OASIS Standards Development Supporting Identity Management, Privacy and Trust in Cloud Computing Services

Transcription

1 OASIS Standards Development Supporting Identity Management, Privacy and Trust in Cloud Computing Services John Sabo Director, Global Government Relations Chair, OASIS IDtrust Member Section Steering Committee

2 Background OASIS - Not-for-profit consortium Founded in 1993 as SGML Open Global representation 5,000+ participants including: 600+ organizations & individual members In 100+ countries IDtrust Member Section

3 Cloud Computing: Trust Challenges: Cloud Computing Networked Health IT Smart Grid

4 World Economic Forum 2010 Study on Global Cloud Computing..Deployment Economic Benefits Entrepreneurship; create new businesses, jobs Platform for innovation; accelerate innovation Increase IT efficiency and IT flexibility Business/technology leapfrogging opportunities in developing countries But Major Barriers Privacy (63%) Data governance (e.g. data ownership, cross-border data transfer, etc. (56%) Security (50%) Source: The World Economic Forum - Used with Permission

5 Health IT - Health Information Exchange Functional and Roles Diagram Business Intelligence

6 Smart Grid - NIST Smart Grid Conceptual Model Source: 27 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0

7 Trust in the Cloud OASIS Standards as Building Blocks

8 Identity Management 2010 Key Management Interoperability Protocol (KMIP) Chairs: Robert Griffin, RSA Subhash Sankuratripati, NetApp

9 KMIP: Single Protocol Supporting Enterprise Cryptographic Environments and Expandable to Cloud Environments Enterprise Cryptographic Environments Production Database Portals Collaboration & Content Mgmt Systems LAN VPN File Server WAN Disk Arrays Backup System Replica CRM Enterprise Applications ecommerce Applications Backup Disk Staging Business Analytics Dev/Test Obfuscation Backup Tape Key Management Interoperability Protocol Enterprise Key Management

10 Infrastructure Entity Identification in Cloud Infrastructures KMIP to low-end Residential Meter KMIP to Commercial Meter KMIP to Industrial Meter Utility

11 OASIS Digital Signature Services extended Chairs: Juan Carlos Cruellas, Departamento de Arquitectura de Computadores, Univ Politecnica de Cataluna Stefan Drees, Individual Member

12 DSS-X overview Profile for requesting generation and/or verification of visible signatures Profile for generation of a multi-signature verification report providing detailed information on the signature verification process Profile for handling of signature and service policy Profile for supporting centralized encryption and decryption services ebxml Messaging Transport Binding for DSS Guidance: cross-matrix for existing profiles joint usage

13 Current status of specifications DSS-X would like to complete the production of current work during 2011 Contacts between OASIS and ETSI to jointly organize a formal remote interoperability event. DSS-X TC members are completing a the first version of the test suite. ETSI would provide a portal supporting the remote interoperability events Initial plans: aiming for the first half of 2011

14 Extensible Resource Identifier(XRI) Chairs: Peter Davis, NeuStar Drummond Reed, XDI.org

15 The Problem Space The XRI TC addresses the need for: URI-compatible structured identifiers on the Web Standard formats for metadata discovery XRI structured identifiers provide the ability to share semantics across domains, applications, schemas, and ontologies XRD (Extensible Resource Descriptor) documents address the problem of simple, standard resource discovery across the Web

16 Status XRI 3.0 is currently a stable Working Draft XRD 1.0 became an OASIS Standard on November 1 Milestones Advance XRI 3.0 To Committee Draft in Q To Committee Specification in Q 2011 Publish JRD 1.0 (JSON version of XRD 1.0) in 2011

17 XRI Data Interchange (XDI) Chairs: Bill Barnhill, Booz Allen Hamilton Drummond Reed, XDI.org

18 The Problem Space XDI addresses the need for a generalized semantic data interchange protocol Such a protocol requires: A standard discovery mechanism for endpoints A standard addressable Resource Description Framework (RDF) graph format for data A standard format for bi-directional linking of this data A standard format for authorization and fine-grained data sharing controls A standard set of mechanisms for maintaining trust

19 Status We have working experimental XDI serialization formats and messaging implementations (XDI4J) First drafts of XDI Addressing and Graph Model and XDI Serialization expected by mid-january 2011 Milestones Near Term Working Drafts of core specs by Q Start holding interop tests by mid-year Finalized base 1.0 specs by end of 2011 Longer Term XDI Context Discovery XDI Queries XDI Dictionaries And more For full list see

20 Identity in the Cloud Technical Committee (IDCloud TC) Chairs: Anil Saldhana, Red Hat Anthony Nadalin, Microsoft

21 Cloud Identity Standardization Oasis IDCloud TC Charter Three Stages 1: Use Cases Formalization 2: Gap Analysis - current IDM standards 3: Profiles of use cases Oasis IDCloud TC Charter Secondary Objectives Don't reinvent the wheel (or new standards) Strong Liaison relationship with other standards groups Feed gaps back to working groups Geneva, 6-7 December 2010 Addressing security challenges on a global scale 21

22 Cloud Identity Standardization Oasis IDCloud Use Case Categories Infrastructure Trust Establishment Infrastructure Identity Management Federated Identity Management Authentication (SSO etc) Authorization Account/Attribute Management Security Tokens Audit and Compliance 22

23 Open Reputation Management Systems Technical Committee (ORMS TC) Chairs: Mahalingam Mani, Avaya Nat Sakimura, Nomura Research Institute (NRI)

24 ORMS Overview Users are placing new emphasis for developing reputation mechanisms for electronics based communities. The use of reputation systems has been proposed for various applications such as validating the trustworthiness of web sites, blogs, events, products, companies, etc. Reputation reflects the opinions about an entity, from others and is one of the factors upon which trust can be based through the use of verifiable claims. Reputation changes with time and is used within a context. Trust and reputation are related to a context. Focus on details about how it is obtained, calculated, in what context - Interoperability and expression (e.g., score normalization, distribution notation etc.) and protocol

25 Privacy Management Reference Model Technical Committee (PMRM TC) Chairs: John Sabo, CA Technologies Dr. Michael Willett, ISTPA

26 PMRM Technical Committee OASIS PMRM TC formally announced June 27 first meeting September 8 Face to Face Informal Meeting September 29 ISTPA contributed its PMRM v2.0 to the TC Deliverables include the Reference Model one or more use cases utilizing the PMRM one or more formal methodologies for expressing use cases profiles of the PMRM applied to selected specific environments (such as Cloud Computing, Health IT, e-gov, and/or the Smart Grid)

27 Reference Model Components Set of 10 privacy services requirements derived from privacy principles/practices/policies Service definitions Set of unique functions for each service Syntax for invoking services Generic use case Linkages to security services

28 Where the Reference Model Fits 2

29 In Summary. OASIS standards development contributing to security, privacy and trust in cloud computing environments