Re: [id-cloud] RE: ID-Cloud Minutes from June 28 2010 Call

[Anil Saldhana <Anil.Saldhana@redhat.com>]

Membership Status Changes:

Gained voting status:
Andy Kindred, Axciom


Lost Voting Status:
Darren Platt, Symplified
John Tolbert, Boeing
Dimitar Mihilov, SAP


On 06/29/2010 10:43 AM, John Bradley wrote:
> I have added you to the attendance tracker.
>
> John B.
> On 2010-06-29, at 4:22 AM, Cohen, Doron wrote:
>
>    
>> Thomas,
>>
>> Please add my name to the list
>>
>> Thanks
>> Doron
>>
>>
>> -----Original Message-----
>> From: Thomas Hardjono [mailto:hardjono@MIT.EDU]
>> Sent: Monday, June 28, 2010 22:53
>> To: id-cloud
>> Cc: Anil Saldhana; Anthony Nadalin
>> Subject: [id-cloud] ID-Cloud Minutes from June 28 2010 Call
>>
>> Minutes from Oasis ID-Cloud TC (June 28, 2010)
>>
>> 1) Roll Call:
>> John Bradley
>> Andy Kindred - Acxiom
>> John Dilley - Akamai Technologies
>> James Ducharme Aveksa, Inc.
>> Paul Lipton - CA*
>> Mark Robinton - HID Global
>> Heather Hinton - IBM
>> Matthew Rutkowski - IBM
>> John Bradley - Individual
>> Peter Brown - Individual
>> Gershon Janssen - Individual
>> Michael Stiefel* - Individual
>> Thomas Hardjono - M.I.T.
>> Dee Schur - OASIS *
>> Patrick Harding - Ping Identity Corporation*
>> Anil Saldhana - Red Hat
>> Bill Becker - SafeNet, Inc.
>> Tom Clifford - Symantec Corp.*
>> Kyle Austin - TriCipher, Inc.
>> Siddharth Bajaj - VeriSign
>> Daniel Turissini - WidePoint Corporation
>>
>> 2) Approval of the June 14th Minutes
>> http://lists.oasis-open.org/archives/id-cloud/201006/msg00036.html
>>
>>    Moved: Gershon Janssen.
>>    Second: John Bradley.
>>    No objections. Minutes approved.
>>
>>
>> 3) Discussion of Safe Net Use Cases by Doron Cohen/Bill Baker
>>
>> (A) Use-Case #1: Privileged Accounts in the Cloud.
>> - Use-Case description: Need more stringent security (eg. auth, audit, etc) than normal accounts and in-perimeter accounts.
>>
>> - Anil: Q: Can we make this into an infrastructure Privileged Account
>>   + Doron: We need a new set of requirements for cloud service (different from traditional in-perimeter infra).
>>   + Siddarth: Supports this use-case.
>>
>> - John Dilley: Q: Would authN infra for this use-case be different than in normal accounts?
>>   + Doron: They may have different policies and different back-end capabilities. Thus we need this new use-case.
>>
>> - John Dilley: We need to create a core set of mechanisms that are true/valid across all use-cases (in the Cloud-ID TC).
>>
>> - John Bradley: has been looking at Federation metadata (from projects in Europe), including issues relating to SAML usage (eg. is SAML secure enough). Some accounts in the cloud will need better risk analysis.
>>
>> - Patrick: agrees with John Bradley and John Dilley. Has questions about federated accounts. What happens if things go wrong (ie. when even the privileged accounts/users get locked-out). Need a statement how to handle this.
>>
>> - Anil: Any assumptions about federated identity and the priviledged accounts use-case?
>>   + Doron: No assumptions. Up to each implementation.
>>   + Siddarth: has seen these implemented before.
>>
>>
>> (B) Use-Case #2: Enterprise employee accesing cloud services.
>> - Use-Case description: Regular employee of Enterprise want to access cloud services.
>>   + Want to benefit from SSO
>>   + Will require different level of assurance (ie. compared to intra-enterprise services)
>>   + Will require different sec. requirements and authN policies.
>>   + Related to federated provisioning.
>>   + Will need to support different form-factors and access methods.
>>
>> - Thomas Hardjono: Q: Is the cloud-service part of the Enterprise or is it run by a trusted third party (TTP)?
>>   + Doron: the later (ie. TTP).
>>
>> - Anil: Suggest to change the title of the use-case.
>>   + Doron: agree, but want to focus on extending the (enterprise) identity to the cloud.
>>
>>
>> (C) Use-Case #3: Consumer scenario.
>> - Use-Case description: Want to use a Consumer Identity to access different services on the Internet
>>   + Instead of using the one-ID per service today.
>>   + Want SSO capability.
>>   + Has similar requirements (to previous use-case?)
>>   + Main twist: Need for privacy and need for user-control over which informations to disclose.
>>
>> - John Dilley: Q: is that ID linked to an enterprise ID?
>>   + There is the *why* and the *how* questions.
>>   + Is this simply a federated ID use-case?
>>   + Each ID (in an environment) typically has an accompanying info about that ID. Do we mean to export this info to other/new environments?
>>
>> - Patrick Harding: If I was a web service, why would I let my user authenticate using Google, Yahoo, etc ?
>>   + John Bradley: for targetted apps.
>>
>>
>>
>> 4) Follow up on the Kerberos In The Cloud Discussion
>> - Thomas Hardjono: no update for today, but plan to update the use-case doc.
>>
>> 5) Other Business
>> * Members Reference: Cloud Identity Summit in July
>> (http://www.cloudidentitysummit.com/)
>>
>> 6) Adjourn
>> - Next telecon on 12 July 2010.
>> - Moved: Gershon
>> + seconded: John Dilley.
>> + No objections. Meeting adjourned.
>>
>>
>> ________
>> SoapHub chatroom:
>>
>> anonymous2 morphed into Michael Stiefel
>> anonymous3 morphed into Doron Cohen
>> Doron Cohen morphed into Doron Cohen (SafeNet)
>> anonymous morphed into John Dilley (Akamai)
>> AnilSaldhana_RedHat: The bridge has toll free numbers your individual countries. That will save you from calling the US.
>> AnilSaldhana_RedHat: Doron, thanks for joining in.  It must be late for you.
>> Peter morphed into Peter F Brown
>> anonymous morphed into Jim Ducharme
>> Jim Ducharme morphed into Jim Ducharme (Aveksa)
>> anonymous1 morphed into Siddharth Bajaj
>> Siddharth Bajaj morphed into Siddharth Bajaj (VeriSign)
>> anonymous morphed into Benny Koren (Mellanox)
>> anonymous morphed into Jason Rouault (HP)
>> Heather Hinton (IBM): just joined on the phone
>> anonymous morphed into Patrick Harding
>> Thomas Hardjono (MIT)1: Notes: Minutes from 14 June 2010 meeting approved unanimously. Moved by Gershon Janssen. 2nd by John Bradley.
>> John Bradley: Meeting Attendees
>> NameCompanyStatus
>> Andy KindredAcxiomGroup Member
>> John DilleyAkamai TechnologiesGroup Member
>> Paul LiptonCA*Group Member
>> Mark RobintonHID GlobalGroup Member
>> Heather HintonIBMGroup Member
>> Matthew RutkowskiIBMGroup Member
>> John BradleyIndividualGroup Member
>> Peter BrownIndividualGroup Member
>> Gershon JanssenIndividualGroup Member
>> Michael Stiefel*IndividualGroup Member
>> Thomas HardjonoM.I.T.Group Member
>> Dee SchurOASIS *Group Member
>> Patrick HardingPing Identity Corporation*Group Member
>> Anil SaldhanaRed HatGroup Member
>> Bill BeckerSafeNet, Inc.Group Member
>> Tom CliffordSymantec Corp.*Group Member
>> Kyle AustinTriCipher, Inc.Group Member
>> Siddharth BajajVeriSignGroup Member
>> Daniel TurissiniWidePoint CorporationGroup Member
>> Jim Ducharme (Aveksa): Please add Jim Ducharme (Aveksa) to the attendee list.
>> AnilSaldhana_RedHat: John, I usually copy paste into an editor and remove the "Group Member"
>> Matt Rutkowski (IBM): The case of avoiding use of the same identity (token) (e.g. email address) seems new to the discussion as this leads to customer risk.  In cloud, it seems a real concern that there is a masking to the customer that they are accessing hosted (partner) services and that leads to inadvertent release of privacy information related to identity and at the worst perception that reuse of passwords for the same identity token is acceptable.
>> John Bradley: NameCompany
>> Andy KindredAcxiom
>> John DilleyAkamai Technologies
>> James DucharmeAveksa, Inc.
>> Paul LiptonCA*
>> Mark RobintonHID Global
>> Heather HintonIBM
>> Matthew RutkowskiIBM
>> John BradleyIndividual
>> Peter BrownIndividual
>> Gershon JanssenIndividual
>> Michael Stiefel*Individual
>> Thomas HardjonoM.I.T.
>> Dee SchurOASIS *
>> Patrick HardingPing Identity Corporation*
>> Anil SaldhanaRed Hat
>> Bill BeckerSafeNet, Inc.
>> Tom CliffordSymantec Corp.*
>> Kyle AustinTriCipher, Inc.
>> Siddharth BajajVeriSign
>> Daniel TurissiniWidePoint Corporation
>> AnilSaldhana_RedHat: I am bit under the weather. thanks to everyone for bearing my voice.
>> ___________________________________