Re: Fwd: [id-cloud] Groups - Cloud use cases (id-cloud-use-cases-draft-01l.doc)uploaded

[Anil Saldhana <Anil.Saldhana@redhat.com>]

  Matt,
   thanks for raising the concerns.  Lets discuss the use case at the 
f2f.  We have John's use case in a separate document and can weave in to 
the main document after discussion.

Editors should work on the main document.  If anyone wants to add any 
information into the main document, they will be drafted as editors (and 
that is an increased responsibility over time). :)

Regards,
Anil

On 09/23/2010 11:44 AM, Matt Rutkowski wrote:
> Anil,
>
> I think that we should avoid people directly adding use cases before they
> are reviewed during a meeting for comment.  Additionally, I would suggest
> only editors perform changes or persons the editors grant "the pen" to on
> the official OASIS preliminary drafts.
>
> Of concern in this case, is that we now have a use case that seems to
> endorse a specific security framework/model:
>
> "Toward that end, TSCP has developed a technical specification that uses
> identity federation technology to provide access to shared resources. This
> specification is known as Document Sharing via Identity Federation (DSIF).
>   DSIF is a cloud-computing model which is predicated upon the notion that
> TSCP members gain access to electronic resources shared among the various
> members and other service providers.  TSCP members agree to adhere to the
> internally defined Common Operating Rules, which include terms for
> identity federation governance.
>
> Even with Kerberos, we were careful to discuss the need for "profiles"
> that describe how our more generic use cases COULD be implemented.  From
> my point of view, these is less of a cloud identity use case than an
> injection of a specific methodology and architecture (which at this point
> is opaque to me).
>
> Where TSCP lists:
> Share Information Beyond Organizational Boundaries - Allows users to
> easily and securely access documents that are housed in multiple security
> domains within an enterprise or across multiple organizations, and across
> international boundaries such that different regulatory policies (e.g.
> privacy) and national security policies must be simultaneously enforced.
> Reduction in Costs Related to Credential Management – Identity federation
> allows for authentication token reuse, resulting in reduced costs to
> application owners and simplification of authentication token management
> for end users.
> Increase Identity Assurance of End Users – Identity federation, as defined
> by DSIF v1, provides a common framework across the aerospace and defense
> sector for establishing the appropriate level of identity assurance to be
> used when remotely accessing specific categories of information on
> electronic systems.
> Reduce Sign On End User Experience – Identity Federation allows the end
> user to enter credentials fewer times in the process of accessing and
> completing their work tasks.
> Improved Security through the use of strong, vetted, two-factor
> authentication, mapping to NIST 800-63 identity assurance levels, and
> reflecting changes to credentials immediately across the federated trust.
>
> I see potential "use cases" that are suitable for inclusion in our TC
> document, but instead I see top-level requirements on security, that have
> ready made solutions within a TSCP framework.  We have already had a
> discussion that defining a security framework goes beyond our charter and
> referencing a ready made one goes even beyond that.
>
> When I read the TSCP requirements above, I see general use cases for:
>
> hybrid cloud (federated) identity and access control to document resources
> mgmt./use of authentication tokens to simplify access control
> clear/consistent role definitions, access control levels
> Single Sign-On (federated)
> Secure protocols for authentication based upon "trust" credentials,
> perhaps certificates and/or granular open standard trust protocols
>
> In light of this, I would ask that we remove the TSCP section as a "use
> case" and instead leave it apart, until it can be reviewed/commented upon
> and turned into purely use cases with reliance on TSCP framework
> references reduced.  The previous draft has outstanding edits due for
> comments provided on our official review call that will affect our F2F
> discussion on our "template" for use cases which I hoped to work on this
> weekend.  Please permit me to restore the draft to its previous version
> for making these edits for our scheduled F2F review and table the TSCP use
> case(s) for separate review later in the day.
>
> Kind regards,
> Matt
>
>
>
>
> Anil Saldhana<Anil.Saldhana@redhat.com>
> 09/22/2010 10:36 PM
>
> To
> "Tolbert, John W"<john.w.tolbert@boeing.com>
> cc
> "id-cloud@lists.oasis-open.org"<id-cloud@lists.oasis-open.org>
> Subject
> Re: Fwd: [id-cloud] Groups - Cloud use cases
> (id-cloud-use-cases-draft-01l.doc)uploaded
>
>
>
>
>
>
>    John,
>     many thanks.
>
> The document is reflected in the wiki page:
> http://wiki.oasis-open.org/id-cloud/MemberSubmissions
>
> Regards,
> Anil
>
> On 09/22/2010 08:25 PM, Tolbert, John W wrote:
>>
>> -----Original Message-----
>> From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
>> Sent: Wednesday, September 22, 2010 6:19 PM
>> To: id-cloud@lists.oasis-open.org
>> Subject: Re: Fwd: [id-cloud] Groups - Cloud use cases
> (id-cloud-use-cases-draft-01l.doc)uploaded
>>     John,
>>      I am wondering if you can put your use case in a separate document
> (Doc or PDF) and send it to the list.
>> Since the use case document may get edits, I would like your original
> submission be available as-is for the future.
>> Regards,
>> Anil
>>
>> On 09/22/2010 06:15 PM, anil.saldhana@redhat.com wrote:
>>> Thanks John for Boeing's use cases.
>>>
>>> See you at f2f.
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> From: john.w.tolbert@boeing.com
>>>> Date: September 22, 2010 2:55:39 PM CDT
>>>> To: id-cloud@lists.oasis-open.org
>>>> Subject: [id-cloud] Groups - Cloud use cases
>>>> (id-cloud-use-cases-draft-01l.doc) uploaded
>>>>
>>>> The document named Cloud use cases (id-cloud-use-cases-draft-01l.doc)
>>>> has been submitted by Mr. John Tolbert to the OASIS Identity in the
>>>> Cloud TC document repository.
>>>>
>>>> Document Description:
>>>> Revision&quot;L&quot;, including TSCP use case (section 2.14)
>>>>
>>>> View Document Details:
>>>> http://www.oasis-open.org/committees/document.php?document_id=39506
>>>>
>>>> Download Document:
>>>> http://www.oasis-open.org/committees/download.php/39506/id-cloud-use-
>>>> cases-draft-01l.doc
>>>>
>>>>
>>>> PLEASE NOTE:  If the above links do not work for you, your email
>>>> application may be breaking the link into two pieces.  You may be
>>>> able to copy and paste the entire link address into the address field
> of your web browser.