Identity in the Cloud (ID-Cloud)

Towards standardizing Cloud Identity

www.oasis-open.org

Cloud Identity Management

TC works to address Identity Management challenges related to Cloud Computing

Cloud Identity Management is considered a top security concern

Identity Management is not completely solved at Enterprise level

Standards are evolving

Cloud is a new paradigm, so the same problems in new packaging

What is it we do?

3 Main objectives:

Identifying detailed Use Cases Identity deployment, provisioning and management in a cloud context

Define Interoperability Profiles for Identity in the Cloud Profiles will be based on use and combinations of existing standards,

protocols and formats

Gap Analysis of existing Identity Management standards and protocols when applied in the context of Cloud

Based on Use Cases and Interoperability Profiles Feed analysis back to the WG responsible for a standard

What is it we do?

Other objectives:

Glossary on Cloud Identity Harmonized set of definitions, terminologies and vocabulary on Identity

in the context of Cloud

Do not re-invent the wheel Build on existing standards and specifications

Strong liaison relationships with other international working groups ITU-T, Cloud Security Alliance

How serious are we about this?

Our Technical Committee chairs are: Anil Saldhana (Red Hat) Tony Nadalin (Microsoft)

Amongst the member of the Technical Committee are: Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems, SAP,

EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing Corp, US DOD, Verisign, Akamai, Alfresco, Citrix, Cap Gemini, Google, Rackspace, Axciom, Huawei, Symplified, Thales, Conformity, Skyworth TTG, MIT, Jericho Systems, PrimeKey, Aveksa, Mellanox, Vanguard Integrity Professionals, NZ Govt ...

Current Status

Three stages:

Use Case formalization (ETA: May/June ’11)

Defining the Interoperability Profiles for Identity in the Cloud (ETA: December ’11)

Gap Analysis of existing Identity Management Standards

Details on Use Cases

Received 35 Use Cases of Identity Management in the Cloud

Structure of Use Cases: Description / user story Goal / Desired outcome Categories covered Applicable Deployment Models Actors Systems Notable Services Dependencies Assumptions Process Flow

Details on Use Cases

Categorizations: Authentication

Single Sign On (SSO) Multi factor Authentication

Infrastructure Identity Establishment General Identity Management

Infrastructure IdM Federated IdM

Authorization Account & Attribute Management

Account & Attribute Provisioning Security Tokens Audit & Compliance

Details on Use Cases

Applicable Deployment and Service Models:

Deployment Models: Private Public Community Hybrid

Service Models: SaaS PaaS IaaS Other

Details on Use Cases

High Ranked Use Cases:

Managing Identities at all levels in the Cloud

Need for Federated Single Sign On across multiple environments

Enterprise to Cloud SSO

Auditing

Multi-factor Authentication for Privileged User Access

Resources

OASIS Technical Committee Homepage

http://www.oasis-open.org/committees/id-cloud/

OASIS Technical Committee Wiki

http://wiki.oasis-open.org/id-cloud/FrontPage

Wiki Page with links to member submissions

http://wiki.oasis-open.org/id-cloud/MemberSubmissions

Gershon.Janssen@gmail.com

www.gershonjanssen.com