oasis cloud authorization tc (cloudauthz) rakesh radhakrishnan, tc member
DESCRIPTION
3 Scope of work 1.The TC will define use cases for authorization and entitlements in a Cloud Computing context. These may be existing use cases or new use cases as the TC determines. The TC will reuse use cases identified by the OASIS Identity In The Cloud (ID) TC in the context of Cloud Authorization. 2.When necessary, the TC will work on defining missing specifications for Cloud Authorization and Entitlements. The TC will reuse as a primary objective, existing standards as well as standards that are being developed in the area of scope. The TC will make an effort at not reinventing the wheel. 3.The TC will generate Cloud Authorization and Entitlements profiles for Platform As A Service (PaaS), Infrastructure As a Service (IaaS) and Software As a Service (SaaS) models of Cloud Computing. 4.In all of its work, the TC should, to the extent feasible, prefer widely implementable, widely interoperable, modular standards, extensions, profiles and methods that permit use by a variety of participants The TC will develop strong liaison relationships with other OASIS Technical Committees, Standards groups and Bodies in the industry. Some of these non- OASIS organizations include OASIS, IETF, ITU-T, ISO and W3C. The TC is free to adopt liaison relationships with any standards organization as it sees fit.TRANSCRIPT
OASIS Cloud Authorization TC
(CloudAuthZ)
www.oasis-open.org
Rakesh Radhakrishnan, TC Member
2
Cloud Authorization TC• A new starting TC • Statement of Purpose
• Cloud Computing is gaining traction in the industry. • Cloud Providers are facing challenges from the lack of standardized profiles
for authorization and entitlements. • In Cloud Computing Systems there are use cases where the access policy
enforcement of a cloud resource needs to be performed as close to the consumer as possible.
• Requires availability of attributes including contextual attributes. • There are use cases where there is a need for the Policy Enforcement Point to
obtain the contextual entitlements (the consumer has) with one call, rather than perform a large number of calls to the authorization set up as seen in the classic enforcement model.
• TC will use existing standards, to provide mechanisms for enabling the delivery of cloud contextual attributes as close as possible to Policy Enforcement Points.
• Enable the development of cloud infrastructures that provide in real time a subset of contextual entitlements sets that a decision point can use to authorize or deny a consumer’s use of a specific resource.
3
Scope of work1. The TC will define use cases for authorization and entitlements in a Cloud
Computing context. These may be existing use cases or new use cases as the TC determines. The TC will reuse use cases identified by the OASIS Identity In The Cloud (ID) TC in the context of Cloud Authorization.
2. When necessary, the TC will work on defining missing specifications for Cloud Authorization and Entitlements. The TC will reuse as a primary objective, existing standards as well as standards that are being developed in the area of scope. The TC will make an effort at not reinventing the wheel.
3. The TC will generate Cloud Authorization and Entitlements profiles for Platform As A Service (PaaS), Infrastructure As a Service (IaaS) and Software As a Service (SaaS) models of Cloud Computing.
4. In all of its work, the TC should, to the extent feasible, prefer widely implementable, widely interoperable, modular standards, extensions, profiles and methods that permit use by a variety of participants.
5. 5. The TC will develop strong liaison relationships with other OASIS Technical Committees, Standards groups and Bodies in the industry. Some of these non-OASIS organizations include OASIS, IETF, ITU-T, ISO and W3C. The TC is free to adopt liaison relationships with any standards organization as it sees fit.
4
List of deliverables1. A document calling out in detail the specific use cases of authorization and
entitlements in a Cloud Computing context that the TC plans to address in their work product. This document will be completed and approved by the TC by January 2013. This document will be a OASIS Committee Note Track document.
2. A document detailing the configuration of relevant standards in order to allow enforcement of authorization policies to be carried out as close to the consumer as possible, using the Cloud Computing Models of IaaS, PaaS and SaaS as examples in this document. This document will be completed and approved by the TC by June 2013. This document will be a OASIS Committee Specification Track document.
3. A document detailing the configuration and specifications to define the download of contextual entitlements in a single call to a Policy Enforcement Point, using the Cloud Computing Models of IaaS, PaaS and SaaS as examples in this document. This document will be completed and approved by the TC by December 2013. This document will be a OASIS Committee Specification Track document.
• IPR Mode under which the TC will operate• The Cloud Authorization TC will operate under the Non Assertion IPR mode
• TC will collaborate with ID cloud TC, ISO, ITU and CSA among others
5
Next Steps• TC Convener Abbie Barbir,
[email protected]• Convener call will be announced soon
• We do encourage all of you to participate
6
Use Cases and Examples
7
Integrated Enterprise Security Architecture for Distributed models
8
Integrated Net Security
9
Integrated Info Sec
10
Integrated Info Sec
11
Integrated Info Sec
12
ABAC vs TBAC