Your SlideShare is downloading. ×
Anil saldhana oasisid_cloud
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Anil saldhana oasisid_cloud

1,482
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,482
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Oasis Identity In The Cloud TC Towards standardizing Cloud Identity Anil Saldhana (Red Hat), TC Co-Chair
  • 2. Need for standards in the cloud § Standards and rapid innovation?
  • 3. Frustrations with Cloud Computing Mount Cloud computing lacks standards about data handling and security practices, and there's not even any agreement about whether a vendor has an obligation to tell users if their data is in the U.S. or not. The cloud computing industry has some of the characteristics of a Wild West boom town. But the local saloon's name is Frustration. http://www.computerworld.com/s/article/9175102/Frustrations_with_cloud_computing_mount (April 2010)
  • 4. Lawmakers worry about lack of cloud computing guidance In a letter to General Services Administration CIO Casey Coleman, Rep. Edolphus Towns, D-N.Y., and Rep. Diane Watson, D-Calif., expressed concern about the absence of clear policies, procedures and standards to support the federal government's initiative to move many agency networks to platforms operated by contractors, or in the cloud. http://www.nextgov.com/nextgov/ng_20100609_2152.php
  • 5. IDCloud TC § Lets begin with history...
  • 6. Oasis IDCloud TC History ● Roots in the Oasis IDTrust Member Section Steering Committee. ● Jump started a brainstorming group with top IDM experts. ● Small group to yield a focused charter. ● Charter distributed to extend proposer list ● Charter published for open comment ● Co-Chairs: Anil Saldhana (Red Hat), Tony Nadalin (Microsoft) ● About 18 Months of TC lifetime
  • 7. IDCloud TC Members § Are we really serious?
  • 8. Members Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems, SAP, EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing Corp, US DOD, Verisign, Akamai, Alfresco, Citrix, Cap Gemini, Google, Rackspace, Axciom, Huawei, Symplified, Thales, Conformity, Skyworth TTG, MIT, Jericho Systems, PrimeKey, Aveksa, Mellanox, Vanguard Integrity Professionals ...
  • 9. IDCloud Charter § Objectives
  • 10. Charter ● Three Stages ● Use Cases Formalization ● Gap Analysis of existing IDM standards – Feed analysis back to the WG responsible for a standard ● Profiles of Use Cases
  • 11. Charter ● Other Objectives ● Do not reinvent the wheel ● Strong liaison relationships with other working groups internationally ● Glossary of Cloud Identity
  • 12. IDCloud Use Cases § Are we working?
  • 13. Clouds need Accounts ● Privileged Account Management ● Use Case by SafeNet Inc (Doron Cohen) ● Strong authentication, authorization and auditing needs ● Account Management ● Use Case by Ping Identity (Patrick Harding) ● Consistent maintenance of user accounts ● Automated CRUD of user accounts
  • 14. Cloud Identities ● Virtualization Security ● Use Case by Red Hat Inc (Anil Saldhana) ● Identities managing VM, Infrastructure, Applications ● Middleware Containers in Public Clouds ● Use Case by Red Hat Inc (Anil Saldhana) ● Deployer Identities manage the middleware application lifecycle (running in 1 VM / cluster of VM) ● Application Identities
  • 15. Federated SSO ● Kerberos In The Cloud ● Use Case by MIT Kerberos Consortium (Thomas Hardjono) ● 60% of large enterprises and medium businesses driven by Kerberos ● Natural extension of enterprise services into the cloud ● Issues http://www.oasis-open.org/committees/document.php?document_id=38245 – Identity Definition/Attributes – Identity Metadata Exchange – Cross Realm Trust – Interoperability with other IDM standards
  • 16. Federated SSO ● Mixture of Infrastructure ● Use Case by Ping Identity (Patrick Harding) ● Enterprise Cloud (Mixture of IaaS, Paas and Saas) ● Cloud Users of enterprise clouds are in 3 categories – Workforce (Employee/Contractors) – Partners (vendors, suppliers, franchises, distributors) – Customers ● SSO for browser based apps and APIs
  • 17. Federated SSO/ Attribute Sharing ● Token Format and Transformation ● Use Case by Red Hat (Anil Saldhana) ● Mixture of enterprise and user centric identities – Security Token Format – Security Token Transformation
  • 18. Identity Auditing ● Tamper Proof Audit Trails ● What standards exist? ● Forensic aspects incorporated? ● CloudAudit.org
  • 19. Identity Provisioning ● Cloud Resources are not part of an identity ● Decommissioned identities should not decommision the resources. ● Silos part of one cloud or many ● Directory Synchronization ● Attribute Aggregation
  • 20. Other Topics ● Identity Configuration ● Metadata driven configuration ● Privacy and Governance Frameworks ● Transactions and Signatures ● Non-repudiation ● Government Clouds
  • 21. IDCloud Road Map
  • 22. Road Map ● Use Cases are being gathered and discussed for patterns ● In few months, we will formalize use cases. ● Parallel, gap analysis and profiles.
  • 23. Resources ● Oasis TC Page http://www.oasis-open.org/committees/id-cloud/ ● Oasis TC Wiki http://wiki.oasis-open.org/id-cloud/FrontPage ● Wiki Page with links to member submissions http://wiki.oasis-open.org/id-cloud/MemberSubmissions ● Q&A
  • 24. THANK YOU !!! anil.saldhana@redhat.com