[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [id-cloud] Minutes - ID-Cloud TC call (12 July 2010)
On 07/12/2010 04:06 PM, Thomas Hardjono wrote: > Minutes (draft) - Oasis ID-Cloud TC call (12 July 2010) > > [1] Roll Call and Agenda Roll Call is towards the end of this email. Status Changes: Richard Sand (Skyworth) lost voting rights. > [2] Approval of minutes from last meeting on 28 June 2010: > > - Approval of June 28th Meeting Minutes > http://lists.oasis-open.org/archives/id-cloud/201007/msg00013.html (Membership Status Changes) > http://lists.oasis-open.org/archives/id-cloud/201006/msg00048.html (Corrected minutes from Thomas Hardjono) > > - Motion to approve minutes. > Motion: Jerry Smith > Second: John Dilley. > No objections. Motion passes. Minutes approved. > > > [3] Red Hat's Use Cases - Anil Saldhana > http://lists.oasis-open.org/archives/id-cloud/201005/msg00033.html > > 1) Virtualization Security and Application Security: > - Similar to SafeNet's use-case on virtual privileged accounts. > - Example: RedHat develops VMs, while Amazon as provider/hoster > allows VMs to be loaded/run by their customers. > - Certain Identities can access the applications hosted > on/above the virtual machine layer. > + Identities accessing applications maybe (are) different > from identities managing the VMs. > - Example: proofing done by Amazon maybe considered > insufficient by RedHat. > > 2) Identity provisioning: > (2a) Decoupling cloud resources > - Targets public clouds and hosted providers. > - Example: A document management system created by > a given identity must NOT get automatically > de-provisioned when the identity (ie. its creator) > gets de-provisioned. We must not lose document > management system. > > + John Dilley: > o Are the resources contained within an identity? > o If so, then they are at danger of being de-provisioned. > o Should identities "own" resources? > o Perhaps rewording is needed: "reassignment" of > identities as an old identity gets de-provisioned. > > + Thomas Hardjono: perhaps similar to "roles" that > own resources. > o Identities are mapped to roles. > o Roles stay, even when identity gets de-provisioned. > o Like traditional role-based access control. > > + Anil: decoupling could mean removal of resources > contained within an identity. > > + John Dilley: document management system should not > be contained within an identity. > o Need better explanation of "containment". > > (2b) Self-service admin portals: > - Portals that manage identities that are used > in use-case (1a) with VMs and Applications. > > + John Dilley: Need lifecycle for identity management. > o Some identifiers are permanent even after de-provisioning. > o eg. driver's license numbers never gets re-assigned to > a new person even after a license is decommissioned. > > + Anil: good use-case. Can JohnD please submit use-case? > > > 3) Identity audit > > - Anil: what standards exist today for audit? > + There is a Cloud Audit group. > > - John Dilley: there is research by Peter Druschel on > tamper-resistant audit/logs. > > - Jerry Smith: need to find references and fill this gap. > > - Tony Nadalin: Audit depends on individual use-cases, > thus treat per use-case. > > - Kurt Roemer: References needed to internal audit practices. > + Also need to address Forensics and forensic-logs. > > > 4) Identity Configuration > - Multiple identity services, needing identity configuration info for cloud infrastructure. > + For VMs, Applications, Infra. > > - Does anyone know existing work on configuration management? > + Perhaps in DMTF, and IETF. > + OVF open virtualization format > - related but may not fit cloud requirements. > > 5) Middleware Container > - RedHat needs middleware containers that work in > public cloud infra. > + eg. DB connectors, messaging, etc. etc. > + eg. JBoss, WebSphere, etc. > > - Applications will be deployed/un-deployed > + These run in public cloud infra and may have their > own identities. > + Need to map identities. > + Need to tie use-case #5 with use-case #1. > > - Cluster of VMs may run these middleware. > > 6) Federated SSO and attribute sharing > - Identities may come from different cloud infrastructures. > - May need a single security token format > + eg. SAML-based, OpenID, etc. > - Need Web 2.0 identities to work with Enterprise identities. > - Federation(?) common in many use-cases. > > 7) Identity silos > - Similar to directories (directory systems) > + Directory maybe inside an organization or within > a cloud (or within/across multiple clouds) > > 8) Privacy and governance > - Subjective topic (privacy). > - Kurt Roemer: If a public cloud is implemented > using shared resources, how to ensure privacy. > - Jerry Smith: why only in government? Correction, we are > talking about "governance". > > > 9) Requirements: listed in Anil's use-case email. > > Anil: Tony, how to proceed and extract all these use-cases? > Tony: Start to reduce to the unique set of scenarios. > - Then go back and fill gaps. > > > > [4] IDTrust Member Section Steering Committee Nomination > - Now seeking nominations. > - Anil and John Bradley are current members. > - What does IDTrust members do: > + Governs various security-related TCs. > + Steering committee oversees the security TCs. > + Organizes Oasis-related events worldwide. > + Has monthly calls. > + Volunteer for Program Committee for various Oasis events > o eg. review submitted speaking-proposals. > + Attends F2F meetings in Oasis. > + Participates in workshops/panels, etc. > > - Gershon Janssen: does the IDTrust have a working plan? > + John Bradley: you mean long term strategic plan? > o Most activities are tactical. > o One or twice a year send-out planned work items. > o Originated from old PKI Forum. > > [5] Oasis IDCloud Webinar in September > - TC received some negative comments about webinar. Thus > the ballot was created. > - Please remember to vote. > > [6] Call For Action > - TC needs more use-cases and scenarios. > > [7] Other business, questions, issues: > - Brian Marshall: > + where are the existing use-cases? > o Anil: posted on TC Wiki (will email URL to mail-list) > + have the protocols been decided? > o Anil: charter states TC will work on (i) use-cases, > then (ii) gap analysis, and then (iii) generate profiles > for the use-cases. > > [8] Adjourn: > - Motion to adjourn: Gershon Janssen. > - Seconded: Jerry Smith > - No objections. Motion passes. Meeting adjourned. > > __________________________________________ > Chatroom dump: > > AnilSaldhana_RedHat: hi all . thanks for joining. > anonymous2 morphed into Dale Moberg (Axway) > anonymous morphed into Kurt Roemer (Citrix) > anonymous1 morphed into Brian Marshall > Brian Marshall morphed into Brian Marshall (Vanguard) > Siddharth Bajaj: Siddharth Bajaj (VeriSign) is on the call > anonymous morphed into Dan Perry (Skyworth TTG) > anonymous morphed into John Dilley (Akamai) > Gershon Janssen: Hi... I'll be joining later due to another TC call overlapping with this meeting. > Kelvin Lawrence (IBM): Have to step away for about 5 minutes. BRB > John Bradley1: Andy Kindred Acxiom > John Dilley Akamai Technologies > James Ducharme Aveksa, Inc. > Kurt Roemer Citrix Systems, Inc. > Mark Robinton HID Global > Robert Cope Homeland Security Consultants > Jason Rouault HP Guest > David Kern IBM > Kelvin Lawrence IBM > John Bradley Individual > Thomas Hardjono M.I.T. > Anthony Nadalin Microsoft Corporation > Dale Olds Novell* > Anil Saldhana Red Hat > Bill Becker SafeNet, Inc. > Daniel Perry Skyworth TTG Holdings Limited > Tom Clifford Symantec Corp.* > Darren Platt Symplified > Jerry Smith US Department of Defense (DoD)* > Brian Marshall Vanguard Integrity Professionals > Siddharth Bajaj VeriSign > Siddharth Bajaj: Stepping away for few mins... > Gershon Janssen: Gershon Janssen joined > David Kern (IBM): Stepping away for a few minutes... > John Bradley1: update Andy KindredAcxiomGroup Member > John DilleyAkamai TechnologiesGroup Member > James DucharmeAveksa, Inc.Group Member > Kurt RoemerCitrix Systems, Inc.Group Member > Mark RobintonHID GlobalGroup Member > Robert CopeHomeland Security ConsultantsGroup Member > Jason RouaultHPGuest > David KernIBMGroup Member > Kelvin LawrenceIBMGroup Member > John BradleyIndividualGroup Member > Gershon JanssenIndividualGroup Member > Thomas HardjonoM.I.T.Group Member > Anthony NadalinMicrosoft CorporationGroup Member > Dale OldsNovell*Group Member > Anil SaldhanaRed HatGroup Member > Bill BeckerSafeNet, Inc.Group Member > Daniel PerrySkyworth TTG Holdings LimitedGroup Member > Tom CliffordSymantec Corp.*Group Member > Darren PlattSymplifiedGroup Member > Jerry SmithUS Department of Defense (DoD)*Group Member > Brian MarshallVanguard Integrity ProfessionalsGroup Member > Siddharth BajajVeriSignGroup Member > AnilSaldhana_RedHat: Were the use cases so good that we had few questions?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]