OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [id-cloud] Use Cases

Darren,
Thanks a lot for the submission. Let's discuss your email at f2f as we work further on the use cases document.

Regards,
Anil

On Sep 22, 2010, at 6:09 PM, Darren Platt <darren@symplified.com> wrote:

Fellow TC Members,

The purpose of this message is to contribute Symplified's thoughts on the IDCloud use cases.  I apologize for taking so long to get this message out to the group.  I don't have any specific use cases to submit - but instead some suggestions on the overall structure of what we create.  I think my comments are mostly consistent (and an extension of) the message posted by Patrick Harding on July 8 regarding this topic. 

I think what we create needs to map to most people's conceptual model of the cloud.   The reason being that we've cast a rather wide net in our charter (cloud security), and for someone to find it useful they will need to navigate to the section of the document that applies to them.  So I think at the highest level, the document should be organized around the different 'top-level use cases' for cloud computing - IaaS, PaaS, and SaaS and the use cases contained therein.  And for each of these environments, we should then describe the scenarios/use cases that apply.  Within each of these scenarios, we should discuss the discuss how the following security properties apply and/or achieved:  Authentication, Authorization, Provisioning, and Audit.

I believe that most (if not all) of the current use case submissions could fit inside this framework.  Some use cases will apply across multiple 'top level use cases' and can be designated as such.   So, by way of example, the use cases might look something like:

Infrastructure as a Service
  • Administrator accessing host OS
  • Administrator Authenticating to host OS
  • End user accessing web applications served from IaaS environment
  • New Administrator
  • New End User
  • Deprovision End User
  • Single Sign On from End User environment to Web Application
  • Single Sign On from Admin environment to host OSes

Software as a Service
  • Administrator accessing SaaS management UI
  • End user accessing SaaS application
  • New Administrator
  • New End User
  • Deprovision End User

I believe that this would be the most applicable and useful type of document we could create.  It would allow people who need to securely deploy the technology to quickly understand what they are asking for and how it fits into the rest of their cloud security challenges.

I will be in for the F2F next week if anyone would like to discuss in person.

Regards,

Darren
--

Darren Platt
CTO & Founder

303.775.6212 | mobile
http://www.symplified.com

Symplified
The Cloud Security Company


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]