A potential new TC under the IDTrust Member Section.
-------- Original Message --------
Subject: | [members] Proposed Charter for Cloud Authorization (CloudAuthZ) TC |
Date: | Wed, 3 Oct 2012 14:21:24 -0400 |
From: | Chet Ensign <chet.ensign@oasis-open.org> |
To: | tc-announce@lists.oasis-open.org, members@lists.oasis-open.org, oasis-charter-discuss@lists.oasis-open.org |
CC: | anil.saldhana@redhat.com, sstark@redhat.com, mlittle@redhat.com, Abbie Barbir <abbie.barbir@bankofamerica.com>, radu.marian@baml.com, rakesh.radhakrishnan@bankofamerica.com, shahrokh.shahidzadeh@intel.com, mohan.kumar@intel.com, jonathan.sander@quest.com, Doron.Grinstein@quest.com, Danny.Thorpe@quest.com, erik@axiomatics.com, ggebel@axiomatics.com, david.brossard@axiomatics.com, hardjono@mit.edu, tomas@primekey.se, Dawn.Jutla@SMU.CA, prabath@wso2.com, "Paul Fremantle (WSO2)" <paul@wso2.com>, craig.forster@sailpoint.com, darran.rolls@sailpoint.com, tony@yaanatech.com, mary@meristic.com, gershon@qroot.com |
To OASIS Members:
A draft TC charter has been submitted to establish the OASIS Cloud Authorization (CloudAuthZ) TC. In accordance with the OASIS TC Process Policy section 2.2: (https://www.oasis-open.org/policies-guidelines/tc-process#formation) the proposed charter is hereby submitted for comment. The comment period shall remain open until 11:45 pm ET on 17 October 2012.
OASIS maintains a mailing list for the purpose of submitting comments on proposed charters. Any OASIS member may post to this list by sending email to: oasis-charter-discuss@lists.oasis-open.org. All messages will be publicly archived at: http://lists.oasis-open.org/archives/oasis-charter-discuss/. Members who wish to receive emails must join the group by selecting "join group" on the group home page: http://www.oasis-open.org/apps/org/workgroup/oasis-charter-discuss/. Employees of organizational members do not require primary representative approval to subscribe to the oasis-charter-discuss e-mail.
A telephone conference will be held among the Convener, the OASIS TC Administrator, and those proposers who wish to attend within four days of the close of the comment period. The announcement and call-in information will be noted on the OASIS Charter Discuss Group Calendar.
We encourage member comment and ask that you note the name of the proposed TC (CloudAuthZ) in the subject line of your email message.
---
1. Charter of the TC
1.(a) The name of the TC:
OASIS Cloud Authorization Technical Committee (CloudAuthZ)
1.(b) Statement of Purpose:
Cloud Computing is gaining traction in the industry. Cloud Providers are facing challenges from the lack of standardized profiles for authorization and entitlements . In Cloud Computing Systems, resources such as bandwidth and memory are constrained. There are use cases where the access policy enforcement of a cloud resource needs to be performed as close to the consumer as possible. This requires availability of attributes including contextual attributes. Additionally, since the computing resources are limited, there are use cases where there is a need for the Policy Enforcement Point to obtain the contextual entitlements (the consumer has) with one call, rather than perform a large number of calls to the authorization set up as seen in the classic enforcement model.
The Cloud Authorization Technical Committee will use existing, well designed standards, to provide mechanisms for enabling the delivery of cloud contextual attributes as close as possible to Policy Enforcement Points. Such mechanisms can enable the development of cloud infrastructures that provide in real time a subset of contextual entitlements sets that a decision point can use to authorize or deny a consumer’s use of a specific resource. By developing standard mechanisms to do this, the need to customize the interactions between customer and vendor systems will be reduced, the overhead needed to support authorization and entitlement will decrease and portability across multiple systems will be enhanced.
The Cloud Authorization Technical Committee will use existing, well designed standards, to provide mechanisms for enabling the delivery of contextual entitlements to the Policy Enforcement Points.
1.(c) Scope of work:
The purpose of this TC is to generate profiles for Cloud Authorization and Entitlements. The purpose of the TC is to develop optimal configuration of relevant standards in order to allow enforcement of authorization policies to be carried out as close to the consumer as possible. In this case, the TC will develop techniques that allow a consumer to receive a set of allowed entitlements and will develop authorization mechanisms that can use these entitlements to determine in real time contextual applicable policies.
1. The TC will define use cases for authorization and entitlements in a Cloud Computing context. These may be existing use cases or new use cases as the TC determines. The TC will reuse use cases identified by the OASIS Identity In The Cloud (ID) TC in the context of Cloud Authorization.
2. When necessary, the TC will work on defining missing specifications for Cloud Authorization and Entitlements. The TC will reuse as a primary objective, existing standards as well as standards that are being developed in the area of scope. The TC will make an effort at not reinventing the wheel.
3. The TC will generate Cloud Authorization and Entitlements profiles for Platform As A Service (PaaS), Infrastructure As a Service (IaaS) and Software As a Service (SaaS) models of Cloud Computing.
4. In all of its work, the TC should, to the extent feasible, prefer widely implementable, widely interoperable, modular standards, extensions, profiles and methods that permit use by a variety of participants.
5. The TC will develop strong liaison relationships with other OASIS Technical Committees, Standards groups and Bodies in the industry. Some of these non-OASIS organizations include OASIS, IETF, ITU-T, ISO and W3C. The TC is free to adopt liaison relationships with any standards organization as it sees fit.
Out of Scope
Identity Management Provisioning.
1.(d) List of deliverables:
1. A document calling out in detail the specific use cases of authorization and entitlements in a Cloud Computing context that the TC plans to address in their work product. This document will be completed and approved by the TC by January 2013. This document will be a OASIS Committee Note Track document.
2. A document detailing the configuration of relevant standards in order to allow enforcement of authorization policies to be carried out as close to the consumer as possible, using the Cloud Computing Models of IaaS, PaaS and SaaS as examples in this document. This document will be completed and approved by the TC by June 2013. This document will be a OASIS Committee Specification Track document.
3. A document detailing the configuration and specifications to define the download of contextual entitlements in a single call to a Policy Enforcement Point, using the Cloud Computing Models of IaaS, PaaS and SaaS as examples in this document. This document will be completed and approved by the TC by December 2013. This document will be a OASIS Committee Specification Track document.
1.(e) IPR Mode under which the TC will operate:
The Cloud Authorization TC will operate under the Non Assertion IPR mode as defined in the OASIS Intellectual Property Rights (IPR) Policy effective 15 October 2010.
1.(f) Anticipated audience or users:
The Cloud Authorization TC is intended for the following audiences: architects, designers and implementers of Cloud Computing Infrastructure and Services.
(1)(g) Language
TC business will be conducted in English. The output documents will be written in English.
(2) Non-normative information regarding the startup of the TC
(2)(a) Similar or Applicable Work
1. OASIS has Identity In The Cloud (IDCloud) TC [1] and Extensible Access Control Markup Language (XACML) TC [2] whose work will be reused as necessary.
2. IETF has Web Authorization (Oauth) work ongoing [3].
(2)(b) Date, Time, and Location of First Meeting
The first meeting of the CloudAuthZ TC will be a teleconference to be held on Tuesday 4th December 2012, 11am to 12pm Eastern. This teleconference will be sponsored by RedHat.
(2)(c) On-Going Meeting Plans & Sponsors
It is anticipated that the CloudAuthZ TC will meet via teleconference every 2 weeks for 60 minutes at a time determined by the TC members during the TC's first meeting. It is anticipated that the CloudAuthZ TC will meet face-to-face every 6 months at a time and location to be determined by the TC members. TC members will determine the actual pace of face-to-face and teleconference meetings. One of the proposers, as listed below, will sponsor the teleconferences unless other TC members offer to donate their own facilities.
(2)(d) Proposers of the TC
Anil Saldhana, anil.saldhana@redhat.com, RedHat
Scott Stark, sstark@redhat.com, RedHat
Mark Little, mlittle@redhat.com, RedHat
Abbie Barbir, abbie.barbir@bankofamerica.com, Bank of America
Marian Radu, radu.marian@baml.com, Bank of America
Rakesh Radhakrishnan, rakesh.radhakrishnan@bankofamerica.com, Bank of America
Shahrokh Shahidzadeh, shahrokh.shahidzadeh@intel.com, Intel
Mohan Kumar, mohan.kumar@intel.com, Intel
Jonathan Sander, jonathan.sander@quest.com, Quest
Doron Grinstein, Doron.Grinstein@quest.com, Quest
Danny Thorpe, Danny.Thorpe@quest.com, Quest
Erik Rissanen, erik@axiomatics.com, Axiomatics
Gerry Gebel, ggebel@axiomatics.com, Axiomatics
David Brossard, david.brossard@axiomatics.com, Axiomatics
Thomas Hardjono, hardjono@mit.edu, MIT
Tomas Gustavsson, tomas@primekey.se, PrimeKey
Dawn Jutla, Dawn.Jutla@SMU.CA, St.Mary's University
Prabath Siriwardena, prabath@wso2.com, WSO2
Paul Fremantle, paul@wso2.com, WSO2
Craig Forster, craig.forster@sailpoint.com, Sailpoint Technologies
Darran Rolls, darran.rolls@sailpoint.com, Sailpoint Technologies
Tony Rutkowski, tony@yaanatech.com, Yaana Technologies
Mary Ruddy, mary@meristic.com, Identity Commons
Gershon Janssen, gershon@qroot.com, Individual
(2)(e) Statements of Support
Mark Little, mlittle@redhat.com, RedHat: As Primary Representative for Red Hat, we are pleased to support the OASIS Cloud Authorization Technical Committee in its work.
Abbie Barbir , abbie.barbir@bankofamerica.com, Bank of America: As Bank of America representative to OASIS, I approve the Cloud Authorization TC Charter, and endorse all BofA proposers listed.
Shahrokh Shahidzadeh, shahrokh.shahidzadeh@intel.com, Intel: As the primary representing Intel Corp at OASIS I like to report that we do support the formation of Oasis Cloud Authorization TC per attached proposal.
Doron Grinstein doron.grinstein@quest.com, Quest Software, Inc.: As Quest Software, Inc.'s representative to OASIS, I approve the Cloud Authorization TC Charter, and endorse all Quest proposers listed.
Erik Risannen, erik@axiomatics.com, Axiomatics: As the OASIS primary contact for Axiomatics, I support the creation of the proposed OASIS Cloud Authorization Technical Committee as described in its Charter.
Thomas Hardjono, hardjono@mit.edu, MIT: As MIT's representative to OASIS, I approve the Cloud Authorization TC Charter, and endorse all MIT proposers listed.
Paul Fremantle,paul@wso2.com, WSO2: As the OASIS Primary Representative for WSO2, I support the creation of the proposed OASIS Cloud Authorization Technical Committee as described in this Charter.
Tomas Gustavsson, tomas@primekey.se, Primekey: As primary representative, I hereby declare that I support the Cloud Authorization TC.
Dawn Jutla, Dawn.Jutla@SMU.CA, St.Mary's University: As the primary OASIS representative of Saint Mary's University, I support the OASIS Cloud Authorization TC charter.
Tony Rutkowski, tony@yaanatech.com, Yaana Technologies: Yaana Technologies LLC supports this charter and the creation of this TC.
Mary Ruddy, mary@meristic.com, Identity Commons: As the Identity Commons liaison to OASIS and primary representative, I approve the Cloud Authorization TC Charter.
Darran Rolls, darran.rolls@sailpoint.com, Sailpoint Technologies: As the Sailpoint Technologies primary representative, I support the OASIS Cloud Authorization TC charter.
(2)(f) TC Convener
Abbie Barbir, abbie.barbir@bankofamerica.com , will be the Convener of the CloudAuthZ TC.
(2)(g) Affiliation to Member Section
OASIS IDTrust Member Section
(2)(h) Initial Contribution
None
(2)(i) Draft Frequently Asked Questions (FAQ) (optional)
N/A
(2)(j) Working title and acronym for the Work Products to be developed by the TC
To Be Determined.
References
[1] OASIS Identity in the Cloud TC: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=id-cloud
[2] OASIS Extensible Access Control Markup Language TC: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
[3] IETF Web Authorization Charter: http://datatracker.ietf.org/wg/oauth/charter/
/chet
----------------
Chet Ensign
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information society
http://www.oasis-open.org
Primary: +1 973-996-2298
Mobile: +1 201-341-1393
---------------------------------------------------------------------
This email list is used solely by OASIS for official consortium communications.
Opt-out requests may be sent to member-services@oasis-open.org, however, all members are strongly encouraged to maintain a subscription to this list.