RE: [public-sector-cloud-discuss] PROPOSED TC CHARTER

["Neil McEvoy" <neil.mcevoy@l5consulting.net>]

Agreed all round.

In terms of contextualizing the business need, for sure, and this can draw
in other possible collaborators.

For example Anil describes a critical point in this US Gov blog:
http://tinyurl.com/6q6kvlg

"Especially when it comes to government services, a question that needs to
be asked is if the citizen has an existing relationship with the
government agency."

That's a simple but hugely important point. In my experience, every
interaction with a government agency is like the first one, over and over.
There's no CRM basics, no 'memory' of who the citizen is, so each
transaction is an entirely new set of forms to fill in etc., generating
huge bureaucracies...

Federated identity is a core mechanism to begin eliminating this issue..

Cheers Neil


> @Tony: Noting and agree with Tony's point about the additional (seemingly
> limitless) works in play right now ..
>
> @John: While I don't disagree with the fundamental thrust of the draft, I
> think it could do a slightly better job of contextualising what it is
> trying to achieve.
>
> My thought was that if 'cloud' was a spec of IT bits 'n pieces collected
> together to offer something (like SAML in spec of XML to offer
> authentication), then what we are proposing here is an
> implementation/conformance profile for government i.e. what features do
> governments want to see in cloud offerings to government.  Once you have
> these, you can set up conformance programs to check to see if the features
> in cloud vendor x or y are indeed present.
>
> Taking the SAML analogy one step further, armed with the conformance
> profile, governments then might agree on how those features (or a sub set
> that can be commonly agreed upon) are configured, in what is usually
> understood as a deployment profile. This is where the 'levels' come in -
> the configuration of the features will vary depending on the level.
>
> If the SAML conformance and deployment profile notions were well enough
> understood, then applying that approach here might help further decompose
> what seems to be an amorphous list of stuff..
>
> Linking back to Neil's reference to goings-on in Kantara, it's worth
> noting that Kantara does conformance testing and certification for SAML
> and will do for OpenID Connect when the spec is stable. And in the non
> technical spec area, it does assurance approval of identity IdPs and CSPs.
> So in essence, Kantara's work groups outputs are inputs to the assurance
> and certification programs. So to Neil's point, the outputs from the
> proposed Kantara CloudIDsec wg would inform the work in this group, and
> visa versa.
>
> Cheers
> Colin
>
> -----Original Message-----
> From: public-sector-cloud-discuss@lists.oasis-open.org
> [mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of
> Neil McEvoy
> Sent: Friday, 22 June 2012 7:52 a.m.
> To: public-sector-cloud-discuss@lists.oasis-open.org
> Subject: Re: [public-sector-cloud-discuss] PROPOSED TC CHARTER
>
>
> Thanks John.
>
> Here is an article I have just posted that clarifies the main ideas behind
> the Kantara CloudIDsec wg I have proposed for inclusion:
>
> http://cloudbestpractices.net/2012/06/21/ccommerce/
>
> The main idea being the role of Kantara as approved Trust Framework
> provider can enable Cloud hosters to be regulated in a form relevant to
> GovClouds, meeting the requirements of various relevant Whitehouse & other
> programs.
>
> Cheers Neil.
>
>
>> Thanks to all for the messages of support so far and for the
>> constructive
>> suggestions.  We will of course need many more supporters if we are to
>> get
>> the TC up and running but let's try and consolidate what we have so far
>> into
>> a possible Charter for the new TC.   Attached is a draft and please feel
>> free to edit it as you see fit.  It's important that we get this right
>> as
>> it
>> will be used to drive the work of the TC, so for instance have we got
>> the
>> right set of Deliverables or are the other things we should try and
>> produce?
>>
>>
>>
>>
>> Assuming that we can make good progress on this over the next few weeks
>> then
>> the plan would be to launch the new TC adjacent to the next
>> International
>> Cloud Symposium (ICS 2012) which will be held in Washington DC on 10th -
>> 12th October.  It was of course the ICS 2011 event that was the origin
>> of
>> this new TC so having the first meeting at ICS 2012 would be a very good
>> piece of publicity and hopefully would attract several new members.
>>
>>
>>
>> John
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
>> For additional commands, e-mail:
>> public-sector-cloud-discuss-help@lists.oasis-open.org
>
>
> --
> Neil McEvoy
> Founder and President
> Level 5 Consulting Group
> http://L5consulting.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> public-sector-cloud-discuss-help@lists.oasis-open.org
>
> ====
> CAUTION:  This email message and any attachments contain information that
> may be confidential and may be LEGALLY PRIVILEGED. If you are not the
> intended recipient, any use, disclosure or copying of this message or
> attachments is strictly prohibited. If you have received this email
> message in error please notify us immediately and erase all copies of the
> message and attachments. Thank you.
> ====
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> public-sector-cloud-discuss-help@lists.oasis-open.org
>
>


-- 
Neil McEvoy
Founder and President
Level 5 Consulting Group
http://L5consulting.net