My presentation at Up 2011, the 2nd Global Cloud Computing Conference

1. Up 2011 Global Cloud Computing Conference, December, 2011 Up in the Air: The Future of Cloud Identity Management Ken Huang, Director of Cloud Security, CGI

5. Top 8 Reasons Why Cloud Provider needs IDAM 1) To make sure who is using your service. 2) To be compliant with government regulations. 3) To provide Separation of Duty and Least Privileged access to the data hosted on behalf of cloud consumer. 4) To build a trust relationship with cloud consumer. If you don't care about IAM, you will certainly lose the trust of the customers. 5) For user based subscription model (such as salesforce.com ), cloud provider need to have IAM to provision, audit, de-provision users and to provider correct billing statement according to usage. 6) To support potential e-Discovery as required by law enforcement agency. 7) To be able to support wide range of users. 8) To support other functions within Cloud Provider such as BI, Sales, and Executive decisions.

6. Top 8 Reasons why Cloud Consumer needs IDAM 1) Network security is not enough, Identity Based Security is essential for the Cloud Consumer. 2) Audit tracking and compliance is still Cloud Consumer's responsibility. 3) SSO with the applications on the cloud. 4) The Identity Federation will be in strong need . 5: For small and middle size companies may need to leverage IDAAS to save the cost. 6: Measure effectiveness of the cloud service (you need the identities). 7: Verify the billing provided by Cloud Provider. 8: Modification of existing in house User Provisioning for the Cloud.

7. IDAM is a Foundational Component for Cloud 1: NIST Reference Architecture has Security and Privacy as Cross Cutting Service. IDAM is the main enabler of Security and Privacy 2: IDAM is essential regardless of Service model (IAAS, PAAS, SAAS, DAAS, XAAS) and deployment model (Public, Private, Community, Hybrid)

14. Jericho Cloud Cube Perimeterised Deperimeterised Proprietary Open Internal External

19. Domain 12 of CSA Guide

30. SCIM Restful Web Service API endpoints Resource Endpoint Operations Description User /User GET , POST , PUT , PATCH , DELETE Retrieve/Modify Users User Query/Listing /Users GET Retrieve User(s) via ad hoc queries Group /Group GET , POST , PUT , PATCH , DELETE Retrieve/Modify Groups User Query/Listing /Groups GET Retrieve Group(s) via ad hoc queries User Password /User/{userId}/password PATCH Change a User's password Service Provider Configuration /ServiceProviderConfig GET Retrieve the Service Provider's Configuration Resource Schema /Schema GET Retrieve a Resource's Schema Resource Schema Query/Listing /Schemas GET Retrieve Resource Schema(s) via ad hoc queries Bulk /Bulk POST Bulk modify Resources

34. Comparison Standard Or Initiative Deliverable Industrial support OASIS IDCloud Use case, profiles and gap analysis 21 sponsors including DoD, Microsoft, CA, IBM, CISCO, Symantec, SAP Jericho White paper 58 members including DoD, HP, IBM, Microsoft, Oracle, Raytheon, Mitre CSA TCI Guide Over 100 members. Novell is the initial sponsor for TCI SCIM Use case, Restful API guide, SAML profile, Core schema Ping Identity, The UnboundID SCIM SDK, Sailpoint, etc NSTIC Strategy document Paypal, IBM, Microsoft, CA etc