Ozone and the Government Open Source Software (GOSS) Advisory Board

I was recently asked about the history of the Ozone Government Open Source Software Advisory Board, AKA “The GOSS Board”.

Below are my recollections… Many of the source documents (such as the meeting briefings and minutes of the board meetings) are on Intelink at https://intellipedia.intelink.gov/wiki/OWF_GOSS , which many government folks can able to access with a PIV certificate. (Intelink is a shared service for the Defense, Intelligence, Homeland Security, Foreign Affairs, and Law Enforcement communities, and is not available to the general public.)  I found at least one other public blog that covers some of the same history, albeit with a different focus.

NSA first developed the “Ozone Widget Framework” (OWF) circa 2009.  OWF is a web application that acts as a framework for small, user-composable, web apps which we called “widgets”.  Around 2010, NSA was giving away (compiled) copies at Intelligence Community events.  People liked it.  Other agencies used it in various ways.

Around 2010, my boss gave me a task to go build a proof-of-concept web “storefront”, or apps store for DoD.  Knowledgeable people suggested that I should consider OWF.  It met many of my requirements, but I assumed that I would need to customize it in some way, so I convinced NSA leadership to share the source code with other federal agencies and (in theory) to accept patches.  Essentially, they agreed to adopt an open-source-like collaboration model, with the caveat that the code would not be shared outside the Federal government.

I coined the term “Government Open Source Software”, or GOSS.  Personally, I would have preferred to make it plain-old OSS, but I was limited by what I could get NSA and other gov’t agencies to accept at the time.  The code was made available to any federal agency.   In doing this, we also created a multi-agency governance board called the OWF GOSS (Gov’t Open Source Software) Advisory Board.  The four founding members were from NSA, DoD CIO, CIA and ODNI.  Over the next few years, the board grew to include representatives from DISA, NGA, 2 organizations in the Navy, DIA, 2 organizations in the Army, maybe others. (as best I can recall)

The original charter for the board included responsibilities to determine when to release the code to the public as “real” open source software, and also to disband itself if it wasn’t useful any longer.

The board met quarterly for years (2010-2014), hosted by NSA. (Mostly at their contractor’s offices)  At those meetings, participating agencies would prioritize work on the software.   The meetings were face-to-face (mostly) and generally lasted all day.  In the morning we would generally talk about strategic direction and membership, and in the afternoon we reviewed and prioritized the specific feature requests.    It slowed down around 2013-2014, because the NSA gov’t lead proposed to refactor the whole thing, so work on the day-to-day software updates was reduced while the refactoring effort was underway.  After a false start (remember OWF 8, OSGi ?), the refactoring effort eventually became the “Ozone Platform“, (OZP) which currently powers the Intelligence Community’s “AppsMall”.  Interestingly, OZP was always open source – it was developed in the open from the very inception.

Because OWF was a GOSS project, if some agency had a feature request that the broader community did not consider a priority, (and therefore was not in the work queue for the main developer) that agency was always encouraged to develop the enhancement with their own people and submit it back as a patch.  This happened a few times, and some of those features did eventually make it into the baseline, but most of the development was done by the core team that was on contract to NSA.

Section 924 of the 2012 National Defense Authorization Act directed the DoD CIO (my organization) to make it really open source.  We called this the GOSS-to-FOSS transition.  This process took about a year; the code had to be reviewed for release, some portions of the code were proprietary 3rd-party modules, and needed to be removed, licenses had to be chosen, a CLA developed, etc.   During the transition (and afterwards), the GOSS board kept meeting.

The GOSS board worked well, partly because ODNI had set aside funding for the NSA core team to work on community requirements.   That money ran out eventually (FY2016), and about the same time NSA stopped using the software internally (in favor of the refactored version called “Ozone Platform”.  NSA announced that they were no longer going to maintain OWF, which created much discontent for the other community members who found themselves using “unsupported” software.   NSA responded to the discontent by signing a CRADA with the software vendor (Next Century, Inc.) to make them the custodian of the both OWF and Ozone Platform and run the GOSS board themselves.

The DoD users of OWF (50+ programs, 11 of which are major acquisitions) have since banded together to form a “DoD GOSS Advisory Board (DGAB)” to pool requirements to a DoD custodian (Navy’s SPAWAR System Center-Pacific), where DoD users can send funding to support DoD Requirements.  I suspect that SPAWAR might consider contracting back to Next Century to either make enhancements or integrate patches from the community.   One might argue that Next Century is uniquely well-qualified to maintain OWF (since they’ve been doing it since at least 2009), but certainly they are not the only qualified agent to do so.

Part of the hard challenge for collaborative development in a government context is that even if a varied set of agencies or offices all are contributing, some central agent has to evaluate the patches and integrate the changes. (i.e. the custodian or maintainer)  This can work until the custodial agency has a shift in focus, and wants to step down, leaving a void in the community.  This is hard in non-gov’t projects too.  The Ozone transition has been ugly, but hopefully it’s starting to turn the corner.   I don’t think the story is quite done yet; the relationship between the CRADA partner (the “commercial” custodian) and the government custodian is still evolving at this time.

That said, I like to point out that the process worked pretty well for 5 years, which is a pretty good run.

Also, the concept and rhetoric of the GOSS Advisory Board was adopted by the DoD Command-and-Control community for another piece software called “Agile Client Framework”, but I don’t know much about it.  (They call is the “GAB”, short for “GOSS Advisory Board”.)

Leave a Reply

Your email address will not be published.