OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: MINUTES OASIS IDCloud TC Meeting 20 February 2012

OASIS IDCloud TC Meeting
20 February 2012, 02:00pm to 03:00pm ET

Scribe: Gershon Janssen

1. Roll Call and Agenda Review

Name              Status
----              ------
Anil Saldhana     Member
Gershon Janssen   Member
Matthew Rutkowski Member
Roger Bass        Member
Dominique Nguyen  Member
Cathy Tilton      Member


6 people joined the meeting.

This meeting does not quorate.

Member status status changes:

Lost voting rights:
Brian Marshall
David Turner

Gained voting rights:
Cathy Tilton

Now: 10 voting members in TC.

2. Approval of Minutes

- 06 Feb 2012 Meeting: 

Deferred to next meeting as this meeting does not quorate.

3. Gap Analysis Editor's Draft [Gershon]


Textual remarks:
- change to "Redhat" instead of "RedHat"
- oAuth should be OAuth

Structure remarks:
- Mention long names or full names in a separate table or reference section.
- Include links to their (i) website (ii) link to their standard version.
- Create 2 tables.

Approach for next steps:
- Ask ourself a set of questions: e.g. where do we believe the standards
fall short; what do we perceive as missing.
- Do more gap analysis offline via the email threads
- Also continue with the informal gap analysis meetings

- Suggestions for approaches: 
  - (i) per use case or (ii) per standard
  - first pass: go through all as a group; write down what we know. After
that, publish as a draft and validate if our assumptions are true or not.

- Scheduling informal meeting:
  - Matt: Fridays are good; Wednesdays are also good. Tuesdays are good as

- Gershon talks about Trust and Trust Frameworks
- Dominique: you asked me to have Abbie talk about Trust Framework and he
accepted. Dominique will check with Abbie to talk about trust frameworks
during our next TC meeting.

4. Gap Analysis Discussion

- Use case 19:
  - if one can audit in the cloud, the accesses on a simple piece of blog
data, one has basically the foundation for auditing other data
  - within a enterprise there are compliance regulations
  - within a cloud these standards do not exist
  - cloud standards e.g. SNIA not doing auditing yet. DMTF CIMI is
considering this
  - would be worth considering the format.
  - reporting access management type events; audit requirements: timestamp,
identity, identity of resource invovled (e.g. document, storage device)
  - also if encryption is applied (how it is protected)
  - also hardware side: on which server this is running on (e.g. virtual
image running on vCloud, etc.)
  - audit 3 spaces (i) storage (ii) computing (iii) network space
  - include / extend with management for keys? yes should do this as its a
difficult issue. key life cycle management.
  - syslog as a log format; SNIA for network storage for cloud; DMTF Cloud
management working group with spec CIMI (management interface standard)
  - Data Model and topology aligned.
  - CloudAuditing Workgroup at DMTF, working with CIMI to provide audit type
event and reports to be carried by their management interfaces.
  - group working on audit reports, privacy information obfuscations, soa,
  - group does not talk about access control.
  - privacy management; KMIP (key life cycle management)
  - quantum; open networking management standard

5. Other Business

- Gershon to participate in CloudScape conference this week; will talk about

6. Adjourn

Meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]