[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [id-cloud] RE: ID-Cloud Minutes from June 28 2010 Call
--Apple-Mail-635-1018763903 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I have added you to the attendance tracker. John B. On 2010-06-29, at 4:22 AM, Cohen, Doron wrote: > Thomas, >=20 > Please add my name to the list >=20 > Thanks > Doron >=20 >=20 > -----Original Message----- > From: Thomas Hardjono [mailto:hardjono@MIT.EDU]=20 > Sent: Monday, June 28, 2010 22:53 > To: id-cloud > Cc: Anil Saldhana; Anthony Nadalin > Subject: [id-cloud] ID-Cloud Minutes from June 28 2010 Call >=20 > Minutes from Oasis ID-Cloud TC (June 28, 2010) >=20 > 1) Roll Call: > John Bradley > Andy Kindred - Acxiom > John Dilley - Akamai Technologies > James Ducharme Aveksa, Inc. > Paul Lipton - CA* > Mark Robinton - HID Global > Heather Hinton - IBM > Matthew Rutkowski - IBM > John Bradley - Individual > Peter Brown - Individual > Gershon Janssen - Individual > Michael Stiefel* - Individual > Thomas Hardjono - M.I.T. > Dee Schur - OASIS * > Patrick Harding - Ping Identity Corporation* > Anil Saldhana - Red Hat > Bill Becker - SafeNet, Inc. > Tom Clifford - Symantec Corp.* > Kyle Austin - TriCipher, Inc. > Siddharth Bajaj - VeriSign > Daniel Turissini - WidePoint Corporation >=20 > 2) Approval of the June 14th Minutes > http://lists.oasis-open.org/archives/id-cloud/201006/msg00036.html >=20 > Moved: Gershon Janssen. > Second: John Bradley. > No objections. Minutes approved. >=20 >=20 > 3) Discussion of Safe Net Use Cases by Doron Cohen/Bill Baker >=20 > (A) Use-Case #1: Privileged Accounts in the Cloud. > - Use-Case description: Need more stringent security (eg. auth, audit, = etc) than normal accounts and in-perimeter accounts. >=20 > - Anil: Q: Can we make this into an infrastructure Privileged Account > + Doron: We need a new set of requirements for cloud service = (different from traditional in-perimeter infra).=20 > + Siddarth: Supports this use-case. >=20 > - John Dilley: Q: Would authN infra for this use-case be different = than in normal accounts? > + Doron: They may have different policies and different back-end = capabilities. Thus we need this new use-case. >=20 > - John Dilley: We need to create a core set of mechanisms that are = true/valid across all use-cases (in the Cloud-ID TC). >=20 > - John Bradley: has been looking at Federation metadata (from projects = in Europe), including issues relating to SAML usage (eg. is SAML secure = enough). Some accounts in the cloud will need better risk analysis. >=20 > - Patrick: agrees with John Bradley and John Dilley. Has questions = about federated accounts. What happens if things go wrong (ie. when even = the privileged accounts/users get locked-out). Need a statement how to = handle this. >=20 > - Anil: Any assumptions about federated identity and the priviledged = accounts use-case? > + Doron: No assumptions. Up to each implementation. > + Siddarth: has seen these implemented before. >=20 >=20 > (B) Use-Case #2: Enterprise employee accesing cloud services. > - Use-Case description: Regular employee of Enterprise want to access = cloud services. > + Want to benefit from SSO > + Will require different level of assurance (ie. compared to = intra-enterprise services) > + Will require different sec. requirements and authN policies. > + Related to federated provisioning. > + Will need to support different form-factors and access methods. >=20 > - Thomas Hardjono: Q: Is the cloud-service part of the Enterprise or = is it run by a trusted third party (TTP)? > + Doron: the later (ie. TTP). >=20 > - Anil: Suggest to change the title of the use-case. > + Doron: agree, but want to focus on extending the (enterprise) = identity to the cloud. >=20 >=20 > (C) Use-Case #3: Consumer scenario. > - Use-Case description: Want to use a Consumer Identity to access = different services on the Internet > + Instead of using the one-ID per service today. > + Want SSO capability. > + Has similar requirements (to previous use-case?) > + Main twist: Need for privacy and need for user-control over which = informations to disclose. >=20 > - John Dilley: Q: is that ID linked to an enterprise ID? > + There is the *why* and the *how* questions. > + Is this simply a federated ID use-case? > + Each ID (in an environment) typically has an accompanying info = about that ID. Do we mean to export this info to other/new environments? >=20 > - Patrick Harding: If I was a web service, why would I let my user = authenticate using Google, Yahoo, etc ? > + John Bradley: for targetted apps. >=20 >=20 >=20 > 4) Follow up on the Kerberos In The Cloud Discussion > - Thomas Hardjono: no update for today, but plan to update the = use-case doc. >=20 > 5) Other Business > * Members Reference: Cloud Identity Summit in July > (http://www.cloudidentitysummit.com/) >=20 > 6) Adjourn > - Next telecon on 12 July 2010. > - Moved: Gershon > + seconded: John Dilley. > + No objections. Meeting adjourned. >=20 >=20 > ________ > SoapHub chatroom: >=20 > anonymous2 morphed into Michael Stiefel > anonymous3 morphed into Doron Cohen > Doron Cohen morphed into Doron Cohen (SafeNet) > anonymous morphed into John Dilley (Akamai) > AnilSaldhana_RedHat: The bridge has toll free numbers your individual = countries. That will save you from calling the US. > AnilSaldhana_RedHat: Doron, thanks for joining in. It must be late = for you. > Peter morphed into Peter F Brown > anonymous morphed into Jim Ducharme > Jim Ducharme morphed into Jim Ducharme (Aveksa) > anonymous1 morphed into Siddharth Bajaj > Siddharth Bajaj morphed into Siddharth Bajaj (VeriSign) > anonymous morphed into Benny Koren (Mellanox) > anonymous morphed into Jason Rouault (HP) > Heather Hinton (IBM): just joined on the phone > anonymous morphed into Patrick Harding > Thomas Hardjono (MIT)1: Notes: Minutes from 14 June 2010 meeting = approved unanimously. Moved by Gershon Janssen. 2nd by John Bradley. > John Bradley: Meeting Attendees > NameCompanyStatus > Andy KindredAcxiomGroup Member > John DilleyAkamai TechnologiesGroup Member > Paul LiptonCA*Group Member > Mark RobintonHID GlobalGroup Member > Heather HintonIBMGroup Member > Matthew RutkowskiIBMGroup Member > John BradleyIndividualGroup Member > Peter BrownIndividualGroup Member > Gershon JanssenIndividualGroup Member > Michael Stiefel*IndividualGroup Member > Thomas HardjonoM.I.T.Group Member > Dee SchurOASIS *Group Member > Patrick HardingPing Identity Corporation*Group Member > Anil SaldhanaRed HatGroup Member > Bill BeckerSafeNet, Inc.Group Member > Tom CliffordSymantec Corp.*Group Member > Kyle AustinTriCipher, Inc.Group Member > Siddharth BajajVeriSignGroup Member > Daniel TurissiniWidePoint CorporationGroup Member > Jim Ducharme (Aveksa): Please add Jim Ducharme (Aveksa) to the = attendee list. > AnilSaldhana_RedHat: John, I usually copy paste into an editor and = remove the "Group Member" > Matt Rutkowski (IBM): The case of avoiding use of the same identity = (token) (e.g. email address) seems new to the discussion as this leads = to customer risk. In cloud, it seems a real concern that there is a = masking to the customer that they are accessing hosted (partner) = services and that leads to inadvertent release of privacy information = related to identity and at the worst perception that reuse of passwords = for the same identity token is acceptable. > John Bradley: NameCompany > Andy KindredAcxiom > John DilleyAkamai Technologies > James DucharmeAveksa, Inc. > Paul LiptonCA* > Mark RobintonHID Global > Heather HintonIBM > Matthew RutkowskiIBM > John BradleyIndividual > Peter BrownIndividual > Gershon JanssenIndividual > Michael Stiefel*Individual > Thomas HardjonoM.I.T. > Dee SchurOASIS * > Patrick HardingPing Identity Corporation* > Anil SaldhanaRed Hat > Bill BeckerSafeNet, Inc. > Tom CliffordSymantec Corp.* > Kyle AustinTriCipher, Inc. > Siddharth BajajVeriSign > Daniel TurissiniWidePoint Corporation > AnilSaldhana_RedHat: I am bit under the weather. thanks to everyone = for bearing my voice. > ___________________________________ >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php=20= >=20 > The information contained in this electronic mail transmission=20 > may be privileged and confidential, and therefore, protected=20 > from disclosure. If you have received this communication in=20 > error, please notify us immediately by replying to this=20 > message and deleting it from your computer without copying=20 > or disclosing it. >=20 >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >=20 --Apple-Mail-635-1018763903 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO9TCCBwsw ggXzoAMCAQICAgZDMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTAwMzE3MTM0NDQ1WhcNMTIwMzE4MTE1NTExWjCBzTEgMB4GA1UEDRMXMTY1NTU1LTJHU3FU T1ZUbkk4OHhOSW4xCzAJBgNVBAYTAkNMMSIwIAYDVQQIExlNZXRyb3BvbGl0YW5hIGRlIFNhbnRp YWdvMREwDwYDVQQHEwhWaXRhY3VyYTEtMCsGA1UECxMkU3RhcnRDb20gVmVyaWZpZWQgQ2VydGlm aWNhdGUgTWVtYmVyMRUwEwYDVQQDEwxKb2huIEJyYWRsZXkxHzAdBgkqhkiG9w0BCQEWEGpicmFk bGV5QG1hYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7DXf6x80dsJiB9B9 Ds4cBQdA+9bNuZMBeXkUAHrvYH2taw6y8fcadbhgk92FyPiCbsHtB1VTaJThaMqtXuTkS4r5Sfb8 k5kboz3OQVPMmrOJIUpaoDP2heKEhMUSL6ev9CvsuYs+XXe7f9vY3w/A8cVg/NoOXbdqKXbWOMMd NSdg7uJWSsmpqILFzQsumwqVH24tYX0sqvpJy/r+pc84j6QM+Ew0B9bz3OkEMafjcCeGRfdsQnLB +rIR8BPDeeKRP6a5e8Lf6slUQ3s/rh33otnkNaz6DMLTJrj0qoAD7FxB7LlLalIjrg08BNZDJUQK 7zTlNxkPqVHVTg3H0OG/AgMBAAGjggMyMIIDLjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFMjJGKHWsNb6VU54Wkktqcu2on3B MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MFQGA1UdEQRNMEuBEGpicmFkbGV5QG1h Yy5jb22BEXZlN2p0YkB2ZTdqdGIuY29tgRNqYnJhZGxleUB3aW5nYWEuY29tgQ9qYnJhZGxleUBt ZS5jb20wggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEFBQcCARYi aHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYIKwYBBQUHAgIwgaowFBYNU3RhcnRD b20gTHRkLjADAgEBGoGRTGltaXRlZCBMaWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1p dGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBh dmFpbGFibGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBjBgNVHR8EXDBa MCugKaAnhiVodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnR1Mi1jcmwuY3JsMCugKaAnhiVodHRw Oi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsG AQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYI KwYBBQUHMAKGNmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50 LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEF BQADggEBAHu8WZHdSu+I5GMzGDrkxFVUzZ2JAcwzgSscYNFX2CFJlU8ncC+/E5Y18oiGcIR9o7J3 Hh4fGrjJmxTsq2O3E9/qg0yWSEzlCBhAXl/D+GTyUJA/KfIuCbdsuS5opprSrBZztqMYcGSCQJFz lE+esdbCXazdyEww5XfiGVgKiRyV2ycXyxNjekowbcDffSsOYplGBjJwPRYpESgfCYDXm+yyDQhy Xk0pxNEA7ob5fAMellN8FcgLfQtwSRcg8cYl/m8/BeVl6+eZuzCb061PdUN+mDf6erS55tXqgWJ3 toTp3GGaaOwwGs/bA1UnLqYm93RfTyL3kU1OWG8syPFMLoIwggfiMIIFyqADAgECAgEOMA0GCSqG SIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAyNTRaFw0xMjEwMjIyMTAyNTRaMIGM MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmlt YXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDLKIVFnAEs+xnyq6UzjCqgDcvQVe1dIoFnRsQPCFO+y92k8RK0Pn3MbQ2Gd+mehh9GBZ+36uUQ A7Xj9AGM6wgPhEE34vKtfpAN5tJ8LcFxveDObCKrL7O5UT9WsnAZHv7OYPYSR68mdmnEnJ83M4wQ gKO19b+Rt8sPDAz9ptkQsntCn4GeJzg3q2SVc4QJTg/WHo7wF2ah5LMOeh8xJVSKGEmd6uPkSbj1 13yKMm8vmNptRPmM1+YgmVwcdOYJOjCgFtb2sOP79jji8uhWR91xx7TpM1K3hv/wrBZwffrmmEpU euXHRs07JqCCvFh9coKF4UQZvfEg+x3/69xRCzb1AgMBAAGjggNbMIIDVzAMBgNVHRMEBTADAQH/ MAsGA1UdDwQEAwIBpjAdBgNVHQ4EFgQUrlWDb+wxyrn3HfqvazHzyB3jrLswgagGA1UdIwSBoDCB nYAUTgvvGqRAW6UXaYcwyjRoQ9BBrvKhgYGkfzB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEp MCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQEwCQYDVR0SBAIwADA9 BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2Nh LmNydDBgBgNVHR8EWTBXMCygKqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3Js LmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMIIBXQYDVR0gBIIB VDCCAVAwggFMBgsrBgEEAYG1NwEBBDCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcv aW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAoU3Rh cnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpM ZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYw EQYJYIZIAYb4QgEBBAQDAgAHMFAGCWCGSAGG+EIBDQRDFkFTdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIEZyZWUgU1NMIEVtYWlsIENlcnRpZmljYXRlczANBgkqhkiG9w0BAQUF AAOCAgEAHvcQF/726YR5L5A3Ta7JV1nTu3w9yWqp00945pg7uea+1KVtR/7/yeNFAV7MPQylPE8p ROEcGU+RwwDFuNn9cePfAMzOBTpy/6VE076+gYkZa4n8uWaL5A2FVo8tRmEyfoT4gRL9B5h5w8Y4 ZySCJBLyfp4jByyxHaTTIWZ8TIkxUQLSBeFnmHKYFwYwMbBA0Sgb8ONCvq9zeJcpMkkDadhJSCfB 9c9gZocbaaVHVqTlSeENRr5/Y31dapzIRQg2Pl9V/A65Cq03KQxMXBpXn8HkLO/g2FCt7KYkJCaT e6qT2JX8thmB3nb+5RmtWQIITCP+PPNkFQCts6ujOtJx6TlDLWA+tV7QLN2Q+S98p/SwnXito+GW 0N7kXcL8QDBVsF8lCvwCz+JQrvUIcW5xEzpAVk9xSbpePxVIMzNEUQhBobkFojhUqGt+VyU3GH/+ BP2brzl4StOJ1KXuw2EzFs0ai9OMsqCUFRyhykm6MrbnsnSrqhWSnSQPYIu+zpzwWC/8sZFxoJCw vbbIu+6E+AIGa8tP+pYF+empPn/7pkIoTT4LSkkEIxGKvUvDJTh86VDNL8bIIQE2LHVDwcOq+mcQ x416FAA9Nw1DBGyrFr6hQe5yTVXrJ4G7vJosNRGCwPnx302gonaFdwi++YyqjPyhPO6q4fRarYvW yqp5L6UxggNsMIIDaAIBATCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0 ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgIGQzAJBgUr DgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMDA2 MjkxNTQzMTFaMCMGCSqGSIb3DQEJBDEWBBS235/EM69eB9tldFHRWej7LvHyJjCBpAYJKwYBBAGC NxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g Q2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAgZDMIGmBgsqhkiG9w0BCRAC CzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgIGQzANBgkqhkiG9w0BAQEFAASC AQArygQhq+N2jFJkcDpv73DeHDHg7KigacaVqw03+0W8laVBkRlII8Yf6UknqFak2dmBAhkmHYOi p1rE54uxMySwadnOYzeIDa7AAv7fYe31r1+PUbDx5YsTEF/OaRo7va9Ll4iyVws3EJfRmxT5SeY0 zJp1lkX/iuK5+6vo94xHwCilK4ukOnGE3wq45jFKhpO84NvAPElrvoIDnDHEecxoXp0IvkammeJ6 0fuhlsBc2S2PHgTuh6FJG6xTBv614uVIekd8Glw0GKJuO8qUPRvxmDzb8Cbowxr3VJvDW1M+smmV nqJFI04zvHwd3UuQIJKL373jZ9jjqndPUkqCcODtAAAAAAAA --Apple-Mail-635-1018763903--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]