OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Anil Saldhana (Red Hat) submission of use cases and requirements

Name of the member (s):   Anil Saldhana
Affiliation: Red Hat Inc
Version: 1.0

Use Cases:

1) Virtualization Security and Application Security:
* Identities manage the virtual machine.
* Identities access the applications hosted on the virtual machine.
* The VM identities necessarily are not the same as the application 
* Proofing of Identities by the cloud infrastructure may not be 
sufficient for the VM owner.

2) Identity Provisioning
* Decoupling of cloud resources from identities such that when the 
identities are de-provisioned, the cloud resources are not 
decommissioned (with no opportunities to transition to new identities).
* Self service admin portals that do application identities, 
infrastructure identities and interlinked application-infrastructure 

3) Identity Audit
* Audits with trails that are tamper proof.
* What standard formats exist?

4) Identity Configuration
* Metadata based configuration is required for cloud based identity 
* Application Identity Configuration and the cloud infrastructure 

5) Middleware Container in a public cloud infrastructure
A middle-ware container hosts applications and handles the various 
facets of application life cycle management.
Deployer identities (identities that can affect Application life cycle) 
need to have a relationship with the cloud infrastructure identities.

6) Federated SSO and Attribute Sharing
There will be a need to perform single sign on across a set of cloud 
infrastructures. With federation comes the need for sharing of 
attributes for the user/identity.
* Security Token Format.
* Security Token Transformation across clouds.
* Mixture of enterprise and user-centric identities.

7) Identity silos in the clouds
* The silos may be within a single cloud or may be outside the cloud or 
may be in multiple clouds.
* Identity Attribute Aggregation based on multiple silos.

8) Identity Privacy in a shared cloud environment
* Privacy controls in place for identities in operation in a shared 
* Use of governance frameworks for identities.


1) Defining the various types of identities that can be operating in a 
cloud infrastructure.
2) Define standard token formats for federated cloud SSO.
3) Define standard identity proofing mechanisms in the cloud (if any).
4) Define the subset of levels of assurance for identities in the cloud.
5) Define Identity Provisioning Mechanisms.
6) Define Identity Audit Mechanisms.
7) Discuss Identity Configuration mechanisms based on federated meta 
data and other related constructs.

Best Practices:
None in this version.

Other Information:
Some Pain Points at this time include:

* Infrastructure security in a public cloud infrastructure.
- Applications running within the infrastructure are owned by a 
particular identity, used by a set of identities that need to be proofed 
by the cloud infrastructure.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]