OASIS Standards Development Supporting Identity Management, Privacy and Trust in Cloud Computing Services
John Sabo Director, Global Government Relations
Chair, OASIS IDtrust Member Section Steering Committee Background
OASIS - Not-for-profit consortium
Founded in 1993 as SGML Open
Global representation
5,000+ participants including:
600+ organizations & individual members
In 100+ countries
IDtrust Member Section Cloud Computing: Trust Challenges: Cloud Computing Networked Health IT Smart Grid World Economic Forum 2010 Study on Global Cloud Computing..Deployment
Economic Benefits But…Major Barriers
• Entrepreneurship; create new • Privacy (63%) businesses, jobs • Data governance (e.g. data • Platform for innovation; accelerate innovation ownership, cross-border data transfer, etc. (56%) • Increase IT efficiency and IT flexibility • Security (50%)
• Business/technology leapfrogging opportunities in developing countries
Source: The World Economic Forum - Used with Permission Health IT - Health Information Exchange Functional and Roles Diagram
Business Intelligence Smart Grid - NIST Smart Grid Conceptual Model
Source: 27 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 Trust in the Cloud – OASIS Standards as Building Blocks www.oasis-open.org Identity Management 2010
Key Management Interoperability Protocol (KMIP)
Chairs: Robert Griffin, RSA Subhash Sankuratripati, NetApp KMIP: Single Protocol Supporting Enterprise Cryptographic Environments and Expandable to Cloud Environments
Enterprise Cryptographic Environments
Collaboration & File Server Portals Content Mgmt Disk Production Systems Arrays Backup Database LAN VPN WAN System Replica Backup Enterprise eCommerce Disk CRM Applications Applications Business Staging Analytics Backup Tape Dev/Test Email Obfuscation
Key Management Interoperability Protocol
Enterprise Key Management Infrastructure Entity Identification in Cloud Infrastructures
KMIP to low-end Residential Meter
KMIP to Commercial Meter KMIP to Industrial Meter
Utility www.oasis-open.org
OASIS Digital Signature Services eXtended
Chairs: Juan Carlos Cruellas, Departamento de Arquitectura de Computadores, Univ Politecnica de Cataluna Stefan Drees, Individual Member DSS-X overview
Profile for requesting generation and/or verification of visible signatures
Profile for generation of a multi-signature verification report providing detailed information on the signature verification process
Profile for handling of signature and service policy
Profile for supporting centralized encryption and decryption services
ebXML Messaging Transport Binding for DSS
Guidance: cross-matrix for existing profiles joint usage Current status of specifications
DSS-X would like to complete the production of current work during 2011
Contacts between OASIS and ETSI to jointly organize a formal remote interoperability event.
DSS-X TC members are completing a the first version of the test suite.
ETSI would provide a portal supporting the remote interoperability events
Initial plans: aiming for the first half of 2011 Extensible Resource Identifier(XRI)
Chairs: Peter Davis, NeuStar Drummond Reed, XDI.org The Problem Space
The XRI TC addresses the need for:
URI-compatible structured identifiers on the Web
Standard formats for metadata discovery
XRI structured identifiers provide the ability to share semantics across domains, applications, schemas, and ontologies
XRD (Extensible Resource Descriptor) documents address the problem of simple, standard resource discovery across the Web Status
XRI 3.0 is currently a stable Working Draft
XRD 1.0 became an OASIS Standard on November 1 Milestones
Advance XRI 3.0 To Committee Draft in Q1 2011 To Committee Specification in Q 2011 Publish JRD 1.0 (JSON version of XRD 1.0) in 2011 XRI Data Interchange (XDI)
Chairs: Bill Barnhill, Booz Allen Hamilton Drummond Reed, XDI.org The Problem Space
XDI addresses the need for a generalized semantic data interchange protocol
Such a protocol requires:
A standard discovery mechanism for endpoints
A standard addressable Resource Description Framework (RDF) graph format for data
A standard format for bi-directional linking of this data
A standard format for authorization and fine-grained data sharing controls
A standard set of mechanisms for maintaining trust Status
We have working experimental XDI serialization formats and messaging implementations (XDI4J) First drafts of XDI Addressing and Graph Model and XDI Serialization expected by mid-January 2011 Milestones Near Term Longer Term Working Drafts of core XDI Context Discovery specs by Q2 2011 XDI Queries Start holding interop tests by XDI Dictionaries mid-year And more – For full list see Finalized base 1.0 specs by end of 2011 http://wiki.oasis-open.org/xdi/XdiOneSpecs Identity in the Cloud Technical Committee (IDCloud TC)
Chairs: Anil Saldhana, Red Hat Anthony Nadalin, Microsoft Cloud Identity Standardization
Oasis IDCloud TC Charter Three Stages 1: Use Cases Formalization 2: Gap Analysis - current IDM standards 3: Profiles of use cases Oasis IDCloud TC Charter Secondary Objectives Don't reinvent the wheel (or new standards) Strong Liaison relationship with other standards groups Feed gaps back to working groups
Geneva, 6-7 December 2010 Addressing security challenges on a global scale 21 Cloud Identity Standardization
Oasis IDCloud Use Case Categories Infrastructure Trust Establishment Infrastructure Identity Management Federated Identity Management Authentication (SSO etc) Authorization Account/Attribute Management Security Tokens Audit and Compliance
22 Open Reputation Management Systems Technical Committee (ORMS TC)
Chairs: Mahalingam Mani, Avaya Nat Sakimura, Nomura Research Institute (NRI) ORMS Overview
Users are placing new emphasis for developing reputation mechanisms for electronics based communities.
The use of reputation systems has been proposed for various applications such as validating the trustworthiness of web sites, blogs, events, products, companies, etc.
Reputation reflects the opinions about an entity, from others and is one of the factors upon which trust can be based through the use of verifiable claims. Reputation changes with time and is used within a context. Trust and reputation are related to a context.
Focus on details about how it is obtained, calculated, in what context - Interoperability and expression (e.g., score normalization, distribution notation etc.) and protocol Privacy Management Reference Model Technical Committee (PMRM TC)
Chairs: John Sabo, CA Technologies Dr. Michael Willett, ISTPA PMRM Technical Committee
OASIS PMRM TC formally announced June 27 – first meeting September 8 – Face to Face Informal Meeting September 29
ISTPA contributed its PMRM v2.0 to the TC
Deliverables include the Reference Model one or more use cases utilizing the PMRM one or more formal methodologies for expressing use cases profiles of the PMRM applied to selected specific environments (such as Cloud Computing, Health IT, e-Gov, and/or the Smart Grid) Reference Model Components
Set of 10 privacy services
requirements derived from privacy principles/practices/policies
Service definitions
Set of unique functions for each service
Syntax for invoking services
Generic use case
Linkages to security services Where the Reference Model Fits
2 8 In Summary…. OASIS standards development contributing to security, privacy and trust in cloud computing environments