Draft minutes of 07 February 2011 IDCloud TC meeting

["Gershon Janssen" <gershon@qroot.com>]

L.S.,

Please find attached the draft meeting minutes of the 07 February 2011 IDCloud TC meeting. 

Attendance is also updated in Kavi.

If you find any mistakes, please let me know.

Regards,

Gershon Janssen


----------------------------------------
DRAFT MINUTES
OASIS IDCloud TC Meeting
07 February 2011, 02:00pm ET, 20:00 CET
----------------------------------------

NEW ACTION ITEMS:

No new action items.

----------------------------------------

Scribe: Gershon Janssen

----------------------------------------

1. Roll Call and Agenda Review


Name              Company
----              -------
Andy Kindred      Acxiom 
John Dilley       Akamai Technologies 
Dale Moberg       Axway Software* 
Abbie Barbir      Bank of America 
Jeffrey Broberg   CA Technologies 
Kurt Roemer       Citrix Systems, Inc. 
Tom Bishop        Conformity 
Jonas Hogberg     Ericsson* 
Mark Robinton     HID Global 
Robert Cope       Homeland Security Consultants 
David Kern        IBM 
Matthew Rutkowski IBM 
David Chadwick    Individual 
Michele Drgon     Individual 
Gershon Janssen   Individual 
Thomas Hardjono   M.I.T. 
Anthony Nadalin   Microsoft Corporation 
Colin Wallis      New Zealand Government 
Polina Alber      Novell* 
Dale Olds         Novell* 
Anil Saldhana 	  Red Hat 
Darran Rolls      SailPoint Technologies 
Stephen Coplan    The 451 Group 
Brian Marshall    Vanguard Integrity Professionals 
Siddharth Bajaj   VeriSign 
Daniel Turissini  WidePoint Corporation 

Observers:
None

26 people on call, 20 of 22 voting members present.

This meeting quorates.

Status changes:
Gained voting rights: David Chadwick, Abbie Barbir and Anthony Nadalin


No changes and / or additions to the agenda.

----------------------------------------

2. Approval of previous Meeting Minutes

- 24 Jan 2011:
http://lists.oasis-open.org/archives/id-cloud/201102/msg00003.html

- 10 Jan 2011:
http://lists.oasis-open.org/archives/id-cloud/201101/msg00028.html


Darran Rolls moves to approve the minutes of 24 Jan and 10 Jan meetings; Thomas Hardjono seconds. Minutes are approved
by unanimous consent.

----------------------------------------

3. Use Cases Discussion

* IBM: Matt R (http://lists.oasis-open.org/archives/id-cloud/201101/msg00030.html)

Matthew Rutkowski elaborates on his use case.

Q. How detailed do we want to make our use cases?

Matthew Rutkowski (as editor): The more granular the better. The level of detail needed in each of the use cases is the
cloud based nature of the need or gap is exhibited by the multiple interactions against the same piece of data.

Thomas Hardjono: How many audit related use cases do we have?

Matthew Rutkowski (as editor): Audit aspects are not always fully elaborated on in all use cases.

Anil Saldhana: Most use cases from Citrix are about audit compliancy.

Stephen Coplan: Scope of TC should be the identity management angle related to audit compliancy.

Anil Saldhana: What we are doing is identifying a need for audit and compliancy, we are not defining how it's going to
be done, define formats, how to do the auditing and collection. We define the need.

Kurt Roemer: It's the need, not the logistics.


* Symantec: Siddharth (http://lists.oasis-open.org/archives/id-cloud/201102/msg00000.html)

Siddharth Bajaj elaborates on use cases.

Darran Rolls: Around privileges and management: any submissions on the actual process of privileged user administration
(how the administrative process works around the accounts themselves)?

Anil Saldhana: SafeNet has some elements in its use cases.

Matthew Rutkowski: SafeNet use cases probably need some more detail in this area.

Anil Saldhana: A bit worried about the privileged account administration surrounding the HyperVisor; no use cases
touching this right now.

Matthew Rutkowski: Some areas are missing as we don't have use cases for them. What do we want to do with those areas in
our draft document?

Anil Saldhana: Use case document goes through revisions, so lets start with a first version and update with more use
cases in the future as they come available.

Anil Saldhana: Identify open areas in document from e.g. meeting minutes as those have a recording of the proceedings to
the TC meetings. Maybe we should create a WIKI page to note down the missing areas for now.

Matt Rutkowski: Current missing areas:

- hypervisor/vios level identity, authentication
- cloud based certificate (generation) services
- cloud based granular key generation services
- including derivative certs/keys


* Bank of America - Dominique (http://lists.oasis-open.org/archives/id-cloud/201101/doc00005.doc)

Deferred to next meeting as Dominique is not on the call.


* Gov.NZ - Colin (http://lists.oasis-open.org/archives/id-cloud/201101/msg00029.html)

Colin Walis elaborates his use case submission.


* Univ Kent -David (http://lists.oasis-open.org/archives/id-cloud/201101/msg00031.html)

David Chadwick elaborates on use case submission.


Anil Saldhana: Next step is to correct / clean up / add more detail to the use cases and put them into the right
template.


----------------------------------------

4. IDCloud Webinar

Anil Saldhana: OASIS would like to hold a Webinar for IDCloud. Can be a good moment to present our current work, what we
have achieved and have some outreach. When is the best time for this?

Comments: Timing on Webinar should be according to work on use cases and 


----------------------------------------

5. Other Business

* NIST
NIST has published some documents on their website on Cloud Computing. Please have a look.

* F2F meeting
What timeframe are we looking at? Suggestion for April.
2-3 days for F2F seems to be most suitable; shorter is most likely not effective.

Anil Saldhana: Requests for locations for hosting the meeting; please post on list.

----------------------------------------

6. Adjourn

Next meeting will be the 21 February 2011.

Meeting adjourned.
----------------------------------------
----------------------------------------
DRAFT MINUTES
OASIS IDCloud TC Meeting
07 February 2011, 02:00pm ET, 20:00 CET
----------------------------------------

NEW ACTION ITEMS:

No new action items.

----------------------------------------

Scribe: Gershon Janssen

----------------------------------------

1. Roll Call and Agenda Review


Name              Company
----              -------
Andy Kindred      Acxiom 
John Dilley       Akamai Technologies 
Dale Moberg       Axway Software* 
Abbie Barbir      Bank of America 
Jeffrey Broberg   CA Technologies 
Kurt Roemer       Citrix Systems, Inc. 
Tom Bishop        Conformity 
Jonas Hogberg     Ericsson* 
Mark Robinton     HID Global 
Robert Cope       Homeland Security Consultants 
David Kern        IBM 
Matthew Rutkowski IBM 
David Chadwick    Individual 
Michele Drgon     Individual 
Gershon Janssen   Individual 
Thomas Hardjono   M.I.T. 
Anthony Nadalin   Microsoft Corporation 
Colin Wallis      New Zealand Government 
Polina Alber      Novell* 
Dale Olds         Novell* 
Anil Saldhana 	  Red Hat 
Darran Rolls      SailPoint Technologies 
Stephen Coplan    The 451 Group 
Brian Marshall    Vanguard Integrity Professionals 
Siddharth Bajaj   VeriSign 
Daniel Turissini  WidePoint Corporation 

Observers:
None

26 people on call, 20 of 22 voting members present.

This meeting quorates.

Status changes:
Gained voting rights: David Chadwick, Abbie Barbir and Anthony Nadalin


No changes and / or additions to the agenda.

----------------------------------------

2. Approval of previous Meeting Minutes

- 24 Jan 2011:
http://lists.oasis-open.org/archives/id-cloud/201102/msg00003.html

- 10 Jan 2011:
http://lists.oasis-open.org/archives/id-cloud/201101/msg00028.html


Darran Rolls moves to approve the minutes of 24 Jan and 10 Jan meetings; Thomas Hardjono seconds. Minutes are approved by unanimous consent.

----------------------------------------

3. Use Cases Discussion

* IBM: Matt R (http://lists.oasis-open.org/archives/id-cloud/201101/msg00030.html)

Matthew Rutkowski elaborates on his use case.

Q. How detailed do we want to make our use cases?

Matthew Rutkowski (as editor): The more granular the better. The level of detail needed in each of the use cases is the cloud based nature of the need or gap is exhibited by the multiple interactions against the same piece of data.

Thomas Hardjono: How many audit related use cases do we have?

Matthew Rutkowski (as editor): Audit aspects are not always fully elaborated on in all use cases.

Anil Saldhana: Most use cases from Citrix are about audit compliancy.

Stephen Coplan: Scope of TC should be the identity management angle related to audit compliancy.

Anil Saldhana: What we are doing is identifying a need for audit and compliancy, we are not defining how it's going to be done, define formats, how to do the auditing and collection. We define the need.

Kurt Roemer: It's the need, not the logistics.


* Symantec: Siddharth (http://lists.oasis-open.org/archives/id-cloud/201102/msg00000.html)

Siddharth Bajaj elaborates on use cases.

Darran Rolls: Around privileges and management: any submissions on the actual process of privileged user administration (how the administrative process works around the accounts themselves)?

Anil Saldhana: SafeNet has some elements in its use cases.

Matthew Rutkowski: SafeNet use cases probably need some more detail in this area.

Anil Saldhana: A bit worried about the privileged account administration surrounding the HyperVisor; no use cases touching this right now.

Matthew Rutkowski: Some areas are missing as we don't have use cases for them. What do we want to do with those areas in our draft document?

Anil Saldhana: Use case document goes through revisions, so lets start with a first version and update with more use cases in the future as they come available.

Anil Saldhana: Identify open areas in document from e.g. meeting minutes as those have a recording of the proceedings to the TC meetings. Maybe we should create a WIKI page to note down the missing areas for now.

Matt Rutkowski: Current missing areas:

- hypervisor/vios level identity, authentication
- cloud based certificate (generation) services
- cloud based granular key generation services
- including derivative certs/keys


* Bank of America - Dominique (http://lists.oasis-open.org/archives/id-cloud/201101/doc00005.doc)

Deferred to next meeting as Dominique is not on the call.


* Gov.NZ - Colin (http://lists.oasis-open.org/archives/id-cloud/201101/msg00029.html)

Colin Walis elaborates his use case submission.


* Univ Kent -David (http://lists.oasis-open.org/archives/id-cloud/201101/msg00031.html)

David Chadwick elaborates on use case submission.


Anil Saldhana: Next step is to correct / clean up / add more detail to the use cases and put them into the right template.


----------------------------------------

4. IDCloud Webinar

Anil Saldhana: OASIS would like to hold a Webinar for IDCloud. Can be a good moment to present our current work, what we have achieved and have some outreach. When is the best time for this?

Comments: Timing on Webinar should be according to work on use cases and 


----------------------------------------

5. Other Business

* NIST
NIST has published some documents on their website on Cloud Computing. Please have a look.

* F2F meeting
What timeframe are we looking at? Suggestion for April.
2-3 days for F2F seems to be most suitable; shorter is most likely not effective.

Anil Saldhana: Requests for locations for hosting the meeting; please post on list.

----------------------------------------

6. Adjourn

Next meeting will be the 21 February 2011.

Meeting adjourned.