OASIS Standards Development Supporting Identity Management, Privacy and Trust in Cloud Computing Services

John SaboDirector, Global Government Relations

Chair, OASIS IDtrust Member Section Steering Committee

Background

OASIS - Not-for-profit consortium

Founded in 1993 as SGML Open

Global representation

5,000+ participants including:

600+ organizations & individual members

In 100+ countries

IDtrust Member Section

Cloud Computing: Trust Challenges:

Cloud ComputingNetworked Health IT

Smart Grid

World Economic Forum 2010 Study on Global Cloud Computing..Deployment

Economic Benefits• Entrepreneurship; create new

businesses, jobs

• Platform for innovation;

accelerate innovation

• Increase IT efficiency and IT

flexibility

• Business/technology

leapfrogging opportunities in

developing countries

But…Major Barriers

• Privacy (63%)

• Data governance (e.g. data

ownership, cross-border data

transfer, etc. (56%)

• Security (50%)

Source: The World Economic Forum - Used

with Permission

Health IT - Health Information Exchange Functional and Roles Diagram

Business Intelligence

Source: 27 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0

Smart Grid - NIST Smart Grid Conceptual Model

Trust in the Cloud –OASIS Standards as Building Blocks

Key Management Interoperability Protocol (KMIP)

Chairs:

Robert Griffin, RSA

Subhash Sankuratripati, NetApp

www.oasis-open.org

Identity Management 2010

Enterprise Cryptographic Environments

Enterprise Key Management

Disk

Arrays

Backup

Disk

Backup

Tape

Backup

System

Collaboration &

Content Mgmt

Systems

File ServerPortals

Production

Database

Replica

Staging

Key Management Interoperability Protocol

Enterprise

Applications

Email

eCommerce

Applications

Business

Analytics

Dev/Test

Obfuscation

WANLAN

VPN

CRM

KMIP: Single Protocol Supporting Enterprise Cryptographic Environments and Expandable to Cloud Environments

KMIP to Commercial

Meter

Utility

Infrastructure Entity Identification in Cloud Infrastructures

KMIP to low-end

Residential Meter

KMIP to Industrial

Meter

OASIS Digital Signature Services eXtended

Chairs:Juan Carlos Cruellas, Departamento de Arquitectura de Computadores, Univ Politecnica de CatalunaStefan Drees, Individual Member

www.oasis-open.org

DSS-X overview

Profile for requesting generation and/or verification of visible signatures

Profile for generation of a multi-signature verification report providing detailed information on the signature verification process

Profile for handling of signature and service policy

Profile for supporting centralized encryption and decryption services

ebXML Messaging Transport Binding for DSS

Guidance: cross-matrix for existing profiles joint usage

Current status of specifications

DSS-X would like to complete the production of current work during 2011

Contacts between OASIS and ETSI to jointly organize a formal remote interoperability event. DSS-X TC members are completing a the first version of

the test suite.

ETSI would provide a portal supporting the remote interoperability events

Initial plans: aiming for the first half of 2011

Extensible Resource Identifier(XRI)

Chairs: Peter Davis, NeuStarDrummond Reed, XDI.org

The Problem Space

The XRI TC addresses the need for:

URI-compatible structured identifiers on the Web

Standard formats for metadata discovery

XRI structured identifiers provide the ability to share

semantics across domains, applications, schemas, and

ontologies

XRD (Extensible Resource Descriptor) documents address

the problem of simple, standard resource discovery across

the Web

Status

XRI 3.0 is currently a stable Working Draft

XRD 1.0 became an OASIS Standard on November 1

Milestones

Advance XRI 3.0

To Committee Draft in Q1 2011

To Committee Specification in Q 2011

Publish JRD 1.0 (JSON version of XRD 1.0) in 2011

XRI Data Interchange (XDI)

Chairs: Bill Barnhill, Booz Allen HamiltonDrummond Reed, XDI.org

The Problem Space

XDI addresses the need for a generalized semantic data interchange protocol

Such a protocol requires:

A standard discovery mechanism for endpoints

A standard addressable Resource Description Framework (RDF) graph format for data

A standard format for bi-directional linking of this data

A standard format for authorization and fine-grained data sharing controls

A standard set of mechanisms for maintaining trust

Status

We have working experimental XDI serialization formats and messaging implementations (XDI4J)

First drafts of XDI Addressing and Graph Model and XDI Serialization expected by mid-January 2011

Working Drafts of core

specs by Q2 2011

Start holding interop tests by

mid-year

Finalized base 1.0 specs by

end of 2011

Milestones

Near Term XDI Context Discovery

XDI Queries

XDI Dictionaries

And more – For full list see

http://wiki.oasis-open.org/xdi/XdiOneSpecs

Longer Term

Identity in the Cloud Technical Committee (IDCloud TC)

Chairs:Anil Saldhana, Red HatAnthony Nadalin, Microsoft

Cloud Identity Standardization

Oasis IDCloud TC Charter

Three Stages

1: Use Cases Formalization

2: Gap Analysis - current IDM standards

3: Profiles of use cases

Oasis IDCloud TC Charter Secondary Objectives

Don't reinvent the wheel (or new standards)

Strong Liaison relationship with other standards groups

Feed gaps back to working groups

21Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Cloud Identity Standardization

Oasis IDCloud Use Case Categories

Infrastructure Trust Establishment

Infrastructure Identity Management

Federated Identity Management

Authentication (SSO etc)

Authorization

Account/Attribute Management

Security Tokens

Audit and Compliance

22

Open Reputation Management SystemsTechnical Committee(ORMS TC)

Chairs:

Mahalingam Mani, Avaya

Nat Sakimura, Nomura Research Institute (NRI)

ORMS Overview

Users are placing new emphasis for developing reputation

mechanisms for electronics based communities.

The use of reputation systems has been proposed for

various applications such as validating the trustworthiness

of web sites, blogs, events, products, companies, etc.

Reputation reflects the opinions about an entity, from

others and is one of the factors upon which trust can be

based through the use of verifiable claims. Reputation

changes with time and is used within a context. Trust and

reputation are related to a context.

Focus on details about how it is obtained, calculated, in

what context - Interoperability and expression (e.g., score

normalization, distribution notation etc.) and protocol

Privacy Management Reference Model Technical Committee (PMRM TC)

Chairs:John Sabo, CA TechnologiesDr. Michael Willett, ISTPA

OASIS PMRM TC formally announced June 27 – first meeting September 8 – Face to Face Informal Meeting September 29

ISTPA contributed its PMRM v2.0 to the TC

Deliverables include

the Reference Model

one or more use cases utilizing the PMRM

one or more formal methodologies for expressing use cases

profiles of the PMRM applied to selected specific environments (such as Cloud Computing, Health IT, e-Gov, and/or the Smart Grid)

PMRM Technical Committee

Reference Model Components

Set of 10 privacy services

requirements derived from privacy

principles/practices/policies

Service definitions

Set of unique functions for each service

Syntax for invoking services

Generic use case

Linkages to security services

Where the Reference Model Fits

2

8

In Summary….OASIS standards development contributing

to security, privacy and trust in cloud

computing environments

John.t.sabo@ca.com