Anil saldhana oasisid_cloud


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Anil saldhana oasisid_cloud

  1. 1. Oasis Identity In The Cloud TC Towards standardizing Cloud Identity Anil Saldhana (Red Hat), TC Co-Chair
  2. 2. Need for standards in the cloud § Standards and rapid innovation?
  3. 3. Frustrations with Cloud Computing Mount Cloud computing lacks standards about data handling and security practices, and there's not even any agreement about whether a vendor has an obligation to tell users if their data is in the U.S. or not. The cloud computing industry has some of the characteristics of a Wild West boom town. But the local saloon's name is Frustration. (April 2010)
  4. 4. Lawmakers worry about lack of cloud computing guidance In a letter to General Services Administration CIO Casey Coleman, Rep. Edolphus Towns, D-N.Y., and Rep. Diane Watson, D-Calif., expressed concern about the absence of clear policies, procedures and standards to support the federal government's initiative to move many agency networks to platforms operated by contractors, or in the cloud.
  5. 5. IDCloud TC § Lets begin with history...
  6. 6. Oasis IDCloud TC History ● Roots in the Oasis IDTrust Member Section Steering Committee. ● Jump started a brainstorming group with top IDM experts. ● Small group to yield a focused charter. ● Charter distributed to extend proposer list ● Charter published for open comment ● Co-Chairs: Anil Saldhana (Red Hat), Tony Nadalin (Microsoft) ● About 18 Months of TC lifetime
  7. 7. IDCloud TC Members § Are we really serious?
  8. 8. Members Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems, SAP, EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing Corp, US DOD, Verisign, Akamai, Alfresco, Citrix, Cap Gemini, Google, Rackspace, Axciom, Huawei, Symplified, Thales, Conformity, Skyworth TTG, MIT, Jericho Systems, PrimeKey, Aveksa, Mellanox, Vanguard Integrity Professionals ...
  9. 9. IDCloud Charter § Objectives
  10. 10. Charter ● Three Stages ● Use Cases Formalization ● Gap Analysis of existing IDM standards – Feed analysis back to the WG responsible for a standard ● Profiles of Use Cases
  11. 11. Charter ● Other Objectives ● Do not reinvent the wheel ● Strong liaison relationships with other working groups internationally ● Glossary of Cloud Identity
  12. 12. IDCloud Use Cases § Are we working?
  13. 13. Clouds need Accounts ● Privileged Account Management ● Use Case by SafeNet Inc (Doron Cohen) ● Strong authentication, authorization and auditing needs ● Account Management ● Use Case by Ping Identity (Patrick Harding) ● Consistent maintenance of user accounts ● Automated CRUD of user accounts
  14. 14. Cloud Identities ● Virtualization Security ● Use Case by Red Hat Inc (Anil Saldhana) ● Identities managing VM, Infrastructure, Applications ● Middleware Containers in Public Clouds ● Use Case by Red Hat Inc (Anil Saldhana) ● Deployer Identities manage the middleware application lifecycle (running in 1 VM / cluster of VM) ● Application Identities
  15. 15. Federated SSO ● Kerberos In The Cloud ● Use Case by MIT Kerberos Consortium (Thomas Hardjono) ● 60% of large enterprises and medium businesses driven by Kerberos ● Natural extension of enterprise services into the cloud ● Issues – Identity Definition/Attributes – Identity Metadata Exchange – Cross Realm Trust – Interoperability with other IDM standards
  16. 16. Federated SSO ● Mixture of Infrastructure ● Use Case by Ping Identity (Patrick Harding) ● Enterprise Cloud (Mixture of IaaS, Paas and Saas) ● Cloud Users of enterprise clouds are in 3 categories – Workforce (Employee/Contractors) – Partners (vendors, suppliers, franchises, distributors) – Customers ● SSO for browser based apps and APIs
  17. 17. Federated SSO/ Attribute Sharing ● Token Format and Transformation ● Use Case by Red Hat (Anil Saldhana) ● Mixture of enterprise and user centric identities – Security Token Format – Security Token Transformation
  18. 18. Identity Auditing ● Tamper Proof Audit Trails ● What standards exist? ● Forensic aspects incorporated? ●
  19. 19. Identity Provisioning ● Cloud Resources are not part of an identity ● Decommissioned identities should not decommision the resources. ● Silos part of one cloud or many ● Directory Synchronization ● Attribute Aggregation
  20. 20. Other Topics ● Identity Configuration ● Metadata driven configuration ● Privacy and Governance Frameworks ● Transactions and Signatures ● Non-repudiation ● Government Clouds
  21. 21. IDCloud Road Map
  22. 22. Road Map ● Use Cases are being gathered and discussed for patterns ● In few months, we will formalize use cases. ● Parallel, gap analysis and profiles.
  23. 23. Resources ● Oasis TC Page ● Oasis TC Wiki ● Wiki Page with links to member submissions ● Q&A
  24. 24. THANK YOU !!!