oasis standards development supporting identity ...... identity management 2010 enterprise...
TRANSCRIPT
OASIS Standards Development Supporting Identity Management, Privacy and Trust in Cloud Computing Services
John SaboDirector, Global Government Relations
Chair, OASIS IDtrust Member Section Steering Committee
Background
OASIS - Not-for-profit consortium
Founded in 1993 as SGML Open
Global representation
5,000+ participants including:
600+ organizations & individual members
In 100+ countries
IDtrust Member Section
Cloud Computing: Trust Challenges:
Cloud ComputingNetworked Health IT
Smart Grid
World Economic Forum 2010 Study on Global Cloud Computing..Deployment
Economic Benefits• Entrepreneurship; create new
businesses, jobs
• Platform for innovation;
accelerate innovation
• Increase IT efficiency and IT
flexibility
• Business/technology
leapfrogging opportunities in
developing countries
But…Major Barriers
• Privacy (63%)
• Data governance (e.g. data
ownership, cross-border data
transfer, etc. (56%)
• Security (50%)
Source: The World Economic Forum - Used
with Permission
Health IT - Health Information Exchange Functional and Roles Diagram
Business Intelligence
Source: 27 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0
Smart Grid - NIST Smart Grid Conceptual Model
Trust in the Cloud –OASIS Standards as Building Blocks
Key Management Interoperability Protocol (KMIP)
Chairs:
Robert Griffin, RSA
Subhash Sankuratripati, NetApp
www.oasis-open.org
Identity Management 2010
Enterprise Cryptographic Environments
Enterprise Key Management
Disk
Arrays
Backup
Disk
Backup
Tape
Backup
System
Collaboration &
Content Mgmt
Systems
File ServerPortals
Production
Database
Replica
Staging
Key Management Interoperability Protocol
Enterprise
Applications
eCommerce
Applications
Business
Analytics
Dev/Test
Obfuscation
WANLAN
VPN
CRM
KMIP: Single Protocol Supporting Enterprise Cryptographic Environments and Expandable to Cloud Environments
KMIP to Commercial
Meter
Utility
Infrastructure Entity Identification in Cloud Infrastructures
KMIP to low-end
Residential Meter
KMIP to Industrial
Meter
OASIS Digital Signature Services eXtended
Chairs:Juan Carlos Cruellas, Departamento de Arquitectura de Computadores, Univ Politecnica de CatalunaStefan Drees, Individual Member
www.oasis-open.org
DSS-X overview
Profile for requesting generation and/or verification of visible signatures
Profile for generation of a multi-signature verification report providing detailed information on the signature verification process
Profile for handling of signature and service policy
Profile for supporting centralized encryption and decryption services
ebXML Messaging Transport Binding for DSS
Guidance: cross-matrix for existing profiles joint usage
Current status of specifications
DSS-X would like to complete the production of current work during 2011
Contacts between OASIS and ETSI to jointly organize a formal remote interoperability event. DSS-X TC members are completing a the first version of
the test suite.
ETSI would provide a portal supporting the remote interoperability events
Initial plans: aiming for the first half of 2011
Extensible Resource Identifier(XRI)
Chairs: Peter Davis, NeuStarDrummond Reed, XDI.org
The Problem Space
The XRI TC addresses the need for:
URI-compatible structured identifiers on the Web
Standard formats for metadata discovery
XRI structured identifiers provide the ability to share
semantics across domains, applications, schemas, and
ontologies
XRD (Extensible Resource Descriptor) documents address
the problem of simple, standard resource discovery across
the Web
Status
XRI 3.0 is currently a stable Working Draft
XRD 1.0 became an OASIS Standard on November 1
Milestones
Advance XRI 3.0
To Committee Draft in Q1 2011
To Committee Specification in Q 2011
Publish JRD 1.0 (JSON version of XRD 1.0) in 2011
XRI Data Interchange (XDI)
Chairs: Bill Barnhill, Booz Allen HamiltonDrummond Reed, XDI.org
The Problem Space
XDI addresses the need for a generalized semantic data interchange protocol
Such a protocol requires:
A standard discovery mechanism for endpoints
A standard addressable Resource Description Framework (RDF) graph format for data
A standard format for bi-directional linking of this data
A standard format for authorization and fine-grained data sharing controls
A standard set of mechanisms for maintaining trust
Status
We have working experimental XDI serialization formats and messaging implementations (XDI4J)
First drafts of XDI Addressing and Graph Model and XDI Serialization expected by mid-January 2011
Working Drafts of core
specs by Q2 2011
Start holding interop tests by
mid-year
Finalized base 1.0 specs by
end of 2011
Milestones
Near Term XDI Context Discovery
XDI Queries
XDI Dictionaries
And more – For full list see
http://wiki.oasis-open.org/xdi/XdiOneSpecs
Longer Term
Identity in the Cloud Technical Committee (IDCloud TC)
Chairs:Anil Saldhana, Red HatAnthony Nadalin, Microsoft
Cloud Identity Standardization
Oasis IDCloud TC Charter
Three Stages
1: Use Cases Formalization
2: Gap Analysis - current IDM standards
3: Profiles of use cases
Oasis IDCloud TC Charter Secondary Objectives
Don't reinvent the wheel (or new standards)
Strong Liaison relationship with other standards groups
Feed gaps back to working groups
21Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Cloud Identity Standardization
Oasis IDCloud Use Case Categories
Infrastructure Trust Establishment
Infrastructure Identity Management
Federated Identity Management
Authentication (SSO etc)
Authorization
Account/Attribute Management
Security Tokens
Audit and Compliance
22
Open Reputation Management SystemsTechnical Committee(ORMS TC)
Chairs:
Mahalingam Mani, Avaya
Nat Sakimura, Nomura Research Institute (NRI)
ORMS Overview
Users are placing new emphasis for developing reputation
mechanisms for electronics based communities.
The use of reputation systems has been proposed for
various applications such as validating the trustworthiness
of web sites, blogs, events, products, companies, etc.
Reputation reflects the opinions about an entity, from
others and is one of the factors upon which trust can be
based through the use of verifiable claims. Reputation
changes with time and is used within a context. Trust and
reputation are related to a context.
Focus on details about how it is obtained, calculated, in
what context - Interoperability and expression (e.g., score
normalization, distribution notation etc.) and protocol
Privacy Management Reference Model Technical Committee (PMRM TC)
Chairs:John Sabo, CA TechnologiesDr. Michael Willett, ISTPA
OASIS PMRM TC formally announced June 27 – first meeting September 8 – Face to Face Informal Meeting September 29
ISTPA contributed its PMRM v2.0 to the TC
Deliverables include
the Reference Model
one or more use cases utilizing the PMRM
one or more formal methodologies for expressing use cases
profiles of the PMRM applied to selected specific environments (such as Cloud Computing, Health IT, e-Gov, and/or the Smart Grid)
PMRM Technical Committee
Reference Model Components
Set of 10 privacy services
requirements derived from privacy
principles/practices/policies
Service definitions
Set of unique functions for each service
Syntax for invoking services
Generic use case
Linkages to security services
Where the Reference Model Fits
2
8
In Summary….OASIS standards development contributing
to security, privacy and trust in cloud
computing environments