id-cloud message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Editor's Summary - Work items for a 2nd CND of Use Case Document
- From: Matt Rutkowski <mrutkows@us.ibm.com>
- To: id-cloud@lists.oasis-open.org
- Date: Mon, 11 Jul 2011 11:43:15 -0500
IDCloud TC Members,
Here is a summary of the work items
that need to be completed on the current use case document to prepare it
for a 2nd CND:
In general:
- Normalization of Use Case Actors, Services,
System Names
- I normalized use cases 1-14 and use
case 21, all other use cases need updated Process Flows that reflect the
normalization conventions described earlier in the document. Once process
flows are normalized, reflect the new actors, services and systems in each
use case's categorization table.
- Terms and Definitions need general review
by TC or interested subgroup, I worked to reduce terms/defn to ones we
actually reference or may reference. These are based upon the SAML
2 Glossary and the ITU-T defns.
- Where both the SAML Glossary and ITU-T
had competing defns. I decided to leave BOTH, so need to resolve to a single
description for each term where this is the case.
Specifics Use Case Notes/Work Items:
- Use Case 9: "Cloud Signature Service":
Subgroup from F2F agreed to rewrite as a "Signing in the Cloud"
use case. Subgroup to rework to tie to identity and use Use case
#14 as input. (Roger, Dale, Doron, Matt, etc.). Rewrite so that the cloud
based signature service has to tie this to an identity in the cloud. Include
Federated identity so that receivers of the document can validate the signatures
(FIM). Would also suggest developing the use case process-flow around 1
or 2 of these formats which would help flush out “Notable Services”,
“Actors” and further dependencies and assumptions.
- Use Case 11: "Enterprise to Cloud SSO":
This use case (along with the portion of Use Case 10 and Use Case 12 all
originally from SafeNet), are perhaps specific scenarios of use case 6
"Federated SSO and Attribute Sharing". Another comment
was this could be a scenario of use case 19 “Access to Enterprise’s Workforce
Applications Hosted in Cloud”. It was suggested that we, at some
point, list related use cases.
- Use Case 12: "Consumer Cloud Identity
Management, Single Sign-On (SSO) and Authentication": Same comments
as Use Case 11
- Use Case 13: "Transaction Validation
and Signing in the Cloud": TBD, perhaps reflect specific goals of
the 3rd use case scenario, Doron asked that we remove in favor of PrimeKey
use case. Is this still his wish?
- Use Case 14: "Enterprise Purchasing
from a Public Cloud": Subgroup from F2F agreed to rewrite as “Delegation
/ Chaining of Signing Authority”. Also, TBD, I would suggest exhibiting
the need for these identity related security services in the use case <or>
break them down into 3 use cases because 3 goals are listed.
- Is there a way to summarize the goals, e.g.
“Reduce the need for maintaining duplicate identities across cloud and
enterprise deployments”?
- Use Case 15: "" : Move as scenario
under #20 and preserve the title and reference #13 as an example of a compatible
authentication Service in the cloud.
- Use Cases 15, 16,17 (most from Ping identity):
Combine into one use case with separate scenarios. (i.e. "Access to
Enterprise’s Workforce Applications Hosted in Cloud", "Offload
Enterprise’s Business Partner Identity Management". "Access
to Enterprise’s Customer Applications Hosted in Cloud")
- Use Case 23: " Mobile Customers’ Identity
Authentication Using a Cloud provider ": Doron: with PC and browser
u have SAML and other mechanisms for establishing identity whereas mobile
devices (with rich clients) the art of “federation” is less clearly established.
Also, these devices often better enable multi-factor auth. (such as from
camera phones, device IDs, GPS, etc.)
- Use Case 25: This use case re-enforces the
need for mutual authentication. Tony: EV Certs do not mandate mutual auth.
Peter: The user deserves to ability to validate the id of the provider
of a service. Author: this use case can be combined with another use
case Anil: EV Certi is a form of an identity indicator.
- Use Case 28: "Federated User Account
and Attribute Provisioning": Needs review and simplification. Formerly
Use Case #16 from F2F. Homeland Security Consultants
- Use Case 29: "Describe Entitlement Model":
Remove use case as “out of scope” or request author to rewrite with reference
to Attribute Management and Audit & Compliance aspects. Formerly Use
Case #17 from F2F. At F2F we agreed to remove as “out of scope” (i.e.
due to entitlements) unless author could rewrite in terms of “attribute”
management only. Formerly Use Case #17 from F2F.
- Use Case 30: "List Accounts and Entitlement
Assignments": Needs review and rewrite. Formerly Use Case #18 from
F2F. At F2F we agreed to remove as “out of scope” (i.e. due to entitlements)
unless author could rewrite in terms of “attribute” management only.
- Use Case 31: "Governance Based Provisioning":
Author requested to shift to Attribute Management model. Formerly
Use Case #19 at F2F. At F2F we agreed to remove as “out of scope” (i.e.
due to provisioning) unless author could rewrite in terms of “attribute”
management only.
Specific Workitems for Terms/Defns.:
Other potential Terms to define (and
perhaps find an appropriate external reference) that I see have been used
in use cases:
- Cloud Identity Store
- Multi-Tenancy
- Subscriber
- Virtual Machine
- Deployer
- Local Identity
- Strong Authentication
- Sensitive Operations
- Decommission (identity)
- Privacy Policies (PII?)
- (Identity) Proofing
- Plain “step-up” Authentication
We
can discuss these items as part of IDCloud TC today's agenda...
Kind regards
Matt
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]