[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [id-cloud] ID-Cloud Minutes from June 28 2010 Call
Thanks John. Towards the last part of the discussion of Use-case 3, I got interrupted for about 10 seconds (knock on my door), so I may have missed some items. /thomas/ __________________________________________ > -----Original Message----- > From: Dilley, John [mailto:jad@akamai.com] > Sent: Monday, June 28, 2010 4:43 PM > To: Thomas Hardjono; id-cloud > Cc: Anil Saldhana; Anthony Nadalin > Subject: RE: [id-cloud] ID-Cloud Minutes from June 28 2010 Call > > Thank you for the notes. In addition to what's captured below there > was a discussion around use case 3 that used the example of an end user > supplying their google username and password to third party sites > (Netflix was given as example). > > This seems like a good motivator for the use case and I want to make > sure it was captured in the use case itself. Or, if more appropriate, > a standalone (negative) use case illustrating what we want to avoid? > > Regards, > > -jad- > John Dilley > Akamai Technologies > > > > -----Original Message----- > From: Thomas Hardjono [mailto:hardjono@MIT.EDU] > Sent: Monday, June 28, 2010 12:53 PM > To: id-cloud > Cc: Anil Saldhana; Anthony Nadalin > Subject: [id-cloud] ID-Cloud Minutes from June 28 2010 Call > > Minutes from Oasis ID-Cloud TC (June 28, 2010) > > 1) Roll Call: > John Bradley > Andy Kindred - Acxiom > John Dilley - Akamai Technologies > James Ducharme Aveksa, Inc. > Paul Lipton - CA* > Mark Robinton - HID Global > Heather Hinton - IBM > Matthew Rutkowski - IBM > John Bradley - Individual > Peter Brown - Individual > Gershon Janssen - Individual > Michael Stiefel* - Individual > Thomas Hardjono - M.I.T. > Dee Schur - OASIS * > Patrick Harding - Ping Identity Corporation* Anil Saldhana - Red Hat > Bill Becker - SafeNet, Inc. > Tom Clifford - Symantec Corp.* > Kyle Austin - TriCipher, Inc. > Siddharth Bajaj - VeriSign > Daniel Turissini - WidePoint Corporation > > 2) Approval of the June 14th Minutes > http://lists.oasis-open.org/archives/id-cloud/201006/msg00036.html > > Moved: Gershon Janssen. > Second: John Bradley. > No objections. Minutes approved. > > > 3) Discussion of Safe Net Use Cases by Doron Cohen/Bill Baker > > (A) Use-Case #1: Privileged Accounts in the Cloud. > - Use-Case description: Need more stringent security (eg. auth, audit, > etc) than normal accounts and in-perimeter accounts. > > - Anil: Q: Can we make this into an infrastructure Privileged Account > + Doron: We need a new set of requirements for cloud service > (different from traditional in-perimeter infra). > + Siddarth: Supports this use-case. > > - John Dilley: Q: Would authN infra for this use-case be different than > in normal accounts? > + Doron: They may have different policies and different back-end > capabilities. Thus we need this new use-case. > > - John Dilley: We need to create a core set of mechanisms that are > true/valid across all use-cases (in the Cloud-ID TC). > > - John Bradley: has been looking at Federation metadata (from projects > in Europe), including issues relating to SAML usage (eg. is SAML secure > enough). Some accounts in the cloud will need better risk analysis. > > - Patrick: agrees with John Bradley and John Dilley. Has questions > about federated accounts. What happens if things go wrong (ie. when > even the privileged accounts/users get locked-out). Need a statement > how to handle this. > > - Anil: Any assumptions about federated identity and the priviledged > accounts use-case? > + Doron: No assumptions. Up to each implementation. > + Siddarth: has seen these implemented before. > > > (B) Use-Case #2: Enterprise employee accesing cloud services. > - Use-Case description: Regular employee of Enterprise want to access > cloud services. > + Want to benefit from SSO > + Will require different level of assurance (ie. compared to intra- > enterprise services) > + Will require different sec. requirements and authN policies. > + Related to federated provisioning. > + Will need to support different form-factors and access methods. > > - Thomas Hardjono: Q: Is the cloud-service part of the Enterprise or is > it run by a trusted third party (TTP)? > + Doron: the later (ie. TTP). > > - Anil: Suggest to change the title of the use-case. > + Doron: agree, but want to focus on extending the (enterprise) > identity to the cloud. > > > (C) Use-Case #3: Consumer scenario. > - Use-Case description: Want to use a Consumer Identity to access > different services on the Internet > + Instead of using the one-ID per service today. > + Want SSO capability. > + Has similar requirements (to previous use-case?) > + Main twist: Need for privacy and need for user-control over which > informations to disclose. > > - John Dilley: Q: is that ID linked to an enterprise ID? > + There is the *why* and the *how* questions. > + Is this simply a federated ID use-case? > + Each ID (in an environment) typically has an accompanying info > about that ID. Do we mean to export this info to other/new > environments? > > - Patrick Harding: If I was a web service, why would I let my user > authenticate using Google, Yahoo, etc ? > + John Bradley: for targetted apps. > > > > 4) Follow up on the Kerberos In The Cloud Discussion > - Thomas Hardjono: no update for today, but plan to update the use-case > doc. > > 5) Other Business > * Members Reference: Cloud Identity Summit in July > (http://www.cloudidentitysummit.com/) > > 6) Adjourn > - Next telecon on 12 July 2010. > - Moved: Gershon > + seconded: John Dilley. > + No objections. Meeting adjourned. > > > ________ > SoapHub chatroom: > > anonymous2 morphed into Michael Stiefel > anonymous3 morphed into Doron Cohen > Doron Cohen morphed into Doron Cohen (SafeNet) anonymous morphed into > John Dilley (Akamai) > AnilSaldhana_RedHat: The bridge has toll free numbers your individual > countries. That will save you from calling the US. > AnilSaldhana_RedHat: Doron, thanks for joining in. It must be late for > you. > Peter morphed into Peter F Brown > anonymous morphed into Jim Ducharme > Jim Ducharme morphed into Jim Ducharme (Aveksa) > anonymous1 morphed into Siddharth Bajaj > Siddharth Bajaj morphed into Siddharth Bajaj (VeriSign) anonymous > morphed into Benny Koren (Mellanox) anonymous morphed into Jason > Rouault (HP) Heather Hinton (IBM): just joined on the phone anonymous > morphed into Patrick Harding Thomas Hardjono (MIT)1: Notes: Minutes > from 14 June 2010 meeting approved unanimously. Moved by Gershon > Janssen. 2nd by John Bradley. > John Bradley: Meeting Attendees > NameCompanyStatus > Andy KindredAcxiomGroup Member > John DilleyAkamai TechnologiesGroup Member Paul LiptonCA*Group Member > Mark RobintonHID GlobalGroup Member Heather HintonIBMGroup Member > Matthew RutkowskiIBMGroup Member John BradleyIndividualGroup Member > Peter BrownIndividualGroup Member Gershon JanssenIndividualGroup Member > Michael Stiefel*IndividualGroup Member Thomas HardjonoM.I.T.Group > Member Dee SchurOASIS *Group Member Patrick HardingPing Identity > Corporation*Group Member Anil SaldhanaRed HatGroup Member Bill > BeckerSafeNet, Inc.Group Member Tom CliffordSymantec Corp.*Group Member > Kyle AustinTriCipher, Inc.Group Member Siddharth BajajVeriSignGroup > Member Daniel TurissiniWidePoint CorporationGroup Member Jim Ducharme > (Aveksa): Please add Jim Ducharme (Aveksa) to the attendee list. > AnilSaldhana_RedHat: John, I usually copy paste into an editor and > remove the "Group Member" > Matt Rutkowski (IBM): The case of avoiding use of the same identity > (token) (e.g. email address) seems new to the discussion as this leads > to customer risk. In cloud, it seems a real concern that there is a > masking to the customer that they are accessing hosted (partner) > services and that leads to inadvertent release of privacy information > related to identity and at the worst perception that reuse of passwords > for the same identity token is acceptable. > John Bradley: NameCompany > Andy KindredAcxiom > John DilleyAkamai Technologies > James DucharmeAveksa, Inc. > Paul LiptonCA* > Mark RobintonHID Global > Heather HintonIBM > Matthew RutkowskiIBM > John BradleyIndividual > Peter BrownIndividual > Gershon JanssenIndividual > Michael Stiefel*Individual > Thomas HardjonoM.I.T. > Dee SchurOASIS * > Patrick HardingPing Identity Corporation* Anil SaldhanaRed Hat Bill > BeckerSafeNet, Inc. > Tom CliffordSymantec Corp.* > Kyle AustinTriCipher, Inc. > Siddharth BajajVeriSign > Daniel TurissiniWidePoint Corporation > AnilSaldhana_RedHat: I am bit under the weather. thanks to everyone for > bearing my voice. > ___________________________________ > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]