[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: MINUTES OASIS IDCloud TC Meeting 05 March 2012
---------------------------------------- DRAFT MINUTES OASIS IDCloud TC Meeting 05 March 2012, 02:00pm to 03:00pm ET ---------------------------------------- Scribe: Gershon Janssen 1. Roll Call and Agenda Review Name Status ---- ------ Abbie Barbir Member Anil Saldhana Member Anthony Nadalin Member Brian Marshall Member David Kern Member David Turner Member Dr. Dominique Nguyen Member Gershon Janssen Member Matthew Rutkowski Member Roger Bass Member Cathy Tilton Member Observers: None. Guest speaker: Mary Rubby 11 people joined the meeting. This meeting quorates. Member status status changes: Lost voting rights: None. Gained voting rights: None. Now: 10 voting members in TC. 2. Approval of Minutes - 6 Feb 2012 Meeting Minutes http://lists.oasis-open.org/archives/id-cloud/201202/msg00049.html MOTION: Abbie moves to approve the 06/Feb minutes. Anil seconds. No discussion; motion carries. - 20 Feb 2012 Meeting Notes http://lists.oasis-open.org/archives/id-cloud/201203/msg00001.html MOTION: Abbie moves to append them to today's meeting notes; Anil seconds. No discussion; motion carries. 3. Introduction to Oasis Trust Elevation TC and Q&A Abbie Barbir and Mary Rubby provide an introduction to the Trust Elevation TC. 4. Comments received on the Use Case document public review http://lists.oasis-open.org/archives/id-cloud-comment/201203/threads.html [Martin Chapman, Oracle] http://lists.oasis-open.org/archives/id-cloud-comment/201202/threads.html [Dr.Michael Poulin] Tony: - normative normally referred to as the RFC2119 like normative; we might need to clarify normative in the context of this document - the term normative is wanted in these use cases. Matt: - I would be in favor of clarifying our use of term normative Abbie: - Clarifying normative to the context of this document; will it not clash with the formal meaning of normative? - TAB changed a Committee Note to non-normative; a note will never be normative Tony: - Normative is used within the context of use case; so how these ought to work - Suggestion to put normative explanation in the document in order to clarify. Matt: - the term normative to many people who deal with specs and RFC language is a loaded term, even though it was used in prose with the plain spoken use definition it will always be contentious Abbie: Adj.1.normative - relating to or dealing with norms; "normative discipline"; "normative samples" 2.normative - pertaining to giving directives or rules; "prescriptive grammar is concerned with norms of or rules for correct usage" prescriptive grammar - the branch of linguistics that deals with syntax and morphology (and sometimes also deals with semantics) abbie: normative [nmtv] adj 1. implying, creating, or prescribing a norm or standard, as in language normative grammar 2. expressing value judgments or prescriptions as contrasted with stating facts normative economics 3. of, relating to, or based on norms normatively adv normativeness n Gershon: - suggests: clarifying normative is fine, but why not stay away from this word so it's clear to everybody and we do not get into this discussion? Abbie: - replace it with required Matt: - propose to rewrite the section where normative is used. TC agreed to this. Tony: - another PR or not? a 15 day review should be sufficient. MOTION: Abbie moves to address the comments and to proceed to publish a Committee Note. Dominique seconds. No discussion. Motion carries. 5. Gap Analysis Insufficient time; agenda item deferred. 6. Issues from JIRA Insufficient time; agenda item deferred. 7. Adjourn Meeting adjourned. APPENDED DRAFT MINUTES ---------------------------------------- OASIS IDCloud TC Meeting 20 February 2012, 02:00pm to 03:00pm ET ---------------------------------------- Scribe: Gershon Janssen 1. Roll Call and Agenda Review Name Status ---- ------ Anil Saldhana Member Gershon Janssen Member Matthew Rutkowski Member Roger Bass Member Dominique Nguyen Member Cathy Tilton Member Observers: None. 6 people joined the meeting. This meeting does not quorate. Member status status changes: Lost voting rights: Brian Marshall David Turner Gained voting rights: Cathy Tilton Now: 10 voting members in TC. 2. Approval of Minutes - 06 Feb 2012 Meeting: http://www.oasis-open.org/apps/org/workgroup/id-cloud/email/archives/201202/ msg00049.html Deferred to next meeting as this meeting does not quorate. 3. Gap Analysis Editor's Draft [Gershon] Word: http://www.oasis-open.org/committees/document.php?document_id=45205&wg_abbre v=id-cloud PDF: http://www.oasis-open.org/committees/document.php?document_id=45206&wg_abbre v=id-cloud Textual remarks: - change to "Redhat" instead of "RedHat" - oAuth should be OAuth Structure remarks: - Mention long names or full names in a separate table or reference section. - Include links to their (i) website (ii) link to their standard version. - Create 2 tables. Approach for next steps: - Ask ourself a set of questions: e.g. where do we believe the standards fall short; what do we perceive as missing. - Do more gap analysis offline via the email threads - Also continue with the informal gap analysis meetings - Suggestions for approaches: - (i) per use case or (ii) per standard - first pass: go through all as a group; write down what we know. After that, publish as a draft and validate if our assumptions are true or not. - Scheduling informal meeting: - Matt: Fridays are good; Wednesdays are also good. Tuesdays are good as well. - Gershon talks about Trust and Trust Frameworks - Dominique: you asked me to have Abbie talk about Trust Framework and he accepted. Dominique will check with Abbie to talk about trust frameworks during our next TC meeting. 4. Gap Analysis Discussion - Use case 19: - if one can audit in the cloud, the accesses on a simple piece of blog data, one has basically the foundation for auditing other data - within a enterprise there are compliance regulations - within a cloud these standards do not exist - cloud standards e.g. SNIA not doing auditing yet. DMTF CIMI is considering this - would be worth considering the format. - reporting access management type events; audit requirements: timestamp, identity, identity of resource invovled (e.g. document, storage device) - also if encryption is applied (how it is protected) - also hardware side: on which server this is running on (e.g. virtual image running on vCloud, etc.) - audit 3 spaces (i) storage (ii) computing (iii) network space - include / extend with management for keys? yes should do this as its a difficult issue. key life cycle management. - syslog as a log format; SNIA for network storage for cloud; DMTF Cloud management working group with spec CIMI (management interface standard) - Data Model and topology aligned. - CloudAuditing Workgroup at DMTF, working with CIMI to provide audit type event and reports to be carried by their management interfaces. - group working on audit reports, privacy information obfuscations, soa, etc. - group does not talk about access control. - privacy management; KMIP (key life cycle management) - quantum; open networking management standard 5. Other Business - Gershon to participate in CloudScape conference this week; will talk about ID-Cloud. 6. Adjourn Meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]