RE: [id-cloud] Possible profile/gap analysis approach - and NISTopportunity

[Matt Rutkowski <mrutkows@us.ibm.com>]

Roger,

I think that we are on the verge of being able to do all these activities
within the TC context using OASIS tools.  Why not just nominate yourself
to be an editor and do these things under OASIS IPR using OASIS tooling.
 I really do not want to use tooling or processes that are not under
OASIS control or take in any work products developed in community settings
other than OASIS.

If we want to get to these topics sooner,
I would suggest helping work on the terms/defns. with Tony and helping
rewrite some of the use cases we identified as needing work so we can get
a Comm. Draft out and get a milestone for the TC under our belt.

My thoughts,
-Matt



From:      
 "Roger Bass"
<roger@traxian.com>
To:      
 "'Anil Saldhana'"
<Anil.Saldhana@redhat.com>, <id-cloud@lists.oasis-open.org>,
Matt Rutkowski/Austin/IBM@IBMUS, "'Peter F Brown'" <peter@peterfbrown.com>
Date:      
 06/03/2011 10:29 AM
Subject:    
   RE: [id-cloud]
Possible profile/gap analysis approach - and NIST opportunity

---

Sounds good, will do.  Yes,
I am volunteering to be ONE OF the editors of the gap analysis document,
and to take the lead on placeholder content and soliciting input, at least
for now.
 
Peter – currently, we have
periodic document revisions published to the TC via SVN (by Matt), with
contributor submissions coming via the TC email list and/or uploading to
the document repository.  If such submissions are made in parallel
via Google Docs, and then, post-merge published on SVN, do you see a problem?
 I’m just trying to minimize the work involved here, given my limited
time.
 
Matt – if you or anyone
else have suggestions about other tools or processes to make this easier,
please let me know.
 
Roger
 
 
From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
Sent: Friday, June 03, 2011 10:56 AM
To: id-cloud@lists.oasis-open.org
Subject: Re: [id-cloud] Possible profile/gap analysis approach - and
NIST opportunity
 
Hi Roger,
at the next meeting, let us formally vote on starting the gap analysis
process such that we can send a request to tc admin for the work product.
In the interim, you are free to create a placeholder content that can be
copied over. I am also assuming that you have volunteered to be one of
the editors of the gap analysis document.

Happy Friday!
 
Regards,
Anil

On 06/03/2011 09:47 AM, Roger Bass wrote: 
Tony, Anil, Matt et al –
agreed, that’s the proposal (even if I wasn’t clear in my first email).
 
What I’m asking now is:
is this a reasonable outline as an initial framework for the gap analysis?
 Shall I create a draft (spreadsheet) working document now, or does
someone else want to do this?
 
I suspect the OASIS TC Admin
needs to create a template or placeholder document for the official output,
even if (as I’m proposing) we use a shared spreadsheet to keep track of
this for now.
 
Best, Roger
 
 
From: Anthony Nadalin [mailto:tonynad@microsoft.com]
Sent: Friday, June 03, 2011 10:26 AM
To: Roger Bass; id-cloud@lists.oasis-open.org
Subject: RE: [id-cloud] Possible profile/gap analysis approach - and
NIST opportunity
 
Need to preserve the OASIS
IPR and thus any documents must be collaborated upon in OASIS 
 
From: Roger Bass [mailto:roger@traxian.com]
Sent: Wednesday, June 01, 2011 10:03 AM
To: id-cloud@lists.oasis-open.org
Subject: [id-cloud] Possible profile/gap analysis approach - and NIST
opportunity
 
Anil, Matt and everyone,
 
I’d like to propose a new
working document.  For now, this would be just a working document,
though it might eventually become a TC work product.  The document
would be: a spreadsheet of the various use cases, with initial thoughts
(from use case owners and others interested), as to:
Existing standards that may
apply (initial thoughts)
Possible gaps or new requirements
Other initiatives or implementations
that may be related, either
SDOs or specific standards
initiatives
Working proprietary implementations
whose owners might consider participating or contributing
 
I’m thinking of this as
perhaps a precursor to the profile efforts we’ve discussed – but also
perhaps something that could help move that process along, and organize
the output of profiles as we go.  I’m unclear on the plans/process/timing
you envisioned on gap analysis etc, so if there’s a better way to align
with those plans, please let me know.
 
The trigger for this proposal
was my being approached by some NIST folks, specifically the SAJACC group,
about leading a white paper effort for them on Identity Management.  (SAJACC
is the more technical aspect of the NIST effort, short for Standards Acceleration
to Jumpstart Adoption of Cloud Computing).  I’m reluctant to undertake
any significant new effort, but it seems their goals here align fairly
closely with what we’re doing in Id-Cloud (see below).  So, this
may be an opportunity to publicize and get greater leverage from what we’re
doing – and create an additional impetus for our own efforts.  The
proposed document above seems like a potentially useful piece in doing
that.
 
Unless anyone has a better
tool to propose, and to minimize editing burdens, I’d suggest perhaps
using a shared spreadsheet in Google Docs, so that TC members (and indeed
perhaps NIST folks too) can make edits directly to the original document.
 
Thoughts?
 
Best,
Roger
 
 
From: Tong, Jin [mailto:jin.tong@nist.gov]
Sent: Wednesday, June 01, 2011 11:46 AM
To: Roger Bass
Cc: Badger, Mark Lee
Subject: RE: Lead on SAJACC Cloud Id Management white paper effort
 
Roger,
 
Yes, the SAJACC meeting yesterday
was pretty short.
 
As to the white paper effort
for IdM, my take is to describe and catalog (1) use cases/use case categories
on how IdM is involved in cloud operations, (2) what standards, APIs are
out there to address these technical requirements, and (3) document various
on-going efforts in this area out there. The goal is to use it to (a) review
our SAJACC use cases and (b) proceed to do some feasibility testing if
possible to demonstrate these interfaces/standards do implement the requirements.
 
Lee, please chime in if I
missed anything.
 
Thanks,
--Jin
 
From: Roger Bass [mailto:roger@traxian.com]
Sent: Tuesday, May 31, 2011 2:43 PM
To: Tong, Jin
Subject: RE: Lead on SAJACC Cloud Id Management white paper effort
 
Jin,
 
I gather today’s meeting
happened and finished earlier than the agenda indicated.
 
As regards leading the white
paper effort, could you forward to me some email (perhaps a previous thread?)
outlining the goals and scope for the white paper?  I doubt that I
am the right person to lead that effort, but would be happy to sound out
others on the OASIS Identity Management TC.  Several members there
have already been involved with NIST as well, and might be a better fit
than I (e.g. Michelle Drgon).
 
My own personal interest
and expertise is more around the large-scale “Intercloud” identity issues,
and not so much on the ‘cloud app’ use cases you described, critical
as they are.
 
As regards the white paper,
I’m wondering in particular how that might relate to the OASIS Id Could
efforts, namely:
documentation of use cases
(already well advanced)
profiling of existing standards,
(planned over next few months in some cases, where interest exists)
gap analysis
 
Best regards,
Roger
 
 
From: Tong, Jin [mailto:jin.tong@nist.gov]
Sent: Tuesday, May 31, 2011 12:03 PM
To: roger@traxian.com
Cc: Badger, Mark Lee
Subject: Lead on SAJACC Cloud Id Management white paper effort
 
Roger,
 
Thanks for your interest in participating
in the ID Management white paper effort for SAJACC. We are still looking
for a lead for this effort and I wonder if you are interested in taking
the lead. You expressed that perhaps you can engage only in a limited way,
but I think we could greatly benefit from your experience and expertise
in these topics.
 
Thanks for considering and we look forward
to hearing from you.
--Jin