OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [oasis-charter-discuss] Proposed Charter for OASIS Identity in the Clouds TC

I think this needs a little more work to be clear what it is intending.
Some of the purpose refers to identity in the Cloud Computing use cases
- other parts refer to harmonising vocabulary across all of Cloud
Computing, which I suspect is not what was intended.

The charter should explicitly reference relevant identity standards that
are already out there - IEC TC 3 has just done some work on principles
for identity schemes, and was surprised to discover just how many
identification schemes were out there for individuals, organisations and
information objects.  Please do not invent yet more through lack of

Reference should also be made to the identity assurance work developed
by the TSCP project and  groups such as Certipath for cross
certification of identity.

The methodology of defining use cases and then identifying the necessary
standards-based components to support them has particular resonance with
the US DoD DODAF 2.0 approach, and the work done on setting industry
standards by the US and European aeropsace industries.  The use cases
are a good method for engaging with the business community, and
recommendations for complete solutions can be compiled by adding the
other components to the identity recommendations.

Howard Mason
Chair, ISO/IEC/ITU-T/UNECE MoU Management group on eBusiness
Chair, ISO TC 184/SC 4 on Industrial data

Corporate IT Office
Tel: +44 1252 383129
Mob: +44 780 171 3340
Eml: howard.mason@baesystems.com
BAE Systems plc
Registered Office: 6 Carlton Gardens, London, SW1Y 5AD, UK
Registered in England & Wales No: 1470151 

-----Original Message-----
From: Mary McRae [mailto:mary.mcrae@oasis-open.org] 
Sent: 05 January 2010 16:19
To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org
Cc: oasis-charter-discuss@lists.oasis-open.org
Subject: [oasis-charter-discuss] Proposed Charter for OASIS Identity in
the Clouds TC

                    *** WARNING ***

  This message has originated outside your organisation,
  either from an external partner or the Global Internet. 
      Keep this in mind if you answer this message.

To OASIS Members:

  A draft TC charter has been submitted to establish the OASIS Identity
in the Clouds Technical Committee (below). In accordance with the OASIS
TC Process Policy section 2.2:
the proposed charter is hereby submitted for comment. The comment period
shall remain open until 11:45 pm ET on 19 January 2010.

  OASIS maintains a mailing list for the purpose of submitting comments
on proposed charters. Any OASIS member may post to this list by sending
email to:
mailto:oasis-charter-discuss@lists.oasis-open.org. All messages will be
publicly archived at:
http://lists.oasis-open.org/archives/oasis-charter-discuss/. Members who
wish to receive emails must join the group by selecting "join group" on
the group home page:
Employees of organizational members do not require primary
representative approval to subscribe to the oasis-charter-discuss

  A telephone conference will be held among the Convener, the OASIS TC
Administrator, and those proposers who wish to attend within four days
of the close of the comment period. The announcement and call-in
information will be noted on the OASIS Charter Discuss Group Calendar.

  We encourage member comment and ask that you note the name of the
proposed TC (IIC) in the subject line of your email message.



Mary P McRae
Director, Standards Development
Technical Committee Administrator
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: @fiberartisan #oasisopen
phone: 1.603.232.9090


OASIS Identity In the Clouds Technical Committee.
Statement of Purpose
Cloud Computing is turning into an important IT service delivery
paradigm. Many enterprises are experimenting with cloud computing, using
clouds in their own data centers or hosted by third parties, and
increasingly they deploy business applications on such private and
public clouds.
Cloud Computing raises many challenges that have serious security
implications.  Identity Management in the clouds is such a challenge.
Many enterprises avail themselves of a combination of private and public
Cloud Computing infrastructures to handle their workloads. In a
phenomenon known as "Cloud Bursting", the peak loads are offloaded to
public Cloud computing infrastructures that offer billing based on
usage. This is a use case of a Hybrid Cloud infrastructure.
Additionally, governments around the world are evaluating the use of
Cloud Computing for government applications. For instance, the US
Government has started apps.gov to foster the adoption of Cloud
Computing. Other governments have started or announced similar efforts.
The purpose of the OASIS Identity in the Clouds TC is to collect and
harmonize definitions, terminologies and vocabulary of Cloud Computing.
The TC will collect use cases to help identify gaps in existing Identity
Management standards. The uses cases will be used to identify gaps in
current standards and investigate the need for profiles for achieving
interoperability with in current standards. Additionally, the use cases
will be used to perform risk and threat analyses, leading to suggestions
for how to means to then and mitigate identified risks and the threats
and vulnerabilities.
The TC will focus on collaborating with industry fora such as the Cloud
Security Alliance and the ITU-T in the area of clouds security and
identity management. Liaisons will be identified with other standards
bodies and working groups on Cloud Computing.
The purpose of the TC is to harmonize
definitions/terminologies/vocabulary of Identity in the context of Cloud
Computing. The work will define use cases and profiles to identify gaps
in existing Identity Management standards as they apply in the cloud.
1. The TC may identify existing definitions, terminologies and
vocabulary of Identity in the context of Cloud Computing for harmonizing
the definitions, terminologies and vocabulary as the TC determines.
2. The TC may define use cases for Identity in the Clouds.
3. The TC may define profiles of existing interoperability protocols and
formats for usage of Identity in the Clouds, based on the identified use
cases.  Profiles are subsets of specifications and combinations of such
4. The TC may identify gaps in existing Identity Management
interoperability protocols and formats standards at OASIS and other
standards bodies and utilize the OASIS liaison process for communicating
the gaps.
5.  In all of its work, the TC should, to the extent feasible, prefer
widely implementable, widely interoperable, modular standards,
extensions, profiles and methods that permit use by a variety of
6. The TC will build on and use existing standards and specifications
when possible.
Out of Scope
1. Access Control, Levels of Assurance (LOA) and Personally Identifiable
Information (PII) in the context of cloud computing.
2. APIs or Implementations
3. Creation of new protocols or formats.

List of Deliverables
1. A document calling out in detail the specific use cases of cloud
computing that the TC plans to address in their work product. This
document will be completed and approved by the TC by July 2010.
2. A set of profiles and gaps, as described in paragraphs #3 and #4
under 'Scope', to be approved as a Committee Specification by December
2010, and the remainder if any to be approved by Committee
Specifications by [June 2011]. The TC may elect to create one or more of
such deliverables in whatever combination it deems appropriate.
3. Optionally, such other deliverables (e.g., those listed in paragraphs
1-6 under 'Scope') as the TC may elect, until the later of June 2011 or
such later date as the TC may elect to conclude.

IPR Policy:
Royalty Free on Limited Terms under the OASIS IPR Policy

Anticipated Audiences:
Enterprises interested in providing or using identity management
capabilities in a cloud computing infrastructure.
(2) Non-normative information regarding the start-up of the TC, which
(2)(a) Identification of similar or applicable work that is being done
in other OASIS TCs or by other organizations, why there is a need for
another effort in this area and how this proposed TC will be different,
and what level of liaison will be pursued with these other
The proposed "Identity In The Clouds TC" will be incorporating several
definitions, terminologies, vocabulary and standards from OASIS
standards bodies as well as standards work done by non-OASIS
organizations. The TC will use standards from several OASIS TCs and
standards from non-OASIS organizations.  Liaison will be established by
concurrent work items in the cited TCs' area of expertise.
(2)(b) The date, time, and location of the first meeting, whether it
will be held in person or by telephone, and who will sponsor this first
meeting. The first meeting of a TC shall occur no less than 30 days
after the announcement of its formation in the case of a meeting held
exclusively by telephone or other electronic means, and no less than 45
days after the announcement of its formation in the case of a meeting
held face-to-face (whether or not a telephone bridge is also available).
The proposed "Identity In The Clouds TC" will hold the first official
meeting on February 22, 2010 at 1pm ET by telephone and will use a free
conference call service.
(2)(c) The projected on-going meeting schedule for the year following
the formation of the TC, or until the projected date of the final
deliverable, whichever comes first, and who will be expected to sponsor
these meetings.
The TC will meet biweekly or as otherwise agreed upon by the members of
the technical committee.
(2)(d) The names, electronic mail addresses, and membership affiliations
of at least Minimum Membership who support this proposal and are
committed to the Charter and projected meeting schedule.
Anil Saldhana, Anil.Saldhana@redhat.com   (Red Hat)
Mark Little, mark.little@jboss.com   (Red Hat)
Timothy Brown, timothy.brown@ca.com , (CA)
Jeff Broberg, Jeffrey.Broberg@ca.com , (CA)
Abbie Barbir, abarbir@live.ca , Individual
Michael McIntosh, mike.g.mcintosh@gmail.com, Individual
June Leung, junelsleung@gmail.com, Individual
(2)(e) The name of the Convener who must be an Eligible Person.
Abbie Barbir.
(2)(f) Statements of Support
The name, electronic mail address, membership affiliation, and statement
of support for the proposed Charter from the Primary Representative
1.      Paul Lipton, CA, Paul.Lipton@ca.com
CA approves our participation as co-proposers for this TC.
2.      Mark Little, Red Hat mark.little@jboss.com
I approve of Red Hat's participation in this group and that it is very
important for Cloud in general and Red Hat's activities in that area.
(2)(g) The name of the Member Section with which the TC intends to
affiliate, if any.
Oasis IDTrust Member Section.
(2)(h) Optionally, a list of contributions of existing technical work
that the proposers anticipate will be made to this TC.
(2)(i) Optionally, a draft Frequently Asked Questions (FAQ) document
regarding the planned scope of the TC, for posting on the TC's website. 
To be provided at a later date.
(2)(j) Optionally, a proposed working title and acronym for the
specification(s) to be developed by the TC.
To be provided at a later date.

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]