Re: Fwd: [id-cloud] Groups - Cloud use cases (id-cloud-use-cases-draft-01l.doc)uploaded

["Daniel.E.Turissini.(Affiliate).ORC1000000106.ID" <turissd@orc.com>]

Strongly concur.

----- Original Message -----
From: Matt Rutkowski <mrutkows@us.ibm.com>
Date: Thursday, September 23, 2010 12:44 pm
Subject: Re: Fwd: [id-cloud] Groups - Cloud use cases 	(id-cloud-use-cases-draft-
01l.doc)uploaded

> Anil,
> 
> I think that we should avoid people directly adding use cases 
> before they 
> are reviewed during a meeting for comment.  Additionally, I would 
> suggest 
> only editors perform changes or persons the editors grant "the pen" 
> to on 
> the official OASIS preliminary drafts. 
> 
> Of concern in this case, is that we now have a use case that seems 
> to 
> endorse a specific security framework/model:
> 
> "Toward that end, TSCP has developed a technical specification that 
> uses 
> identity federation technology to provide access to shared 
> resources. This 
> specification is known as Document Sharing via Identity Federation 
> (DSIF). 
> DSIF is a cloud-computing model which is predicated upon the 
> notion that 
> TSCP members gain access to electronic resources shared among the 
> various 
> members and other service providers.  TSCP members agree to adhere 
> to the 
> internally defined Common Operating Rules, which include terms for 
> identity federation governance.
> 
> Even with Kerberos, we were careful to discuss the need for 
> "profiles" 
> that describe how our more generic use cases COULD be implemented.  
> From 
> my point of view, these is less of a cloud identity use case than 
> an 
> injection of a specific methodology and architecture (which at this 
> point 
> is opaque to me).
> 
> Where TSCP lists: 
> Share Information Beyond Organizational Boundaries - Allows users 
> to 
> easily and securely access documents that are housed in multiple 
> security 
> domains within an enterprise or across multiple organizations, and 
> across 
> international boundaries such that different regulatory policies 
> (e.g. 
> privacy) and national security policies must be simultaneously 
> enforced.Reduction in Costs Related to Credential Management  
> Identity federation 
> allows for authentication token reuse, resulting in reduced costs 
> to 
> application owners and simplification of authentication token 
> management 
> for end users.
> Increase Identity Assurance of End Users  Identity federation, as 
> defined 
> by DSIF v1, provides a common framework across the aerospace and 
> defense 
> sector for establishing the appropriate level of identity assurance 
> to be 
> used when remotely accessing specific categories of information on 
> electronic systems.
> Reduce Sign On End User Experience  Identity Federation allows the 
> end 
> user to enter credentials fewer times in the process of accessing 
> and 
> completing their work tasks.
> Improved Security through the use of strong, vetted, two-factor 
> authentication, mapping to NIST 800-63 identity assurance levels, 
> and 
> reflecting changes to credentials immediately across the federated 
> trust.
> I see potential "use cases" that are suitable for inclusion in our 
> TC 
> document, but instead I see top-level requirements on security, 
> that have 
> ready made solutions within a TSCP framework.  We have already had 
> a 
> discussion that defining a security framework goes beyond our 
> charter and 
> referencing a ready made one goes even beyond that.
> 
> When I read the TSCP requirements above, I see general use cases for:
> 
> hybrid cloud (federated) identity and access control to document 
> resourcesmgmt./use of authentication tokens to simplify access control
> clear/consistent role definitions, access control levels
> Single Sign-On (federated)
> Secure protocols for authentication based upon "trust" credentials, 
> perhaps certificates and/or granular open standard trust protocols
> 
> In light of this, I would ask that we remove the TSCP section as a 
> "use 
> case" and instead leave it apart, until it can be 
> reviewed/commented upon 
> and turned into purely use cases with reliance on TSCP framework 
> references reduced.  The previous draft has outstanding edits due 
> for 
> comments provided on our official review call that will affect our 
> F2F 
> discussion on our "template" for use cases which I hoped to work on 
> this 
> weekend.  Please permit me to restore the draft to its previous 
> version 
> for making these edits for our scheduled F2F review and table the 
> TSCP use 
> case(s) for separate review later in the day.
> 
> Kind regards,
> Matt
> 
> 
> 
> 
> Anil Saldhana <Anil.Saldhana@redhat.com> 
> 09/22/2010 10:36 PM
> 
> To
> "Tolbert, John W" <john.w.tolbert@boeing.com>
> cc
> "id-cloud@lists.oasis-open.org" <id-cloud@lists.oasis-open.org>
> Subject
> Re: Fwd: [id-cloud] Groups - Cloud use cases 
> (id-cloud-use-cases-draft-01l.doc)uploaded
> 
> 
> 
> 
> 
> 
>  John,
>   many thanks.
> 
> The document is reflected in the wiki page:
> http://wiki.oasis-open.org/id-cloud/MemberSubmissions
> 
> Regards,
> Anil
> 
> On 09/22/2010 08:25 PM, Tolbert, John W wrote:
> >
> >
> > -----Original Message-----
> > From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
> > Sent: Wednesday, September 22, 2010 6:19 PM
> > To: id-cloud@lists.oasis-open.org
> > Subject: Re: Fwd: [id-cloud] Groups - Cloud use cases 
> (id-cloud-use-cases-draft-01l.doc)uploaded
> >
> >    John,
> >     I am wondering if you can put your use case in a separate 
> document 
> (Doc or PDF) and send it to the list.
> >
> > Since the use case document may get edits, I would like your 
> original 
> submission be available as-is for the future.
> >
> > Regards,
> > Anil
> >
> > On 09/22/2010 06:15 PM, anil.saldhana@redhat.com wrote:
> >> Thanks John for Boeing's use cases.
> >>
> >> See you at f2f.
> >>
> >>
> >> Begin forwarded message:
> >>
> >>> From: john.w.tolbert@boeing.com
> >>> Date: September 22, 2010 2:55:39 PM CDT
> >>> To: id-cloud@lists.oasis-open.org
> >>> Subject: [id-cloud] Groups - Cloud use cases
> >>> (id-cloud-use-cases-draft-01l.doc) uploaded
> >>>
> >>> The document named Cloud use cases (id-cloud-use-cases-draft-
> 01l.doc)>>> has been submitted by Mr. John Tolbert to the OASIS 
> Identity in the
> >>> Cloud TC document repository.
> >>>
> >>> Document Description:
> >>> Revision&quot;L&quot;, including TSCP use case (section 2.14)
> >>>
> >>> View Document Details:
> >>> http://www.oasis-
> open.org/committees/document.php?document_id=39506>>>
> >>> Download Document:
> >>> http://www.oasis-open.org/committees/download.php/39506/id-
> cloud-use-
> >>> cases-draft-01l.doc
> >>>
> >>>
> >>> PLEASE NOTE:  If the above links do not work for you, your email
> >>> application may be breaking the link into two pieces.  You may be
> >>> able to copy and paste the entire link address into the address 
> field 
> of your web browser.
> >>>
> >>> -OASIS Open Administration
> 
> --------------------------------------------------------------------
> -
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-
> open.org/apps/org/workgroup/portal/my_workgroups.php 
> 
> 
> 
> 
begin:vcard
n:Turissini;Daniel
fn:Daniel E. Turissini
tel;cell:703-401-1706
tel;fax:703-246-8529
tel;work:703-246-8550
url:www.ORC.com
org:Operational Research Consultants, Inc.;
adr:;;South Tower, Suite 210, 11250 Waples Mill Road;Fairfax;Virginia;22030;USA
version:2.1
email;internet:turissd@orc.com
title:President
end:vcard