OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OASIS Forms Committee to Advance Identity Standards for Cloud Computing

-- Link to this news at
http://www.oasis-open.org/news/oasis-news-2010-05-19.php --

OASIS Members Form Committee to Advance Identity Standards for Cloud

Alfresco, CA, Capgemini, Cisco, Cognizant, Boeing, eBay, IBM, Microsoft,
Novell, Ping Identity, Red Hat, SafeNet, SAP, Skyworth TTG, Symantec,
Vanguard, VeriSign, and Others Define Profiles for Identity Deployment,
Provisioning and Management in the Cloud  

Boston, MA, USA; 19 May 2010 -  The international consortium, OASIS, has
formed a new group to address the serious security challenges posed by
identity management in cloud computing. The new OASIS Identity in the Cloud
(IDCloud) Technical Committee will identify gaps in existing identity
management standards and investigate the need for profiles to achieve
interoperability within current standards. Committee members will perform
risk and threat analyses on collected use cases and produce guidelines for
mitigating vulnerabilities.

"Identity management vendors are currently wrestling with the challenge of
facilitating the transition toward a loosely coupled architecture and
services-based models through a set of common standards," noted Steve
Coplan, Senior Analyst with The 451 Group's Enterprise Security Practice.
"The OASIS IDCloud Technical Committee, with its focus on taxonomies and use
cases, is taking a pragmatic stance on how to resolve the most pressing
challenges presented by cloud-based services adoption, and lay the
foundation for a sustainable approach. We anticipate that the resulting
IDCloud profiles will enable a consistent set of policies that will do the
job of encapsulating business logic across multiple domains."

"Our goal is to build on existing standards wherever possible, in order to
extend ongoing industry collaboration and progress around identity to the
cloud." noted Anthony Nadalin of Microsoft, co-chair of the OASIS IDCloud
Technical Committee. "By utilizing existing efforts and organizations, we'll
help maintain security and privacy in cloud computing."

"If the IDCloud TC identifies a need for an extension to a standard, for
example, the Security Assertion Markup Language (SAML), then the IDCloud
Committee will provide input to the SAML Committee, which will remain
responsible for the actual extension development. Hence it is sensible to
advance the IDCloud work at OASIS," explained Anil Saldhana of Red Hat,
co-chair of the OASIS IDCloud Technical Committee. "Most of the foundational
security standards (XACML, SAML, WS-Security, WS-Trust) were developed at
OASIS and continue to be advanced here."

The IDCloud Technical Committee also is committed to maintaining strong
liaison relationships with other relevant standards organizations, including
the Cloud Security Alliance and the International Telecommunication Union

Participation in the IDCloud Technical Committee is open to all interested
parties, including   enterprises that provide or use identity management in
a cloud computing infrastructure. Archives of the Committee's work will be
accessible to both members and non-members, and OASIS will invite public
review and comment.  

Support for OASIS IDCloud

"Identity is a critical component of the evolving cloud ecosystem.  As
enterprises consume private, hybrid, and public services, the use of
identity across those boundaries is increasingly important. CA is proud to
be a co-proposer and supporter of the OASIS IDCloud Technical Committee, and
we are eager to build a foundation that will enhance and simplify Identity
and Access Management use for the cloud." -- Tim Brown, Chief Security

"As business information moves out of enterprise data centers and into the
federated world of cloud computing the challenge of identity is increasing.
In order for businesses to remain in control of their information while
enabling intra-company collaboration, there needs to be identity standards
that start from an assumption of federation. It is to help address this new
generation of business challenges that Capgemini supports the work of the
IDCloud group." -- Steve Jones, Global Solution Director Business
Information Management

"With the increasingly rapid adoption of cloud computing, the need for
identity-based security is crucial and urgent. During the development of
Novell's Cloud Security Services we have seen areas where further
collaboration with our industry peers is needed to fully realize the promise
of cloud computing. Novell is looking forward to working with the IDCloud
Technical Committee to develop profiles of open standards for identity
management in the cloud." -- Dale Olds, Distinguished Engineer

Ping Identity
"Ping Identity firmly believes that standards are critical to the long term
success of protecting user identities in the Cloud. By joining OASIS
IDCloud, we will share the insights we've gained through eight years of
federation work with our 100+ SaaS partners to help expedite the move to the
Cloud." -- Patrick Harding, CTO

"Cloud Computing is powering a fundamental change in enterprise computing.
The paradigm shift raises challenges securing computing infrastructure and
Identity Management. SafeNet is excited to participate in the OASIS effort
to enhance interoperability for identity management in the cloud. We are
confident that with collaboration around industry standards and use cases,
the industry will make important steps in bringing trust to the cloud." --
Russell Dietz, Vice President and CTO

Skyworth TTG Holdings
"Cloud computing is a natural evolution from virtualization and the service
provider model, and it magnifies the need for federating identities between
providers and customers. The building blocks for identity federation
standards already exist today, such as SAML and SPML. Now for cloud to
succeed, standards must further evolve to make identity federation
economical, scalable, and practical for the mass market. Skyworth TTG looks
forward to working with the IDCloud Technical Committee to make this
happen." -- Richard Sand, CEO

"Cloud computing is transforming IT service delivery, decreasing IT costs,
and enabling new ways for businesses and consumers to access and exchange
information. Working with the OASIS IDCloud Technical Committee to advance
identity standards and best practices for cloud computing is a critical
effort for enabling organizations to manage identity information in the
cloud and maximize its capabilities with confidence." -- Gary Phillips,
Senior Director, Industry Standards, Tools and Technologies

Vanguard Integrity Professionals
"Mainframes host 85% of the world's data and critical information
infrastructure. Clearly these large systems are destined to be major 'hubs'
within Clouds of all shapes and sizes. The security challenges that
currently exist are deployment inhibitors for government agencies and large
enterprises. Our goal is to work closely with OASIS to enable these systems
to be active and secure participates within Cloud computing." -- Ronn
Bailey, CEO and CTO

"Ensuring a solid foundation of trust in cloud-based identities is essential
to fully realize the promise of cloud computing. The OASIS IDCloud Committee
is committed to the use of well understood and defined identity management
technologies based on open standards and best practices. As a leader in
cloud-based identity and authentication services, VeriSign supports the
important work of the IDCloud Committee." -- Alex Deacon, Distinguished

Additional information:

OASIS IDCloud Technical Committee 

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards)
is a not-for-profit, international consortium that drives the development,
convergence and adoption of open standards for the global information
society. OASIS promotes industry consensus and produces worldwide standards
for the Smart Grid, security, Web services, XML conformance, business
transactions, electronic publishing, and other applications. OASIS open
standards offer the potential to lower cost, stimulate innovation, grow
global markets, and protect the right of free choice of technology. OASIS
members broadly represent the marketplace of public and private sector
technology leaders, users and influencers. The consortium has more than
5,000 participants representing over 600 organizations and individual
members in 100 countries. 

Press contact:

Carol Geyer
Senior Director of Communications and Development
+1.978.667.5115 x209 (office)
+1.941.284.0403 (mobile)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]