific interfaces the hardware and software components will use. These components will be used to architect, build, and start up automation systems for end users.

The vision for the OPAS Standard is to allow the interfaces to be used in an unlimited number of architectures, thereby enabling each process automation system to be "fit for purpose" to meet specific objectives. The standard will not define a system architecture, but it will use examples to illustrate how the component-level interfaces are intended to be used. System architectures (figure 2) contain the following elements:

Distributed control node (DCN): A DCN is expected to be a microprocessor-based controller, I/O, or gateway device that can handle inputs and outputs and computing functions. A key feature of O-PAS is that hardware and control software are decoupled. So, the exact function of any single DCN is up to the system architect. A DCN consists of hardware and some system software that enables the DCN to communicate on the O-PAS network, called the OCF, and also allows it to run control software.

Distributed control platform (DCP): A DCP is the hardware and standard software interfaces required in all DCNs. The standard software interfaces are a common platform on top of which control software programs run. This provides the physical infrastructure and interchangeability capability so end users can control software and hardware from multiple suppliers.

Distributed control framework (DCF): A DCF is the standard set of software interfaces that provides an environment for executing applications, such as control software. The DCF is a layer on top of the DCP that provides applications with a consistent set of O-PAS related functions no matter which DCN they run in. This is important for creating an efficient marketplace for O-PAS applications.

OPAS connectivity framework (OCF): The OCF is a royalty-free, secure, and interoperable communication framework specification. In O-PAS Version 1, the OCF uses OPC UA.

Advanced computing platform (ACP): An ACP is a computing platform that implements DCN functionality but has scalable computing resources (memory, disk, CPU cores) to handle applications or services that require more resources than are typically available on a small profile DCP. ACPs may also be used for applications that cannot be easily or efficiently distributed. ACPs are envisioned to be installed within on-premise servers or clouds.

Within the OPAS Standard, DCNs represent a fundamental computing building block (figure 3). They may be hardware or virtual (when virtual they are shown as a DCF as in figure 2), big or small, with no I/O or various amounts. At the moment, allowable I/O density per DCN is not settled, so some standardization in conjunction with the market may drive the final configuration.

DCNs also act as a gateway to other networks or systems, such as legacy systems, wireless gateways, digital field networks, I/O, and controllers like DCS or PLC systems. Industrial Internet of Things (IIoT) devices can also be accessed via any of these systems.

Figure 2. OPAS establishes a system architecture organizing process automation elements into interoperable groupings.

Building a system

End users today must work with and integrate multiple systems in most every process plant or facility. Therefore, the OPAS Standard was designed so users can construct systems from components and subsystems supplied by multiple vendors, without requiring custom integration. With the OPAS Standard it becomes feasible to assimilate multiple systems, enabling them to work together as one OPAS-compliant whole. This reduces work on capital projects and during the lifetime of the facility or plant, leading to a lower total cost of ownership.

By decoupling hardware and software and employing an SOA, the necessary software functions can be situated in many different locations or processors. Not only can software applications run in all hardware, but they can also access any I/O to increase flexibility when designing a system.

One set of components can be used to create many different systems using centralized architectures, distributed architectures, or a hybrid of the two. System sizes may range from small to large and can include best-in-class elements of DCS, PLC, SCADA, and IIoT systems and devices as needed.

Information technology (IT) can also be incorporated deeper into industrial automation operational technology (OT). For example, DMTF Redfish is an IT technology for securely managing data center platforms. OPAF is adopting this technology to meet OPAS system management requirements.

Comprehensive and open

Each industrial automation supplier offers a variety of devices and systems, most of which are proprietary and incompatible with similar products from other vendors and sometimes with earlier versions of their own products. End users and system integrators trying to integrate automation systems of varying vintages from different suppliers therefore have a challenging job.

To address these issues, OPAF is making great strides toward assembling a comprehensive, open process automation standard. Partially built on other established industry standards, and extending to incorporate most aspects of industrial automation, the O-PAS Standard will greatly Improve interoperability among industrial automation systems and components. This will lower implementation and support costs for end users, while allowing vendors to innovate around an open standard.

For more information on OPAS Version 1.0, please download the standard at https://publications.opengroup.org/p190. Submit feedback by emailing ogspecs@opengroup.org. 

Figure 3. DCNs are conceived as modular elements containing DCP (hardware) and DCF (software), both of which are used to interface field devices to the OCF.

The Group Policy Editor in Windows 11 or Windows 10 is a vital configuration editor that allows you to change settings organization-wide. Primarily it’s designed for IT admin can change the advanced settings of a remote computer. However, if you have an administrator account, you can open Group Policy Editor in multiple ways, and manage your computer and network.

These are the methods you can use to open the Group Policy Editor on Windows systems:

1. Using Windows Search box
2. Create a shortcut
3. Using Command Prompt or Power Shell
4. Using Run Prompt
5. Via Control Panel
6. Via Settings.

Before you begin, you should know that the Group Policy Editor is available in Windows 11/10 Pro, Windows 11/10 Enterprise, and Windows 11/10 Education editions only, and not in Windows 11/10 Home.

See this post if Windows cannot find GPEDIT.MSC. If you are using Windows 11/10 Home edition, you need to add the Local Group Policy Editor to your computer.

1] Windows Search

1. Press the Windows button to open Start Menu
2. Type “group policy.”
3. It should list the policy editor on the tap
4. Click open to open the Group Policy Editor.

Read: How to search Group Policy for specific GPO in Windows 11/10.

2] Create a Desktop Shortcut

If you use it often, it is best to create a shortcut on the desktop and even assign a hotkey.

1. Navigate to C:\Windows\System32
2. Search for “gpedit.msc”
3. Once it appears, right-click on it, and select Create a shortcut.
4. Click Yes when it prompts that the shortcut can only be created on the desktop
5. Next time you want to open it, double click to launch it.

You can also assign a hotkey to it, and you can start it using a keyboard combination.

3] Using Command Prompt or Power Shell

If you are a power user who uses Command Prompt or the Power Shell, here is a nifty solution for you.

Make the WinX Menu show PowerShell instead of Command Prompt.

Then open Win+X and select Windows Power Shell (Admin).

Or you could search for CMD and choose to launch it with admin privileges.

Type “gpedit” and it will open the GPE in a few seconds.

4] Using Run Prompt

Probably the easiest method, and also the most common one.

• Open the Run prompt (WIN+R)
• Type gpedit.msc, and hit Enter
• You may get prompted with the UAC prompt
• Choose yes, and it will launch the Group Policy Editor

5] Via Control Panel

• Open the search bar, and then type control
• It will reveal the Control Panel. Click or tap to start it
• In the search box on the top right, type “group.”
• Look for Administrative Tools > Edit group policy
• Click to launch it

It is useful for those who use the Control Panel for almost everything to manage the computer.

6] Via Settings

• Open Windows Settings
• Type Group Policy and GPE should be available
• Click on the result, and it will start the editor.

Which method to open Group Policy Editor is your favorite? Let us know in the comments.

Related read: How to repair a corrupt Group Policy in Windows 11/10.

Daniel Hatter began writing professionally in 2008. His writing focuses on Topics in computers, Web design, software development and technology. He earned his Bachelor of Arts in media and game development and information technology at the University of Wisconsin-Whitewater.

At Springer Nature, we are committed to the goals of open research. Our policies help authors achieve a high level of openness with their research and support them in meeting the open access (OA) requirements of their research funders and institutions. For information on our Nature Portfolio policies on self-archiving and re-use terms see our self-archiving and license to publish page.

For further Springer Nature OA policies, such as our retrospective open access policy, information on pricing adjustments and guidance on funder compliance and open access licensing; see our journals open access policies on SpringerNature.com.

501(c) Groups — Nonprofit, tax-exempt groups organized under section 501(c) of the Internal Revenue Code that can engage in varying amounts of political activity, depending on the type of group. For example, 501(c)(3) groups operate for religious, charitable, scientific or educational purposes. These groups are not supposed to engage in any political activities, though some voter registration activities are permitted. 501(c)(4) groups are commonly called "social welfare" organizations that may engage in political activities, as long as these activities do not become their primary purpose. Similar restrictions apply to Section 501(c)(5) labor and agricultural groups, and to Section 501(c)(6) business leagues, chambers of commerce, real estate boards and boards of trade.

527 Group — A tax-exempt group organized under section 527 of the Internal Revenue Code to raise money for political activities. These groups are typically parties, candidates, committees or associations organized for the purpose of influencing an issue, policy, appointment or election, be it federal, state or local. Such organizations can raise unlimited funds from individuals, corporations or labor unions, but they must register with the IRS and disclose their contributions and expenditures.

Hybrid PACs (Carey Committees) — A Carey committee is a hybrid political action committee that is not affiliated with a candidate and has the ability to operate both as a traditional PAC, contributing funds to a candidate's committee, and as a super PAC, which makes independent expenditures. To do so, Carey committees must have a separate bank account for each purpose. The committee can collect unlimited contributions from almost any source for its independent expenditure account, but may not use those funds for its traditional PAC contributions.

Political Action Committee (PAC) — A political committee that raises and spends limited "hard" money contributions for the express purpose of electing or defeating candidates. Organizations that raise soft money for issue advocacy may also set up a PAC. Most PACs represent business, such as the Microsoft PAC; labor, such as the Teamsters PAC; or ideological interests, such as the EMILY's List PAC or the National Rifle Association PAC. An organization's PAC will collect money from the group's employees or members and make contributions in the name of the PAC to candidates and political parties. Individuals contributing to a PAC may also contribute directly to candidates and political parties, even those also supported by the PAC. A PAC can provide $5,000 to a candidate per election (primary, general or special) and up to $15,000 annually to a national political party. PACs may receive up to $5,000 each from individuals, other PACs and party committees per year. A PAC must register with the Federal Election Commission within 10 days of its formation, providing the name and address of the PAC, its treasurer and any affiliated organizations.

May 20—There are fewer reporters on the beat these days, which is why it's all the more important for the ones that are left to be aggressive in the way they cover government missteps and residents' concerns.

That was part of the message delivered this week by Mark Mahoney, a Pulitzer Prize winning editorial writer and editor with the Daily Gazette in Schenectady who served as guest speaker during the annual meeting of the New York Coalition for Open Government.

"One of the problems we're having here with the open government is the declining the number of reporters and local journalism," Mahoney said.

Citing a 2022 article from the Columbia Journalism Review, Mahoney noted that the number of reporters in the United States, from 2004 to 2021, declined by 57% from 71,640 to 30,820.

"It's more than half the reporters gone," he said. "So not only do you have fewer reporters out in the field, the reporters that remain are tasked with doing a lot more work for their papers a lot more efficiently, which means maybe they won't take time to go to a meeting except for the big one, whereas a lot of times they would go to all of them."

Mahoney has attended a lot of meetings over the course of his career, which was punctuated with his Pulitzer Prize win for editorial writing in 2009. The Pulitzer Prize committee cited Mahoney's "relentless down to earth editorials on the perils of local government secrecy," which he continues to pen in his capacity with the Daily Gazette.

For years, Mahoney has focused his work on highlighting the shortcomings of local governments and elected officials when they fail to follow open government rules and Freedom of Information Laws.

During Wednesday's meeting of the coalition, which works to promote open government across New York state, Mahoney encouraged residents to continue to press public officials to follow the rules. He said it's equally important for reporters to do their part by not just reporting on what transpires during a public meeting but also whenever government officials attempt to conduct business in private that should be public.

Story continues

"Let the public know that this stuff is going on and what these people are up to," he said. "You know you let the public know that you're aware, let the public officials know that you're watching them, because if they think no one's paying attention, they'll take advantage of that and some of them do it deliberately, and some of them do it, you know, incidentally. A lot of public officials don't know the law."

"When you stand up for your right to know, when a reporter reports a violation, it does have a ripple effect," he added. "It serves both to educate the officials, and also to keep them from violating the rules."

While some of them proved more stubborn than others, Mahoney said over the years he's found accurate reporting, coupled with timely, to-the-point, no-nonsense editorials can be effective in convincing public officials to follow the rules, uphold the law and respect the public's right to know.

"Embarrassment is a legitimate and effective tool," he said. "Nobody likes to have their name in the paper being called out, you know, for for being a not transparent or for keeping secrets, or whatever."

Mahoney lauded the coalition and its members for serving as an active advocacy organization not only for the public but for the press as well.

"I think this organization, particularly for a small and and relatively new grassroots group, has done an incredible job raising awareness," he said.

The New York Coalition for Open Government has been calling out public officials for failing to be transparent and for keeping secrets since 2016. Started by Amherst attorney Paul Wolf, the non-partisan group originally focused on open government and Freedom of Information Law concerns in Western New York and has now expanded its efforts statewide.

The coalition's annual meeting included an overview of the coalition's accomplishments from last year, including its efforts to organize a protest of Niagara Falls Mayor Robert Restaino's repeated use of special meetings and a informational get-together held with the Niagara County Clerks Association to offer advice on complying with New York's open government rules.

The coalition also generated several reports on governmental transparency, including one that found 61% of New York counties failing to respond to Freedom of Information requests within five days as required by law and another that found 72% of towns were not posting meeting documents online and 25% meeting minutes or recordings of meetings, again as required by state law.

Wolf acknowledged that in New York, the last state in America to adopt open government laws in 1973, there's still plenty of work to do on the government transparency and access to public information front.

The coalition supports mandatory in-person meetings for governing bodies, with requirements that all meetings be streamed live so residents and others can participate via computer or telephone.

Wolf noted that while New York does have a state agency — the Committee on Open Government — that renders opinions on transparency issues, it does not have any true oversight agency or any penalties in place for public officials or municipalities when they violate the rules.

"We don't that here in New York and that's something that we really need," he said.