[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Fwd: [id-cloud] Groups - Cloud use cases (id-cloud-use-cases-draft-01l.doc)uploaded
Strongly concur. ----- Original Message ----- From: Matt Rutkowski <mrutkows@us.ibm.com> Date: Thursday, September 23, 2010 12:44 pm Subject: Re: Fwd: [id-cloud] Groups - Cloud use cases (id-cloud-use-cases-draft- 01l.doc)uploaded > Anil, > > I think that we should avoid people directly adding use cases > before they > are reviewed during a meeting for comment. Additionally, I would > suggest > only editors perform changes or persons the editors grant "the pen" > to on > the official OASIS preliminary drafts. > > Of concern in this case, is that we now have a use case that seems > to > endorse a specific security framework/model: > > "Toward that end, TSCP has developed a technical specification that > uses > identity federation technology to provide access to shared > resources. This > specification is known as Document Sharing via Identity Federation > (DSIF). > DSIF is a cloud-computing model which is predicated upon the > notion that > TSCP members gain access to electronic resources shared among the > various > members and other service providers. TSCP members agree to adhere > to the > internally defined Common Operating Rules, which include terms for > identity federation governance. > > Even with Kerberos, we were careful to discuss the need for > "profiles" > that describe how our more generic use cases COULD be implemented. > From > my point of view, these is less of a cloud identity use case than > an > injection of a specific methodology and architecture (which at this > point > is opaque to me). > > Where TSCP lists: > Share Information Beyond Organizational Boundaries - Allows users > to > easily and securely access documents that are housed in multiple > security > domains within an enterprise or across multiple organizations, and > across > international boundaries such that different regulatory policies > (e.g. > privacy) and national security policies must be simultaneously > enforced.Reduction in Costs Related to Credential Management > Identity federation > allows for authentication token reuse, resulting in reduced costs > to > application owners and simplification of authentication token > management > for end users. > Increase Identity Assurance of End Users Identity federation, as > defined > by DSIF v1, provides a common framework across the aerospace and > defense > sector for establishing the appropriate level of identity assurance > to be > used when remotely accessing specific categories of information on > electronic systems. > Reduce Sign On End User Experience Identity Federation allows the > end > user to enter credentials fewer times in the process of accessing > and > completing their work tasks. > Improved Security through the use of strong, vetted, two-factor > authentication, mapping to NIST 800-63 identity assurance levels, > and > reflecting changes to credentials immediately across the federated > trust. > I see potential "use cases" that are suitable for inclusion in our > TC > document, but instead I see top-level requirements on security, > that have > ready made solutions within a TSCP framework. We have already had > a > discussion that defining a security framework goes beyond our > charter and > referencing a ready made one goes even beyond that. > > When I read the TSCP requirements above, I see general use cases for: > > hybrid cloud (federated) identity and access control to document > resourcesmgmt./use of authentication tokens to simplify access control > clear/consistent role definitions, access control levels > Single Sign-On (federated) > Secure protocols for authentication based upon "trust" credentials, > perhaps certificates and/or granular open standard trust protocols > > In light of this, I would ask that we remove the TSCP section as a > "use > case" and instead leave it apart, until it can be > reviewed/commented upon > and turned into purely use cases with reliance on TSCP framework > references reduced. The previous draft has outstanding edits due > for > comments provided on our official review call that will affect our > F2F > discussion on our "template" for use cases which I hoped to work on > this > weekend. Please permit me to restore the draft to its previous > version > for making these edits for our scheduled F2F review and table the > TSCP use > case(s) for separate review later in the day. > > Kind regards, > Matt > > > > > Anil Saldhana <Anil.Saldhana@redhat.com> > 09/22/2010 10:36 PM > > To > "Tolbert, John W" <john.w.tolbert@boeing.com> > cc > "id-cloud@lists.oasis-open.org" <id-cloud@lists.oasis-open.org> > Subject > Re: Fwd: [id-cloud] Groups - Cloud use cases > (id-cloud-use-cases-draft-01l.doc)uploaded > > > > > > > John, > many thanks. > > The document is reflected in the wiki page: > http://wiki.oasis-open.org/id-cloud/MemberSubmissions > > Regards, > Anil > > On 09/22/2010 08:25 PM, Tolbert, John W wrote: > > > > > > -----Original Message----- > > From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com] > > Sent: Wednesday, September 22, 2010 6:19 PM > > To: id-cloud@lists.oasis-open.org > > Subject: Re: Fwd: [id-cloud] Groups - Cloud use cases > (id-cloud-use-cases-draft-01l.doc)uploaded > > > > John, > > I am wondering if you can put your use case in a separate > document > (Doc or PDF) and send it to the list. > > > > Since the use case document may get edits, I would like your > original > submission be available as-is for the future. > > > > Regards, > > Anil > > > > On 09/22/2010 06:15 PM, anil.saldhana@redhat.com wrote: > >> Thanks John for Boeing's use cases. > >> > >> See you at f2f. > >> > >> > >> Begin forwarded message: > >> > >>> From: john.w.tolbert@boeing.com > >>> Date: September 22, 2010 2:55:39 PM CDT > >>> To: id-cloud@lists.oasis-open.org > >>> Subject: [id-cloud] Groups - Cloud use cases > >>> (id-cloud-use-cases-draft-01l.doc) uploaded > >>> > >>> The document named Cloud use cases (id-cloud-use-cases-draft- > 01l.doc)>>> has been submitted by Mr. John Tolbert to the OASIS > Identity in the > >>> Cloud TC document repository. > >>> > >>> Document Description: > >>> Revision"L", including TSCP use case (section 2.14) > >>> > >>> View Document Details: > >>> http://www.oasis- > open.org/committees/document.php?document_id=39506>>> > >>> Download Document: > >>> http://www.oasis-open.org/committees/download.php/39506/id- > cloud-use- > >>> cases-draft-01l.doc > >>> > >>> > >>> PLEASE NOTE: If the above links do not work for you, your email > >>> application may be breaking the link into two pieces. You may be > >>> able to copy and paste the entire link address into the address > field > of your web browser. > >>> > >>> -OASIS Open Administration > > -------------------------------------------------------------------- > - > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis- > open.org/apps/org/workgroup/portal/my_workgroups.php > > > >
begin:vcard n:Turissini;Daniel fn:Daniel E. Turissini tel;cell:703-401-1706 tel;fax:703-246-8529 tel;work:703-246-8550 url:www.ORC.com org:Operational Research Consultants, Inc.; adr:;;South Tower, Suite 210, 11250 Waples Mill Road;Fairfax;Virginia;22030;USA version:2.1 email;internet:turissd@orc.com title:President end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]