OASIS CloudAuthZ TC Meeting - 25 November 2013 Minutes

[Anil Saldhana <Anil.Saldhana@redhat.com>]

AnilSaldhana_RedHat: AnilSaldhana_RedHat: ==============

AnilSaldhana_RedHat: Agenda

1. Roll Call, Agenda Review and Minute Taker Nomination

2. Approval of Meeting Minutes

30 Sep 2013: https://lists.oasis-open.org/archives/cloudauthz/201309/msg00011.html

3. Use Case document discussion

4. Other Business

5. Adjourn

AnilSaldhana_RedHat: ==============================

AnilSaldhana_RedHat: The latest draft of the Use Case document: https://www.oasis-open.org/committees/download.php/51512/CloudAuthZ-usecases-v1.0f.docx

AnilSaldhana_RedHat: Meeting Attendees   Spreadsheet
Company Name ascending Role
JPMorgan Chase Bank, N.A. Shaheen Abdul Jabbar Secretary
PricewaterhouseCoopers LLP: Chris Kappler Voting Member
Bank of America Radu Marian Chair
Red Hat Anil Saldhana Chair

AnilSaldhana_RedHat: Quorum : Voting Members: 4 of 6 (66%) (used for quorum calculation)
Quorum Achieved

AnilSaldhana_RedHat: 2. Approval of Meeting Minutes

AnilSaldhana_RedHat: 30 sep 2013 https://lists.oasis-open.org/archives/cloudauthz/201309/msg00011.html

AnilSaldhana_RedHat: Radu: Moves to approve; Chris seconds

AnilSaldhana_RedHat: Meeting minutes are approved.,

AnilSaldhana_RedHat: 3. Use Case Document Discussion

AnilSaldhana_RedHat: The latest draft of the Use Case document: https://www.oasis-open.org/committees/download.php/51512/CloudAuthZ-usecases-v1.0f.docx

AnilSaldhana_RedHat: 16 Sept Meeting Minutes snippet

AnilSaldhana_RedHat: ==============

AnilSaldhana_RedHat: Shaheen: types of categories - administration, Runtime-authorization, cataloging according to tasks,


Shaheen: 1 may overlap 9

Shaheen: category - regulatory compliance

Shaheen: category - government regulatory compliance

AnilSaldhana_RedHat: ==============

AnilSaldhana_RedHat: Radu: RuntimeAuthorization is a phase in the IDM lifecycle

Radu Marian (Bank of America): Runtime Authorization is a level 1 IAM Taxonomy process that consists of the following sub-processes:

Radu Marian (Bank of America): 1. Policy Decision Request

Radu Marian (Bank of America): 2. Policy Decision

Radu Marian (Bank of America): 3. Policy Decision Response

Radu Marian (Bank of America): 4. Policy Enforcment

Radu Marian (Bank of America): 5. Authorization Enforcement Logging

AnilSaldhana_RedHat: I came up with 2 subcategories for authorization:  General Authorization  and b) Administration

AnilSaldhana_RedHat: Categories such as Governance, Compliance etc fall under level 1 categories in the document

AnilSaldhana_RedHat: Next goal for the use case document is to 30 days public review

AnilSaldhana_RedHat: before that we can do clean up (adapt the TBD), normalize them etc

AnilSaldhana_RedHat: 4. Other Business

AnilSaldhana_RedHat: 4.1 Starter Document for "Content Driven Entitlements v1.0" from TC Admin

AnilSaldhana_RedHat: Deliverable #4 in the charter https://www.oasis-open.org/committees/cloudauthz/charter.php#item-4

Meeting Adjourned