[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Anil Saldhana (Red Hat) submission of use cases and requirements
Name of the member (s): Anil Saldhana Affiliation: Red Hat Inc Version: 1.0 ~~~~~~~ Use Cases: ~~~~~~~ 1) Virtualization Security and Application Security: * Identities manage the virtual machine. * Identities access the applications hosted on the virtual machine. * The VM identities necessarily are not the same as the application identities. * Proofing of Identities by the cloud infrastructure may not be sufficient for the VM owner. 2) Identity Provisioning * Decoupling of cloud resources from identities such that when the identities are de-provisioned, the cloud resources are not decommissioned (with no opportunities to transition to new identities). * Self service admin portals that do application identities, infrastructure identities and interlinked application-infrastructure identities. 3) Identity Audit * Audits with trails that are tamper proof. * What standard formats exist? 4) Identity Configuration * Metadata based configuration is required for cloud based identity services. * Application Identity Configuration and the cloud infrastructure configuration. 5) Middleware Container in a public cloud infrastructure A middle-ware container hosts applications and handles the various facets of application life cycle management. Deployer identities (identities that can affect Application life cycle) need to have a relationship with the cloud infrastructure identities. 6) Federated SSO and Attribute Sharing There will be a need to perform single sign on across a set of cloud infrastructures. With federation comes the need for sharing of attributes for the user/identity. * Security Token Format. * Security Token Transformation across clouds. * Mixture of enterprise and user-centric identities. 7) Identity silos in the clouds * The silos may be within a single cloud or may be outside the cloud or may be in multiple clouds. * Identity Attribute Aggregation based on multiple silos. 8) Identity Privacy in a shared cloud environment * Privacy controls in place for identities in operation in a shared environment. * Use of governance frameworks for identities. ~~~~~~~~~~ Requirements: ~~~~~~~~~~ 1) Defining the various types of identities that can be operating in a cloud infrastructure. 2) Define standard token formats for federated cloud SSO. 3) Define standard identity proofing mechanisms in the cloud (if any). 4) Define the subset of levels of assurance for identities in the cloud. 5) Define Identity Provisioning Mechanisms. 6) Define Identity Audit Mechanisms. 7) Discuss Identity Configuration mechanisms based on federated meta data and other related constructs. ~~~~~~~~~~ Best Practices: ~~~~~~~~~~ None in this version. ~~~~~~~~~~~~ Other Information: ~~~~~~~~~~~~ Some Pain Points at this time include: * Infrastructure security in a public cloud infrastructure. - Applications running within the infrastructure are owned by a particular identity, used by a set of identities that need to be proofed by the cloud infrastructure.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]