3. Frustrations with Cloud Computing Mount
Cloud computing lacks standards about data handling
and security practices, and there's not even any
agreement about whether a vendor has an obligation
to tell users if their data is in the U.S. or not.
The cloud computing industry has some of the
characteristics of a Wild West boom town. But the
local saloon's name is Frustration.
http://www.computerworld.com/s/article/9175102/Frustrations_with_cloud_computing_mount
(April 2010)
4. Lawmakers worry about lack of cloud
computing guidance
In a letter to General Services Administration CIO
Casey Coleman, Rep. Edolphus Towns, D-N.Y., and
Rep. Diane Watson, D-Calif., expressed concern
about the absence of clear policies, procedures and
standards to support the federal government's initiative
to move many agency networks to platforms operated
by contractors, or in the cloud.
http://www.nextgov.com/nextgov/ng_20100609_2152.php
6. Oasis IDCloud TC History
●
Roots in the Oasis IDTrust Member Section
Steering Committee.
●
Jump started a brainstorming group with top IDM
experts.
●
Small group to yield a focused charter.
●
Charter distributed to extend proposer list
●
Charter published for open comment
●
Co-Chairs: Anil Saldhana (Red Hat), Tony Nadalin
(Microsoft)
●
About 18 Months of TC lifetime
10. Charter
●
Three Stages
●
Use Cases Formalization
●
Gap Analysis of existing IDM standards
– Feed analysis back to the WG responsible for a standard
●
Profiles of Use Cases
11. Charter
●
Other Objectives
●
Do not reinvent the wheel
●
Strong liaison relationships with other working
groups internationally
●
Glossary of Cloud Identity
13. Clouds need Accounts
●
Privileged Account Management
●
Use Case by SafeNet Inc (Doron Cohen)
●
Strong authentication, authorization and auditing
needs
●
Account Management
●
Use Case by Ping Identity (Patrick Harding)
●
Consistent maintenance of user accounts
●
Automated CRUD of user accounts
14. Cloud Identities
●
Virtualization Security
●
Use Case by Red Hat Inc (Anil Saldhana)
●
Identities managing VM, Infrastructure, Applications
●
Middleware Containers in Public Clouds
●
Use Case by Red Hat Inc (Anil Saldhana)
●
Deployer Identities manage the middleware
application lifecycle (running in 1 VM / cluster of VM)
●
Application Identities
15. Federated SSO
●
Kerberos In The Cloud
●
Use Case by MIT Kerberos Consortium (Thomas
Hardjono)
●
60% of large enterprises and medium businesses
driven by Kerberos
●
Natural extension of enterprise services into the
cloud
●
Issues
http://www.oasis-open.org/committees/document.php?document_id=38245
– Identity Definition/Attributes
– Identity Metadata Exchange
– Cross Realm Trust
– Interoperability with other IDM standards
16. Federated SSO
●
Mixture of Infrastructure
●
Use Case by Ping Identity (Patrick Harding)
●
Enterprise Cloud (Mixture of IaaS, Paas and Saas)
●
Cloud Users of enterprise clouds are in 3 categories
– Workforce (Employee/Contractors)
– Partners (vendors, suppliers, franchises, distributors)
– Customers
●
SSO for browser based apps and APIs
17. Federated SSO/ Attribute Sharing
●
Token Format and Transformation
●
Use Case by Red Hat (Anil Saldhana)
●
Mixture of enterprise and user centric identities
– Security Token Format
– Security Token Transformation
19. Identity Provisioning
●
Cloud Resources are not part of an
identity
●
Decommissioned identities should not decommision
the resources.
●
Silos part of one cloud or many
●
Directory Synchronization
●
Attribute Aggregation
20. Other Topics
●
Identity Configuration
●
Metadata driven configuration
●
Privacy and Governance Frameworks
●
Transactions and Signatures
●
Non-repudiation
●
Government Clouds
22. Road Map
●
Use Cases are being gathered and
discussed for patterns
●
In few months, we will formalize use
cases.
●
Parallel, gap analysis and profiles.
23. Resources
●
Oasis TC Page
http://www.oasis-open.org/committees/id-cloud/
●
Oasis TC Wiki
http://wiki.oasis-open.org/id-cloud/FrontPage
●
Wiki Page with links to member
submissions
http://wiki.oasis-open.org/id-cloud/MemberSubmissions
●
Q&A