anil saldhana oasisid_cloud
DESCRIPTION
TRANSCRIPT
Oasis Identity In The Cloud TCTowards standardizing Cloud Identity
Anil Saldhana (Red Hat), TC Co-Chair
Frustrations with Cloud Computing Mount
Cloud computing lacks standards about data handling and security practices, and there's not even any agreement about whether a vendor has an obligation to tell users if their data is in the U.S. or not.
The cloud computing industry has some of the characteristics of a Wild West boom town. But the local saloon's name is Frustration.
http://www.computerworld.com/s/article/9175102/Frustrations_with_cloud_computing_mount (April 2010)
Lawmakers worry about lack of cloud computing guidance
In a letter to General Services Administration CIO Casey Coleman, Rep. Edolphus Towns, D-N.Y., and Rep. Diane Watson, D-Calif., expressed concern about the absence of clear policies, procedures and standards to support the federal government's initiative to move many agency networks to platforms operated by contractors, or in the cloud.
http://www.nextgov.com/nextgov/ng_20100609_2152.php
Oasis IDCloud TC History
● Roots in the Oasis IDTrust Member Section Steering Committee.
● Jump started a brainstorming group with top IDM experts.
● Small group to yield a focused charter.
● Charter distributed to extend proposer list
● Charter published for open comment
● Co-Chairs: Anil Saldhana (Red Hat), Tony Nadalin (Microsoft)
● About 18 Months of TC lifetime
Members
Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems, SAP, EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing Corp, US DOD, Verisign, Akamai, Alfresco, Citrix, Cap Gemini, Google, Rackspace, Axciom, Huawei, Symplified, Thales, Conformity, Skyworth TTG, MIT, Jericho Systems, PrimeKey, Aveksa, Mellanox, Vanguard Integrity Professionals ...
Charter
● Three Stages● Use Cases Formalization
● Gap Analysis of existing IDM standards– Feed analysis back to the WG responsible for a standard
● Profiles of Use Cases
Charter
● Other Objectives● Do not reinvent the wheel
● Strong liaison relationships with other working groups internationally
● Glossary of Cloud Identity
Clouds need Accounts
● Privileged Account Management● Use Case by SafeNet Inc (Doron Cohen)
● Strong authentication, authorization and auditing needs
● Account Management● Use Case by Ping Identity (Patrick Harding)
● Consistent maintenance of user accounts
● Automated CRUD of user accounts
Cloud Identities
● Virtualization Security● Use Case by Red Hat Inc (Anil Saldhana)
● Identities managing VM, Infrastructure, Applications
● Middleware Containers in Public Clouds● Use Case by Red Hat Inc (Anil Saldhana)
● Deployer Identities manage the middleware application lifecycle (running in 1 VM / cluster of VM)
● Application Identities
Federated SSO● Kerberos In The Cloud
● Use Case by MIT Kerberos Consortium (Thomas Hardjono)
● 60% of large enterprises and medium businesses driven by Kerberos
● Natural extension of enterprise services into the cloud
● Issueshttp://www.oasis-open.org/committees/document.php?document_id=38245
– Identity Definition/Attributes
– Identity Metadata Exchange
– Cross Realm Trust
– Interoperability with other IDM standards
Federated SSO
● Mixture of Infrastructure● Use Case by Ping Identity (Patrick Harding)
● Enterprise Cloud (Mixture of IaaS, Paas and Saas)
● Cloud Users of enterprise clouds are in 3 categories– Workforce (Employee/Contractors)
– Partners (vendors, suppliers, franchises, distributors)
– Customers
● SSO for browser based apps and APIs
Federated SSO/ Attribute Sharing
● Token Format and Transformation● Use Case by Red Hat (Anil Saldhana)
● Mixture of enterprise and user centric identities– Security Token Format
– Security Token Transformation
Identity Auditing
● Tamper Proof Audit Trails● What standards exist?● Forensic aspects incorporated?● CloudAudit.org
Identity Provisioning
● Cloud Resources are not part of an identity● Decommissioned identities should not decommision
the resources.
● Silos part of one cloud or many● Directory Synchronization
● Attribute Aggregation
Other Topics
● Identity Configuration● Metadata driven configuration
● Privacy and Governance Frameworks● Transactions and Signatures
● Non-repudiation
● Government Clouds
Road Map
● Use Cases are being gathered and discussed for patterns
● In few months, we will formalize use cases.
● Parallel, gap analysis and profiles.
Resources
● Oasis TC Page http://www.oasis-open.org/committees/id-cloud/
● Oasis TC Wiki http://wiki.oasis-open.org/id-cloud/FrontPage
● Wiki Page with links to member submissions http://wiki.oasis-open.org/id-cloud/MemberSubmissions
● Q & A