[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes - ID-Cloud TC call (12 July 2010)
Minutes (draft) - Oasis ID-Cloud TC call (12 July 2010) [1] Roll Call and Agenda [2] Approval of minutes from last meeting on 28 June 2010: - Approval of June 28th Meeting Minutes http://lists.oasis-open.org/archives/id-cloud/201007/msg00013.html (Membership Status Changes) http://lists.oasis-open.org/archives/id-cloud/201006/msg00048.html (Corrected minutes from Thomas Hardjono) - Motion to approve minutes. Motion: Jerry Smith Second: John Dilley. No objections. Motion passes. Minutes approved. [3] Red Hat's Use Cases - Anil Saldhana http://lists.oasis-open.org/archives/id-cloud/201005/msg00033.html 1) Virtualization Security and Application Security: - Similar to SafeNet's use-case on virtual privileged accounts. - Example: RedHat develops VMs, while Amazon as provider/hoster allows VMs to be loaded/run by their customers. - Certain Identities can access the applications hosted on/above the virtual machine layer. + Identities accessing applications maybe (are) different from identities managing the VMs. - Example: proofing done by Amazon maybe considered insufficient by RedHat. 2) Identity provisioning: (2a) Decoupling cloud resources - Targets public clouds and hosted providers. - Example: A document management system created by a given identity must NOT get automatically de-provisioned when the identity (ie. its creator) gets de-provisioned. We must not lose document management system. + John Dilley: o Are the resources contained within an identity? o If so, then they are at danger of being de-provisioned. o Should identities "own" resources? o Perhaps rewording is needed: "reassignment" of identities as an old identity gets de-provisioned. + Thomas Hardjono: perhaps similar to "roles" that own resources. o Identities are mapped to roles. o Roles stay, even when identity gets de-provisioned. o Like traditional role-based access control. + Anil: decoupling could mean removal of resources contained within an identity. + John Dilley: document management system should not be contained within an identity. o Need better explanation of "containment". (2b) Self-service admin portals: - Portals that manage identities that are used in use-case (1a) with VMs and Applications. + John Dilley: Need lifecycle for identity management. o Some identifiers are permanent even after de-provisioning. o eg. driver's license numbers never gets re-assigned to a new person even after a license is decommissioned. + Anil: good use-case. Can JohnD please submit use-case? 3) Identity audit - Anil: what standards exist today for audit? + There is a Cloud Audit group. - John Dilley: there is research by Peter Druschel on tamper-resistant audit/logs. - Jerry Smith: need to find references and fill this gap. - Tony Nadalin: Audit depends on individual use-cases, thus treat per use-case. - Kurt Roemer: References needed to internal audit practices. + Also need to address Forensics and forensic-logs. 4) Identity Configuration - Multiple identity services, needing identity configuration info for cloud infrastructure. + For VMs, Applications, Infra. - Does anyone know existing work on configuration management? + Perhaps in DMTF, and IETF. + OVF open virtualization format - related but may not fit cloud requirements. 5) Middleware Container - RedHat needs middleware containers that work in public cloud infra. + eg. DB connectors, messaging, etc. etc. + eg. JBoss, WebSphere, etc. - Applications will be deployed/un-deployed + These run in public cloud infra and may have their own identities. + Need to map identities. + Need to tie use-case #5 with use-case #1. - Cluster of VMs may run these middleware. 6) Federated SSO and attribute sharing - Identities may come from different cloud infrastructures. - May need a single security token format + eg. SAML-based, OpenID, etc. - Need Web 2.0 identities to work with Enterprise identities. - Federation(?) common in many use-cases. 7) Identity silos - Similar to directories (directory systems) + Directory maybe inside an organization or within a cloud (or within/across multiple clouds) 8) Privacy and governance - Subjective topic (privacy). - Kurt Roemer: If a public cloud is implemented using shared resources, how to ensure privacy. - Jerry Smith: why only in government? Correction, we are talking about "governance". 9) Requirements: listed in Anil's use-case email. Anil: Tony, how to proceed and extract all these use-cases? Tony: Start to reduce to the unique set of scenarios. - Then go back and fill gaps. [4] IDTrust Member Section Steering Committee Nomination - Now seeking nominations. - Anil and John Bradley are current members. - What does IDTrust members do: + Governs various security-related TCs. + Steering committee oversees the security TCs. + Organizes Oasis-related events worldwide. + Has monthly calls. + Volunteer for Program Committee for various Oasis events o eg. review submitted speaking-proposals. + Attends F2F meetings in Oasis. + Participates in workshops/panels, etc. - Gershon Janssen: does the IDTrust have a working plan? + John Bradley: you mean long term strategic plan? o Most activities are tactical. o One or twice a year send-out planned work items. o Originated from old PKI Forum. [5] Oasis IDCloud Webinar in September - TC received some negative comments about webinar. Thus the ballot was created. - Please remember to vote. [6] Call For Action - TC needs more use-cases and scenarios. [7] Other business, questions, issues: - Brian Marshall: + where are the existing use-cases? o Anil: posted on TC Wiki (will email URL to mail-list) + have the protocols been decided? o Anil: charter states TC will work on (i) use-cases, then (ii) gap analysis, and then (iii) generate profiles for the use-cases. [8] Adjourn: - Motion to adjourn: Gershon Janssen. - Seconded: Jerry Smith - No objections. Motion passes. Meeting adjourned. __________________________________________ Chatroom dump: AnilSaldhana_RedHat: hi all . thanks for joining. anonymous2 morphed into Dale Moberg (Axway) anonymous morphed into Kurt Roemer (Citrix) anonymous1 morphed into Brian Marshall Brian Marshall morphed into Brian Marshall (Vanguard) Siddharth Bajaj: Siddharth Bajaj (VeriSign) is on the call anonymous morphed into Dan Perry (Skyworth TTG) anonymous morphed into John Dilley (Akamai) Gershon Janssen: Hi... I'll be joining later due to another TC call overlapping with this meeting. Kelvin Lawrence (IBM): Have to step away for about 5 minutes. BRB John Bradley1: Andy Kindred Acxiom John Dilley Akamai Technologies James Ducharme Aveksa, Inc. Kurt Roemer Citrix Systems, Inc. Mark Robinton HID Global Robert Cope Homeland Security Consultants Jason Rouault HP Guest David Kern IBM Kelvin Lawrence IBM John Bradley Individual Thomas Hardjono M.I.T. Anthony Nadalin Microsoft Corporation Dale Olds Novell* Anil Saldhana Red Hat Bill Becker SafeNet, Inc. Daniel Perry Skyworth TTG Holdings Limited Tom Clifford Symantec Corp.* Darren Platt Symplified Jerry Smith US Department of Defense (DoD)* Brian Marshall Vanguard Integrity Professionals Siddharth Bajaj VeriSign Siddharth Bajaj: Stepping away for few mins... Gershon Janssen: Gershon Janssen joined David Kern (IBM): Stepping away for a few minutes... John Bradley1: update Andy KindredAcxiomGroup Member John DilleyAkamai TechnologiesGroup Member James DucharmeAveksa, Inc.Group Member Kurt RoemerCitrix Systems, Inc.Group Member Mark RobintonHID GlobalGroup Member Robert CopeHomeland Security ConsultantsGroup Member Jason RouaultHPGuest David KernIBMGroup Member Kelvin LawrenceIBMGroup Member John BradleyIndividualGroup Member Gershon JanssenIndividualGroup Member Thomas HardjonoM.I.T.Group Member Anthony NadalinMicrosoft CorporationGroup Member Dale OldsNovell*Group Member Anil SaldhanaRed HatGroup Member Bill BeckerSafeNet, Inc.Group Member Daniel PerrySkyworth TTG Holdings LimitedGroup Member Tom CliffordSymantec Corp.*Group Member Darren PlattSymplifiedGroup Member Jerry SmithUS Department of Defense (DoD)*Group Member Brian MarshallVanguard Integrity ProfessionalsGroup Member Siddharth BajajVeriSignGroup Member AnilSaldhana_RedHat: Were the use cases so good that we had few questions? __________________________________________
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]