ID-cloud GAP analysis work overview

Prepared for F2F May 16-17, 2012Redmond, WA

Gershon Janssen, secretary ID-Cloud TC

About the GAP analysis

• Identify gaps in current standards by:– Detailed analysis of each use case– See if all the needs are addressed with the current available

standards• So can the desired goal or outcome be achieved, based on the

process flow considering its actors, systems and services involved?

• What is required to do this:– Go through each of the use cases and analyze how it can be

implemented and what is required or find out where the standards fall short or what we perceive as missing.

– To kick-start this: ask initial submitters / owners of the use cases about their first take at the gap analysis to

– Need for expertise on the details

Considered Approaches

• Considered approached for the GAP analysis:

– Full analysis per use case• Select a use case and perform all that is necessary to

identify the possible gaps

– Step by step / phased drill-down into more detail• First identify commonalities and reusable elements• Drill-down in phases looking at all use cases per phase• Pros of this approach: results after each phase; expected

reuse of common elements; obvious / big gaps surface quickly; required in-depth knowledge level increases with each phase (we can start lightweight); show progress.

Agreed on GAP analysis process

• Approach: Step by step / phased drill-down

– First pass:• Identify relevant standards• Goal / result: summary / list of relevant standards per use case• Need to do: (1) brainstorm / discuss and (2) summarize and list

– Second pass:• Coarse GAP analysis• Goal / result: identify big /obvious gaps• Need to do: (1) brainstorm / discuss and (2) summarize and ‘come

to conclusions’

– Third pass:• <not defined yet>

Mechanics of the GAP analysis process

• Brainstorm and discuss during meeting [all members]– Regular TC meetings

• Limited time for in-depth discussions• Not frequent enough

– Informal GAP analysis meetings• Weekly meetings• Go through the work all as a group (informal obligation)• Use email list for off-line discussion / input gathering

• Document all output in GAP analysis document and update frequently [editors]

Current status

• GAP analysis Phase 1 is finalized (20/feb/12)• GAP analysis Phase 2 is in progress since

(27/feb/12)– Brainstormed / discussed: 8 out of 29– Summarized and ‘came to conclusions’ on ? out of 29

– ‘Brainstorm / discuss’ versus ‘summarize/conclude’ is about 2/3 – 1/3 (effort)

– We are at currently at 18% of Phase 2

Right pace and direction?

• Purpose of the TC (from charter):– Collect and harmonize definitions, terminologies, and

vocabulary of Cloud Computing– Develop profiles of open standards for identity

deployment, provisioning, management and achieving interoperability

– Identify gaps in existing Identity Management standards

– Suggest mitigations for identified risks and the threats and vulnerabilities

• Are we working at the right pace?

Appendix A: Meetings since Dec/12

Date Comment• 12/dec/2012 regular TC meeting• 26/dec/2012 cancelled• 09/jan/2012 cancelled• 23/jan/2012 regular TC meeting -> agreed to startwith weekly GAP meetings• 06/feb/2012 regular TC meeting• 09/feb/2012 informal gap analysis meeting – first pass• 13/feb/2012 informal gap analysis meeting – first pass• 20/feb/2012 regular TC meeting• 27/feb/2012 informal gap analysis meeting – second pass• 05/mar/2012 regular TC meeting• 19/mar/2012 ???• 02/apr/2012 regular TC meeting -> agreed to continue again with informal gap

meetings• 06/apr/2012 informal gap analysis meeting – second pass• 16/apr/2012 cancelled• 30/apr/2012 regular TC meeting