SlideShare una empresa de Scribd logo

Anil saldhana oasisid_cloud

Anil Saldanha
Anil Saldanha
1 de 24
Descargar para leer sin conexión
Oasis Identity In The Cloud TC Towards standardizing Cloud Identity Anil Saldhana (Red Hat), TC Co-Chair
Need for standards in the cloud § Standards and rapid innovation?
Frustrations with Cloud Computing Mount Cloud computing lacks standards about data handling and security practices, and there's not even any agreement about whether a vendor has an obligation to tell users if their data is in the U.S. or not. The cloud computing industry has some of the characteristics of a Wild West boom town. But the local saloon's name is Frustration. http://www.computerworld.com/s/article/9175102/Frustrations_with_cloud_computing_mount (April 2010)
Lawmakers worry about lack of cloud computing guidance In a letter to General Services Administration CIO Casey Coleman, Rep. Edolphus Towns, D-N.Y., and Rep. Diane Watson, D-Calif., expressed concern about the absence of clear policies, procedures and standards to support the federal government's initiative to move many agency networks to platforms operated by contractors, or in the cloud. http://www.nextgov.com/nextgov/ng_20100609_2152.php
IDCloud TC § Lets begin with history...
Oasis IDCloud TC History ● Roots in the Oasis IDTrust Member Section Steering Committee. ● Jump started a brainstorming group with top IDM experts. ● Small group to yield a focused charter. ● Charter distributed to extend proposer list ● Charter published for open comment ● Co-Chairs: Anil Saldhana (Red Hat), Tony Nadalin (Microsoft) ● About 18 Months of TC lifetime
IDCloud TC Members § Are we really serious?
Members Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems, SAP, EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing Corp, US DOD, Verisign, Akamai, Alfresco, Citrix, Cap Gemini, Google, Rackspace, Axciom, Huawei, Symplified, Thales, Conformity, Skyworth TTG, MIT, Jericho Systems, PrimeKey, Aveksa, Mellanox, Vanguard Integrity Professionals ...
IDCloud Charter § Objectives
Charter ● Three Stages ● Use Cases Formalization ● Gap Analysis of existing IDM standards – Feed analysis back to the WG responsible for a standard ● Profiles of Use Cases
Charter ● Other Objectives ● Do not reinvent the wheel ● Strong liaison relationships with other working groups internationally ● Glossary of Cloud Identity
IDCloud Use Cases § Are we working?
Clouds need Accounts ● Privileged Account Management ● Use Case by SafeNet Inc (Doron Cohen) ● Strong authentication, authorization and auditing needs ● Account Management ● Use Case by Ping Identity (Patrick Harding) ● Consistent maintenance of user accounts ● Automated CRUD of user accounts
Cloud Identities ● Virtualization Security ● Use Case by Red Hat Inc (Anil Saldhana) ● Identities managing VM, Infrastructure, Applications ● Middleware Containers in Public Clouds ● Use Case by Red Hat Inc (Anil Saldhana) ● Deployer Identities manage the middleware application lifecycle (running in 1 VM / cluster of VM) ● Application Identities
Federated SSO ● Kerberos In The Cloud ● Use Case by MIT Kerberos Consortium (Thomas Hardjono) ● 60% of large enterprises and medium businesses driven by Kerberos ● Natural extension of enterprise services into the cloud ● Issues http://www.oasis-open.org/committees/document.php?document_id=38245 – Identity Definition/Attributes – Identity Metadata Exchange – Cross Realm Trust – Interoperability with other IDM standards
Federated SSO ● Mixture of Infrastructure ● Use Case by Ping Identity (Patrick Harding) ● Enterprise Cloud (Mixture of IaaS, Paas and Saas) ● Cloud Users of enterprise clouds are in 3 categories – Workforce (Employee/Contractors) – Partners (vendors, suppliers, franchises, distributors) – Customers ● SSO for browser based apps and APIs
Federated SSO/ Attribute Sharing ● Token Format and Transformation ● Use Case by Red Hat (Anil Saldhana) ● Mixture of enterprise and user centric identities – Security Token Format – Security Token Transformation
Identity Auditing ● Tamper Proof Audit Trails ● What standards exist? ● Forensic aspects incorporated? ● CloudAudit.org
Identity Provisioning ● Cloud Resources are not part of an identity ● Decommissioned identities should not decommision the resources. ● Silos part of one cloud or many ● Directory Synchronization ● Attribute Aggregation
Other Topics ● Identity Configuration ● Metadata driven configuration ● Privacy and Governance Frameworks ● Transactions and Signatures ● Non-repudiation ● Government Clouds
IDCloud Road Map
Road Map ● Use Cases are being gathered and discussed for patterns ● In few months, we will formalize use cases. ● Parallel, gap analysis and profiles.
Resources ● Oasis TC Page http://www.oasis-open.org/committees/id-cloud/ ● Oasis TC Wiki http://wiki.oasis-open.org/id-cloud/FrontPage ● Wiki Page with links to member submissions http://wiki.oasis-open.org/id-cloud/MemberSubmissions ● Q&A
THANK YOU !!! anil.saldhana@redhat.com

Recomendados

Oasis Identity In The Cloud Technical Committee
Oasis Identity In The Cloud Technical CommitteeOasis Identity In The Cloud Technical Committee
Oasis Identity In The Cloud Technical CommitteeAnil Saldanha
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM ReconciliationAidy Tificate
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaSDrew Koenig
 
CIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCloudIDSummit
 
IAM Cloud
IAM CloudIAM Cloud
IAM CloudAidy Tificate
 
CIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market OverviewCIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market OverviewCloudIDSummit
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 

Recomendados

Oasis Identity In The Cloud Technical Committee
Oasis Identity In The Cloud Technical CommitteeOasis Identity In The Cloud Technical Committee
Oasis Identity In The Cloud Technical CommitteeAnil Saldanha
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM ReconciliationAidy Tificate
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaSDrew Koenig
 
CIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCloudIDSummit
 
IAM Cloud
IAM CloudIAM Cloud
IAM CloudAidy Tificate
 
CIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market OverviewCIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market OverviewCloudIDSummit
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 
Azure Introduction for IT Pros #1 Mobility
Azure Introduction for IT Pros #1 MobilityAzure Introduction for IT Pros #1 Mobility
Azure Introduction for IT Pros #1 MobilityMorgan Simonsen
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a ServicePrabath Siriwardena
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Accenture
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity ManagementWSO2
 
Two Factor Authentication for VPN
Two Factor Authentication for VPNTwo Factor Authentication for VPN
Two Factor Authentication for VPNArrayShield Technologies Private Limited
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Two Factor Authentication for Salesforce
Two Factor Authentication for SalesforceTwo Factor Authentication for Salesforce
Two Factor Authentication for SalesforceArrayShield Technologies Private Limited
 
PROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENTPROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENThardik soni
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Managementrver21
 
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityZero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityOneLogin
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick TourActive Base
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceForgeRock
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCloudIDSummit
 
Into the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudInto the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudPouria Ghatrenabi
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowresHai Nguyen
 
El liderazgo en las organizaciones
El liderazgo en las organizacionesEl liderazgo en las organizaciones
El liderazgo en las organizacionesDiseño y Decoración J & C
 
Social Media Case Study from the Social Media Shop
Social Media Case Study from the Social Media ShopSocial Media Case Study from the Social Media Shop
Social Media Case Study from the Social Media ShopThe Social Media Shop
 

Más contenido relacionado

La actualidad más candente

Azure Introduction for IT Pros #1 Mobility
Azure Introduction for IT Pros #1 MobilityAzure Introduction for IT Pros #1 Mobility
Azure Introduction for IT Pros #1 MobilityMorgan Simonsen
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Accenture
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity ManagementWSO2
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
PROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENTPROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENThardik soni
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Managementrver21
 
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityZero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityOneLogin
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick TourActive Base
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceForgeRock
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCloudIDSummit
 
Into the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudInto the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudPouria Ghatrenabi
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowresHai Nguyen
 

La actualidad más candente (20)

Azure Introduction for IT Pros #1 Mobility
Azure Introduction for IT Pros #1 MobilityAzure Introduction for IT Pros #1 Mobility
Azure Introduction for IT Pros #1 Mobility
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
 
Two Factor Authentication for VPN
Two Factor Authentication for VPNTwo Factor Authentication for VPN
Two Factor Authentication for VPN
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security Playbook
 
Two Factor Authentication for Salesforce
Two Factor Authentication for SalesforceTwo Factor Authentication for Salesforce
Two Factor Authentication for Salesforce
 
PROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENTPROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENT
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
 
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityZero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introduction
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical Quest
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computing
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX Interface
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
 
Into the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudInto the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the Cloud
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
 

Destacado

Social Media Case Study from the Social Media Shop
Social Media Case Study from the Social Media ShopSocial Media Case Study from the Social Media Shop
Social Media Case Study from the Social Media ShopThe Social Media Shop
 
OMK Camp webinar_09 sample
OMK Camp webinar_09 sampleOMK Camp webinar_09 sample
OMK Camp webinar_09 sampleGeorgene Bender
 
Trypes
TrypesTrypes
Trypesbymafe
 
งานนำเสนอ1.2
งานนำเสนอ1.2งานนำเสนอ1.2
งานนำเสนอ1.2sirivadee
 
волейбол для новичков
волейбол для новичковволейбол для новичков
волейбол для новичковguest9e8b92
 
áLbum de fotografías yadiz z
áLbum de fotografías yadiz záLbum de fotografías yadiz z
áLbum de fotografías yadiz zguest790d33
 
اختبار هرمي لمادة النحو
اختبار هرمي لمادة النحواختبار هرمي لمادة النحو
اختبار هرمي لمادة النحوahmed
 
Special Needs - Wakefield Diocese
Special Needs - Wakefield DioceseSpecial Needs - Wakefield Diocese
Special Needs - Wakefield DioceseKatherine Lyddon
 
Prism March 2011
Prism March 2011Prism March 2011
Prism March 2011afpizzitola
 
FPO 10 Step DIY Critique
FPO 10 Step DIY CritiqueFPO 10 Step DIY Critique
FPO 10 Step DIY CritiqueAURAS Design
 
S2dot0 slides2011©francescopintus
S2dot0 slides2011©francescopintusS2dot0 slides2011©francescopintus
S2dot0 slides2011©francescopintustagbologna lab
 
Τα στημένα παιχνίδια!!!
Τα στημένα παιχνίδια!!!Τα στημένα παιχνίδια!!!
Τα στημένα παιχνίδια!!!bymafe
 
Women 01
Women 01Women 01
Women 01bymafe
 

Destacado (20)

El liderazgo en las organizaciones
El liderazgo en las organizacionesEl liderazgo en las organizaciones
El liderazgo en las organizaciones
 
Social Media Case Study from the Social Media Shop
Social Media Case Study from the Social Media ShopSocial Media Case Study from the Social Media Shop
Social Media Case Study from the Social Media Shop
 
OMK Camp webinar_09 sample
OMK Camp webinar_09 sampleOMK Camp webinar_09 sample
OMK Camp webinar_09 sample
 
Trypes
TrypesTrypes
Trypes
 
งานนำเสนอ1.2
งานนำเสนอ1.2งานนำเสนอ1.2
งานนำเสนอ1.2
 
волейбол для новичков
волейбол для новичковволейбол для новичков
волейбол для новичков
 
Gg
GgGg
Gg
 
Children Included
Children Included Children Included
Children Included
 
áLbum de fotografías yadiz z
áLbum de fotografías yadiz záLbum de fotografías yadiz z
áLbum de fotografías yadiz z
 
vega
vegavega
vega
 
اختبار هرمي لمادة النحو
اختبار هرمي لمادة النحواختبار هرمي لمادة النحو
اختبار هرمي لمادة النحو
 
Special Needs - Wakefield Diocese
Special Needs - Wakefield DioceseSpecial Needs - Wakefield Diocese
Special Needs - Wakefield Diocese
 
Prism March 2011
Prism March 2011Prism March 2011
Prism March 2011
 
FPO 10 Step DIY Critique
FPO 10 Step DIY CritiqueFPO 10 Step DIY Critique
FPO 10 Step DIY Critique
 
Lesson planning
Lesson planningLesson planning
Lesson planning
 
Women
WomenWomen
Women
 
S2dot0 slides2011©francescopintus
S2dot0 slides2011©francescopintusS2dot0 slides2011©francescopintus
S2dot0 slides2011©francescopintus
 
Τα στημένα παιχνίδια!!!
Τα στημένα παιχνίδια!!!Τα στημένα παιχνίδια!!!
Τα στημένα παιχνίδια!!!
 
Women 01
Women 01Women 01
Women 01
 
TIME MANAGEMENT
TIME MANAGEMENTTIME MANAGEMENT
TIME MANAGEMENT
 

Similar a Anil saldhana oasisid_cloud

Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
Microservices Patterns with GoldenGate
Microservices Patterns with GoldenGateMicroservices Patterns with GoldenGate
Microservices Patterns with GoldenGateJeffrey T. Pollock
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
Authorization for workloads in a dynamically scaling heterogeneous system
Authorization for workloads in a dynamically scaling heterogeneous systemAuthorization for workloads in a dynamically scaling heterogeneous system
Authorization for workloads in a dynamically scaling heterogeneous systemPushpalanka Jayawardhana
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Amazon Web Services
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)
Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)
Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)Denodo
 
Selecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-februarySelecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-februaryscm24
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 
Data Virtualization to Survive a Multi and Hybrid Cloud World
Data Virtualization to Survive a Multi and Hybrid Cloud WorldData Virtualization to Survive a Multi and Hybrid Cloud World
Data Virtualization to Survive a Multi and Hybrid Cloud WorldDenodo
 
Oasis IDCloud TC - Anil Saldhana
Oasis IDCloud TC - Anil SaldhanaOasis IDCloud TC - Anil Saldhana
Oasis IDCloud TC - Anil SaldhanaAnil Saldanha
 
Enabling Next Gen Analytics with Azure Data Lake and StreamSets
Enabling Next Gen Analytics with Azure Data Lake and StreamSetsEnabling Next Gen Analytics with Azure Data Lake and StreamSets
Enabling Next Gen Analytics with Azure Data Lake and StreamSetsStreamsets Inc.
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 

Similar a Anil saldhana oasisid_cloud (20)

Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patterns
 
Microservices Patterns with GoldenGate
Microservices Patterns with GoldenGateMicroservices Patterns with GoldenGate
Microservices Patterns with GoldenGate
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - Vasu
 
Authorization for workloads in a dynamically scaling heterogeneous system
Authorization for workloads in a dynamically scaling heterogeneous systemAuthorization for workloads in a dynamically scaling heterogeneous system
Authorization for workloads in a dynamically scaling heterogeneous system
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)
Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)
Cloud Migration headache? Ease the pain with Data Virtualization! (EMEA)
 
Selecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-februarySelecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-february
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
Data Virtualization to Survive a Multi and Hybrid Cloud World
Data Virtualization to Survive a Multi and Hybrid Cloud WorldData Virtualization to Survive a Multi and Hybrid Cloud World
Data Virtualization to Survive a Multi and Hybrid Cloud World
 
Implementing Governance as Code
Implementing Governance as CodeImplementing Governance as Code
Implementing Governance as Code
 
Oasis IDCloud TC - Anil Saldhana
Oasis IDCloud TC - Anil SaldhanaOasis IDCloud TC - Anil Saldhana
Oasis IDCloud TC - Anil Saldhana
 
Enabling Next Gen Analytics with Azure Data Lake and StreamSets
Enabling Next Gen Analytics with Azure Data Lake and StreamSetsEnabling Next Gen Analytics with Azure Data Lake and StreamSets
Enabling Next Gen Analytics with Azure Data Lake and StreamSets
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Hybrid Cloud Meetup 4
Hybrid Cloud Meetup 4Hybrid Cloud Meetup 4
Hybrid Cloud Meetup 4
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 

Más de Anil Saldanha

Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With PicketlinkAnil Saldanha
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil Saldanha
 
Anil saldhana cloud identity
Anil saldhana cloud identityAnil saldhana cloud identity
Anil saldhana cloud identityAnil Saldanha
 
Anil saldhana identitycloud
Anil saldhana identitycloudAnil saldhana identitycloud
Anil saldhana identitycloudAnil Saldanha
 
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5Anil Saldanha
 
Advances inbrowsersecurity
Advances inbrowsersecurityAdvances inbrowsersecurity
Advances inbrowsersecurityAnil Saldanha
 
Anil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseapAnil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseapAnil Saldanha
 

Más de Anil Saldanha (9)

Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With Picketlink
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpractices
 
Anil saldhana cloud identity
Anil saldhana cloud identityAnil saldhana cloud identity
Anil saldhana cloud identity
 
Anil saldhana identitycloud
Anil saldhana identitycloudAnil saldhana identitycloud
Anil saldhana identitycloud
 
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5
 
Advances inbrowsersecurity
Advances inbrowsersecurityAdvances inbrowsersecurity
Advances inbrowsersecurity
 
Anil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseapAnil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseap
 
Google App Engine
Google App EngineGoogle App Engine
Google App Engine
 

Anil saldhana oasisid_cloud

  • 1. Oasis Identity In The Cloud TC Towards standardizing Cloud Identity Anil Saldhana (Red Hat), TC Co-Chair
  • 2. Need for standards in the cloud § Standards and rapid innovation?
  • 3. Frustrations with Cloud Computing Mount Cloud computing lacks standards about data handling and security practices, and there's not even any agreement about whether a vendor has an obligation to tell users if their data is in the U.S. or not. The cloud computing industry has some of the characteristics of a Wild West boom town. But the local saloon's name is Frustration. http://www.computerworld.com/s/article/9175102/Frustrations_with_cloud_computing_mount (April 2010)
  • 4. Lawmakers worry about lack of cloud computing guidance In a letter to General Services Administration CIO Casey Coleman, Rep. Edolphus Towns, D-N.Y., and Rep. Diane Watson, D-Calif., expressed concern about the absence of clear policies, procedures and standards to support the federal government's initiative to move many agency networks to platforms operated by contractors, or in the cloud. http://www.nextgov.com/nextgov/ng_20100609_2152.php
  • 5. IDCloud TC § Lets begin with history...
  • 6. Oasis IDCloud TC History ● Roots in the Oasis IDTrust Member Section Steering Committee. ● Jump started a brainstorming group with top IDM experts. ● Small group to yield a focused charter. ● Charter distributed to extend proposer list ● Charter published for open comment ● Co-Chairs: Anil Saldhana (Red Hat), Tony Nadalin (Microsoft) ● About 18 Months of TC lifetime
  • 7. IDCloud TC Members § Are we really serious?
  • 8. Members Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems, SAP, EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing Corp, US DOD, Verisign, Akamai, Alfresco, Citrix, Cap Gemini, Google, Rackspace, Axciom, Huawei, Symplified, Thales, Conformity, Skyworth TTG, MIT, Jericho Systems, PrimeKey, Aveksa, Mellanox, Vanguard Integrity Professionals ...
  • 9. IDCloud Charter § Objectives
  • 10. Charter ● Three Stages ● Use Cases Formalization ● Gap Analysis of existing IDM standards – Feed analysis back to the WG responsible for a standard ● Profiles of Use Cases
  • 11. Charter ● Other Objectives ● Do not reinvent the wheel ● Strong liaison relationships with other working groups internationally ● Glossary of Cloud Identity
  • 12. IDCloud Use Cases § Are we working?
  • 13. Clouds need Accounts ● Privileged Account Management ● Use Case by SafeNet Inc (Doron Cohen) ● Strong authentication, authorization and auditing needs ● Account Management ● Use Case by Ping Identity (Patrick Harding) ● Consistent maintenance of user accounts ● Automated CRUD of user accounts
  • 14. Cloud Identities ● Virtualization Security ● Use Case by Red Hat Inc (Anil Saldhana) ● Identities managing VM, Infrastructure, Applications ● Middleware Containers in Public Clouds ● Use Case by Red Hat Inc (Anil Saldhana) ● Deployer Identities manage the middleware application lifecycle (running in 1 VM / cluster of VM) ● Application Identities
  • 15. Federated SSO ● Kerberos In The Cloud ● Use Case by MIT Kerberos Consortium (Thomas Hardjono) ● 60% of large enterprises and medium businesses driven by Kerberos ● Natural extension of enterprise services into the cloud ● Issues http://www.oasis-open.org/committees/document.php?document_id=38245 – Identity Definition/Attributes – Identity Metadata Exchange – Cross Realm Trust – Interoperability with other IDM standards
  • 16. Federated SSO ● Mixture of Infrastructure ● Use Case by Ping Identity (Patrick Harding) ● Enterprise Cloud (Mixture of IaaS, Paas and Saas) ● Cloud Users of enterprise clouds are in 3 categories – Workforce (Employee/Contractors) – Partners (vendors, suppliers, franchises, distributors) – Customers ● SSO for browser based apps and APIs
  • 17. Federated SSO/ Attribute Sharing ● Token Format and Transformation ● Use Case by Red Hat (Anil Saldhana) ● Mixture of enterprise and user centric identities – Security Token Format – Security Token Transformation
  • 18. Identity Auditing ● Tamper Proof Audit Trails ● What standards exist? ● Forensic aspects incorporated? ● CloudAudit.org
  • 19. Identity Provisioning ● Cloud Resources are not part of an identity ● Decommissioned identities should not decommision the resources. ● Silos part of one cloud or many ● Directory Synchronization ● Attribute Aggregation
  • 20. Other Topics ● Identity Configuration ● Metadata driven configuration ● Privacy and Governance Frameworks ● Transactions and Signatures ● Non-repudiation ● Government Clouds
  • 22. Road Map ● Use Cases are being gathered and discussed for patterns ● In few months, we will formalize use cases. ● Parallel, gap analysis and profiles.
  • 23. Resources ● Oasis TC Page http://www.oasis-open.org/committees/id-cloud/ ● Oasis TC Wiki http://wiki.oasis-open.org/id-cloud/FrontPage ● Wiki Page with links to member submissions http://wiki.oasis-open.org/id-cloud/MemberSubmissions ● Q&A