id-cloud gap analysis work overview prepared for f2f may 16-17, 2012 redmond, wa gershon janssen,...
TRANSCRIPT
ID-cloud GAP analysis work overview
Prepared for F2F May 16-17, 2012Redmond, WA
Gershon Janssen, secretary ID-Cloud TC
About the GAP analysis
• Identify gaps in current standards by:– Detailed analysis of each use case– See if all the needs are addressed with the current available
standards• So can the desired goal or outcome be achieved, based on the
process flow considering its actors, systems and services involved?
• What is required to do this:– Go through each of the use cases and analyze how it can be
implemented and what is required or find out where the standards fall short or what we perceive as missing.
– To kick-start this: ask initial submitters / owners of the use cases about their first take at the gap analysis to
– Need for expertise on the details
Considered Approaches
• Considered approached for the GAP analysis:
– Full analysis per use case• Select a use case and perform all that is necessary to
identify the possible gaps
– Step by step / phased drill-down into more detail• First identify commonalities and reusable elements• Drill-down in phases looking at all use cases per phase• Pros of this approach: results after each phase; expected
reuse of common elements; obvious / big gaps surface quickly; required in-depth knowledge level increases with each phase (we can start lightweight); show progress.
Agreed on GAP analysis process
• Approach: Step by step / phased drill-down
– First pass:• Identify relevant standards• Goal / result: summary / list of relevant standards per use case• Need to do: (1) brainstorm / discuss and (2) summarize and list
– Second pass:• Coarse GAP analysis• Goal / result: identify big /obvious gaps• Need to do: (1) brainstorm / discuss and (2) summarize and ‘come
to conclusions’
– Third pass:• <not defined yet>
Mechanics of the GAP analysis process
• Brainstorm and discuss during meeting [all members]– Regular TC meetings
• Limited time for in-depth discussions• Not frequent enough
– Informal GAP analysis meetings• Weekly meetings• Go through the work all as a group (informal obligation)• Use email list for off-line discussion / input gathering
• Document all output in GAP analysis document and update frequently [editors]
Current status
• GAP analysis Phase 1 is finalized (20/feb/12)• GAP analysis Phase 2 is in progress since
(27/feb/12)– Brainstormed / discussed: 8 out of 29– Summarized and ‘came to conclusions’ on ? out of 29
– ‘Brainstorm / discuss’ versus ‘summarize/conclude’ is about 2/3 – 1/3 (effort)
– We are at currently at 18% of Phase 2
Right pace and direction?
• Purpose of the TC (from charter):– Collect and harmonize definitions, terminologies, and
vocabulary of Cloud Computing– Develop profiles of open standards for identity
deployment, provisioning, management and achieving interoperability
– Identify gaps in existing Identity Management standards
– Suggest mitigations for identified risks and the threats and vulnerabilities
• Are we working at the right pace?
Appendix A: Meetings since Dec/12
Date Comment• 12/dec/2012 regular TC meeting• 26/dec/2012 cancelled• 09/jan/2012 cancelled• 23/jan/2012 regular TC meeting -> agreed to startwith weekly GAP meetings• 06/feb/2012 regular TC meeting• 09/feb/2012 informal gap analysis meeting – first pass• 13/feb/2012 informal gap analysis meeting – first pass• 20/feb/2012 regular TC meeting• 27/feb/2012 informal gap analysis meeting – second pass• 05/mar/2012 regular TC meeting• 19/mar/2012 ???• 02/apr/2012 regular TC meeting -> agreed to continue again with informal gap
meetings• 06/apr/2012 informal gap analysis meeting – second pass• 16/apr/2012 cancelled• 30/apr/2012 regular TC meeting