Re: [cloudauthz] Meeting Minutes of 2 February 2013

[Anil Saldhana <Anil.Saldhana@redhat.com>]

Mike,
  it was on the agenda during yesterday's meeting.  It was unfortunate that you were not present during the meeting. We can discuss your submissions at the next meeting.

Regards,
Anil

On 02/04/2013 02:38 PM, Mike Poulin wrote:

Hi All,
 I am really surprised. In other OASIS TC we always discussed _all_ documents submitted by the time og the meeting regardelss the presence of the author. At least, major questions to be articulated and documented.

I submitted a document re business cases, not use  cases, and no one saw it? Or wanted to comment? Strange. Insted, as I see, people talked about XACML, whihc is a low level deteil of implementation, and even Unix file permissions... The letter cannot be used in Clouds at all becuase of incompareable context and objectives.

Many things we are familiar with and used to use in our daily do not work in Clouds becuase independent businesses do not trust each other and compete for the user's/customer's money. The major value of CloudAuthZ that I see is in a mechnaism that would allow to resolve business issues with Cloud security; technology in this area is number 2.

In the last week I was 2 days in the Cloud Expo Europe 2013 where Cloud security was presented by a dozen of presentations (I do not count numerous vendor stands). The common tone was - "many things we have [in the enterprise] do not work anymore" in Clouds. I have more information if anybody is interested.

Regardding ontology and Informal Calls on Entitlement. I have volunteered already to work in this group. I'd like to emphesise that Authorisation or Entitlement ontology should be about those subjects and do not try to cover outside drivers like a business task that requires the use of an Entitlement solution. That is, we should not put in everything we know about and around Authorisation or Entitlement. This is my opinion.

- Michael Poulin

 

----- Original Message -----

From: Abdul Jabbar, Shaheen N

Sent: 02/04/13 06:53 PM

To: cloudauthz@lists.oasis-open.org

Subject: [cloudauthz] Meeting Minutes of 2 February 2013

Roll call by Anil

 

 

-        Everyone on the chat room is present on the call.

 

 

Agenda Review

 

 

-        No objection to proposed agenda

 

 

Meeting Minutes Approval

 

 

-        Meeting minutes taken by Shaheen

 

 

-        Meeting minutes approval from 21 JAN 2013 & 7 JAN 2013

 

 

o   Radu moved the motion

 

 

o   Mark seconded the motion

 

 

o   No objections

 

 

o   Minutes approved

 

 

Use case discussion

 

 

-        Radu Marian’s submission

 

 

o   There is an urgency for the ontology

 

 

o   Use case have only the title; will provide details later

 

 

o   Use case are based on business driver which is derived from business requirements

 

 

o   This is the core business driver which may need more discussion for cloud

 

 

o   Business facilitation

 

 

§  Taken from IM point of view based on a paper by Delloitte (2007)

 

 

§  Improve user experience, collaboration, time to market, integration

 

 

§  To improve collaborate; the business have to leverage data quality and process quality

 

 

·        identify process roles and entitlements

 

 

·        IM process should be reference-able – an example would be “Get me all the entitlements that the user has”.

 

 

o   Anil – this document looks good. Requires some improvement on how it can be organized.

 

 

o   Radu – it cannot be done hierarchically because certain use cases have many to many relationships.

 

 

o   Anil – we may able to leverage ID Cloud model. We may have to come up with a proper template so that information can be captured in a better way. This would help editors

 

 

o   Anil – we can dedicate meetings to go over the submissions in details. Since these are early days, we will have 5 minutes for each submission.

 

 

-        Anil Saldhana’s submission

 

 

o   Document was based on the charter discussion

 

 

o   Main use case is listed at the bottom of the document

 

 

o   Anil went over the definitions which is based on XACML definition

 

 

o   Shaheen suggested providing links to XACML definition document

 

 

o   Anil explained the process to enforcement checks using PEP. Anil proposes cloud entitlement point to define a collection of cloud entitlements.

 

 

o   Radu asked more explanation and Anil gave an analogy of Unix file permissions

 

 

o   Radu – basically Anil is proposing run time authorization and entitlement assignment

 

 

o   Anil – the first is already solved but the latter needs further development

 

 

o   Radu – you basically presume there will be entitlement API

 

 

o   Anil – what we didn’t agree was is semantics of the entititlement. It would be good to come up with a message format

 

 

o   Radu – on the second diagram, we will be starting from scratch. Are there any standards that we can leverage? The first one is already addressed by XACML.

 

 

o   Anil – so far no real efforts yet

 

 

o   Radu – UML representation of JASON may help; will upload the document. Radu gave a brief walkthrough of the document.

 

 

o   No further comments

 

 

Informal Calls on Entitlement

 

 

-        Radu sent out meeting invitation for the meeting

 

 

-        You may also use mailing list for the discussion

 

 

-        Radu already got 3 responses for the participation

 

 

User story submission

 

 

-        Deadline is end of February 2013

 

 

Other business

 

 

-        Cloud Connect Santa Clara - April 2013

 

 

o   (Potential F2F, Speaking opportunities at OASIS event)

 

 

o   Abbie may be attending and may be able to speak on the TC

 

 

Meeting adjourned

 

 

 

 

 

Chat transcript at http://webconf.soaphub.org/conf/room/OASIS-cloudauthz

 

 

 
anonymous morphed into Jeff Broberg (CA)

 

 
Please change your name from 'anonymous' using the Settings button

 

 
Room information was updated by: AnilSaldhana(RedHat)

 

 
[CONFERENCE CODE: 6703828003]

 

 

 
* Toll Free Numbers:

 

 

 
* Reservationless-Plus Toll Free Dial-In Number (US & Canada): (800) 451-8679

 

 

 
Global Access Numbers Local:

 

 

 
Australia, Sydney Dial-In #: 0289852326

 

 

 
Austria, Vienna Dial-In #: 012534978196

 

 

 
Belgium, Brussels Dial-In #: 027920405

 

 

 
China Dial-In #: 4006205013

 

 

 
China, Domestic Dial-In #: 8008190132-Landline

 

 

 
Denmark, Copenhagen Dial-In #: 32729215

 

 

 
Finland, Helsinki Dial-In #: 0923194436

 

 

 
France, Paris Dial-In #: 0170377140

 

 

 
Germany, Berlin Dial-In #: 030300190579

 

 

 
Hong Kong Dial-In #: 85230730429

 

 

 
Ireland, Dublin Dial-In #: 014367793

 

 

 
Italy, Milan Dial-In #: 0236269529

 

 

 
Netherlands, Amsterdam Dial-In #: 0207975872

 

 

 
Norway, Oslo Dial-In #: 21033188

 

 

 
Singapore Dial-In #: 64840858

 

 

 
Spain, Barcelona Dial-In #: 935452328

 

 

 
Sweden, Stockholm Dial-In #: 0850513770

 

 

 
Switzerland, Geneva Dial-In #: 0225927881

 

 

 
Switzerland, Zurich Dial-In #: 0445803463

 

 

 
United Kingdom Dial-In #: 02078970515

 

 

 
United Kingdom Dial-In #: 08445790676

 

 

 
United Kingdom, LocalCall Dial-In #: 08445790678

 

 

 
United States Dial-In #: 2127295016

 

 
anonymous morphed into Shaheen Abdul Jabbar (JPMC)

 

 
AnilSaldhana(RedHat): back in a minute...

 

 
anonymous morphed into Radu (Bank of America)

 

 
anonymous morphed into Hernan Matute (Cyphercor)

 

 
AnilSaldhana(RedHat): ============

 

 
anonymous morphed into Mark Lambiase (SecureAuth)

 

 
anonymous1 morphed into Richard Hill (Boeing)

 

 
AnilSaldhana(RedHat): ==========

 

 
AnilSaldhana(RedHat): Agenda

 

 

 
1. Roll Call, Agenda Review and Minute Taker Nomination.

 

 

 

 

 
2. Approval of Meeting Minutes

 

 

 
21 Jan 2013 : https://lists.oasis-open.org/archives/cloudauthz/201302/msg00009.html

 

 

 
7 Jan 2013 : https://lists.oasis-open.org/archives/cloudauthz/201301/msg00007.html

 

 

 
3. Use Cases and Definitions Discussion

 

 

 
(5 minutes to each member to discuss their submission.  Detailed discussion in subsequent meetings)

 

 

 
- Michael Poulin's Submissions

 

 

 
https://www.oasis-open.org/committees/download.php/48079/Business%20Cases%20for%20%20CloudAuthZ.docx

 

 

 
https://www.oasis-open.org/committees/download.php/47978/Some%20Ideas%20about%20Approach%20to%20Cloud%20Authentication.pptx

 

 

 

 

 
Radu Marian's Submissions

 

 

 
https://www.oasis-open.org/committees/document.php?document_id=48107&wg_abbrev=cloudauthz

 

 

 

 

 
Anil Saldhana's Submissions

 

 

 
https://www.oasis-open.org/committees/document.php?document_id=48120&wg_abbrev=cloudauthz

 

 

 

 

 
4. Schedule for Informal Calls on Entitlements [Radu]

 

 

 
5. Other Business

 

 

 
- Cloud Connect Santa Clara - April 2013

 

 

 
(Potential F2F, Speaking opportunities at OASIS event)

 

 

 
5. Adjourn

 

 
AnilSaldhana(RedHat): ==================

 

 
anonymous morphed into Chris Hyzer (Internet2)

 

 
Ken Stavinoha (Cisco): Hi Anil, I am on the phone but cannot seem to get off of mute... I can hear everyone fine.

 

 
AnilSaldhana(RedHat): *6 #6

 

 
AnilSaldhana(RedHat): Shaheen is the minute taker

 

 
AnilSaldhana(RedHat): meeting minutes are approved.

 

 
AnilSaldhana(RedHat): Radu's PNG: https://www.oasis-open.org/committees/download.php/48108/entitlement.ontology.png

 

 

 

 

Partipants:

 

 

 AnilSaldhana(RedHat)

 

 

 Chris Hyzer (Internet2)

 

 

 Dale Moberg (Axway)

 

 

 Danny Thorpe (Dell)

 

 

 Felix Gomez (NEC)

 

 

 Gines Dolera (NEC)

 

 

 Hernan Matute (Cyphercor)

 

 

 Ken Stavinoha (Cisco)

 

 

 Mohammad Jafari (ESC)

 

 

 Radu (Bank of America)

 

 

 Shaheen Abdul Jabbar (JPMC)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to European legal entities.