Re: [cloudauthz] RE: Oasis CloudAuthZ Entitlements Model Informal Work Session

["Mike Poulin" <mpoulin@usa.com>]

Dear Colleagues,

I am thankful to Radu for conducting and leading this Working Group but I have a few comments on the procedure aspects.

1. I think that we all have equal rights and our comments are not for the presenter's acceptance or not but for the protocol. If it is difficult to lead the discusstion and make notes simultaneously (which it is), I can recommend what we do in another OASIS TC - we make an audio-record of the entier session and upload it into the TC's area on OASIS' Site. For example, I was disagree with Radu about reletionships of Role and Task but this is not recorded in the Sessions 'protocol'.

2. I think that further evolution of the diagrams represented by Radu does not meet our real need. Particularly, one diagram reflects non-described reslationships of non-defined entities while another diagram depicts a process of development of Entitlement System.  I believe that it is too early talking about the development process if it is reasonable at all because I cam not sure that the TC is going to stnadardise it. At the same time, I beleive that it is time to start WRITE DEFINITIONS of the entities presented in the Radu's diagram. He knows what he means and kindly ready to explain this but I do not want to ask him again and again to do this. I prefer to read it and be sure that all memebers are agree with particular definition. Entitlement ontology is a grate and serious part of Authorisation for Clouds; just a diagram does not define or explain anything, it just illustrates. But to understand this illustratioun EVERYONE has to know what is illustrated even in an absence of Radu.

I'd like to have TC decision on this matter (regardless my presence in the meeting).

3. A question to our Chair - why we have started with the Entitlement ontology (this is how Radu explained his diagram finally but after my confused  suggestions) instead of working on justifiable and comprehensive discovery and definition of what differences Authorisation in Clouds has from regular Authorisation in an enterprise?  Why we created this TC?  I believe that only answer to these questions will allow us to form a particular view on Entitlement solution and its ontology.
There are a lot of attempts to pin existing enterprise authorisation solution to Cloud and nobody is interested in any standardisation in this area. We have to demonstrate and defend our demonstration of the _technical_, _economic_ and _polical_ need for a standard for Cloud authorisation; this is our primary task, not an entitlement itself.

4. I still have no feedback to my TC post of business cases for authorisation. Nobody even sent me a message saying how these business cases differ from use-cases that everybody talked initially...  I think that the TC leadership has to be a bit more demanding.

Thank you,
- Michael Poulin

 

 

----- Original Message -----

From: Marian, Radu

Sent: 02/08/13 09:34 PM

To: 'Kenneth Stavinoha (kestavin)', Anil Saldhana (Anil.Saldhana@redhat.com), 'David Chadwick', 'Chris Hyzer', 'Mark Lambiase', Barbir, Abbie, Mike Poulin (mpoulin@usa.com), Frick, Cynthia, Mark Lambiase

Subject: [cloudauthz] RE: Oasis CloudAuthZ Entitlements Model Informal Work Session

 

Dear Colleagues,

 

We’ve held our first informal entitlements modeling session this Wednesday February 6^th at 11am.  Here are the minutes:

 

1. Mike Poulin has joined the informal modeling session.
2. Radu went over the following artifacts:

1. Proposed CloudAuthZ Business Drivers to Use Cases.doc
2. Proposed Oasis CloudAuthZ Entitlements Model

3. Mike had quite a few probing questions to understand the overall principles and intent of the model and made the following suggestions:

3. Rename "Resource" to "Business Resource"
4. Rename “Resource” to “[adjective-tbd] Policy”

4. Ken (or Chris?) has made the following suggestion:

5. Add a hierarchical relation to Action – similar to resource.  The goal is to have admin action inherit all privileges from it child pages (read, add, change, delete).

 

P.S.  The next modeling session is on February 20^th at 11am.  I will also update the meeting invite body to reflect the time – David thank you for your suggestion.

 

Best regards,

Radu Marian

an Enterprise without Ontology is like a country without a map.

 

 

-----Original Appointment-----
From: Marian, Radu
Sent: Monday, February 04, 2013 12:22 PM
To: Marian, Radu; 'Kenneth Stavinoha (kestavin)'; Anil Saldhana (Anil.Saldhana@redhat.com); 'David Chadwick'; 'Chris Hyzer'; 'Mark Lambiase'; Barbir, Abbie; Mike Poulin (mpoulin@usa.com); Frick, Cynthia
Cc: Mark Lambiase
Subject: Oasis CloudAuthZ Entitlements Model Informal Work Session
When: Wednesday, February 06, 2013 11:00 AM-12:00 PM (GMT-05:00) Eastern Time (US & Canada).
Where: webex

 

 

This is an informal work session around proposed Oasis CloudAuthZ Entitlements Model

 

 

 

-+-----+-----+-----+-----+-----+-----+-----+-----+-

[Do not add or change anything below this line. The information in this section may be replaced with your meeting details after you click Send.]

 

-------------------------------------------------------

To start this meeting

-------------------------------------------------------

1. Go to https://attend.webex.com/attend/j.php?J=644835161

2. If you are not logged in, log in to your account.

 

-------------------------------------------------------

Teleconference information

-------------------------------------------------------

Provide your phone number when you join the meeting to receive a call back. Alternatively, you can call:

Call-in toll-free number (Premiere): 1-866 222 6658  (US)

Show global numbers: https://www.myrcplus.com/cnums.asp?bwebid=8369444&ppc=237796&num=1866+222+6658&num2=1

Host access code: 414 764 2

Attendee access code: 237796

 

You scheduled this meeting.

 

Meeting Number: 644 835 161

Meeting Password: This meeting does not require a password.

 

-------------------------------------------------------

** If you setup PGi Teleconferencing within WebEx and encounter dial back issues, contact PGi at https://bofa.pgimeet.com/.

-------------------------------------------------------

 

To learn more about WebEx visit the ProductBuzz site.

http://productbuzz.bankofamerica.com/Pages/Products/WebEx.aspx

 

-------------------------------------------------------

This Bank of America web conferencing service is externally hosted over the Internet.  Bank of America or its vendor may record the audio and visual portions of the web conferencing session and will implement industry standard measures to protect it according to its sensitivity. Information that is privileged, confidential and/or proprietary are subject to important terms and conditions at http://www.bankofamerica.com/emaildisclaimer.

 

By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting and that Bank of America has the right to retain and use the data and communications.

-------------------------------------------------------

[MC MeetingInfo For Host (Productivity Tools)]

 

http://www.webex.com

 

 

---

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.