OASIS Open

OASIS Identity in the Cloud Technical Committee

Cloud Computing is turning into an important IT service delivery paradigm. Many enterprises are experimenting with cloud computing, using clouds in their own data centers or hosted by third parties, and increasingly they deploy business applications on such private and public clouds. Cloud Computing raises many challenges that have serious security implications. Identity Management in the cloud is such a challenge.

Many enterprises avail themselves of a combination of private and public Cloud Computing infrastructures to handle their workloads. In a phenomenon known as "Cloud Bursting", the peak loads are offloaded to public Cloud Computing infrastructures that offer billing based on usage. This is a use case of a Hybrid Cloud infrastructure. Additionally, governments around the world are evaluating the use of Cloud Computing for government applications. For instance, the US Government has started apps.gov to foster the adoption of Cloud Computing. Other governments have started or announced similar efforts.

The purpose of the OASIS Identity in the Cloud TC is to collect and harmonize definitions, terminologies and vocabulary of Cloud Computing, and develop profiles of open standards for identity deployment, provisioning and management. Where possible, the TC will seek to re-use existing work. The TC will collect use cases to help identify gaps in existing Identity Management standards. The use cases will be used to identify gaps in current standards and investigate the need for profiles for achieving interoperability within current standards, with a preference for widely interoperable and modular methods.

Additionally, the use cases may be used to perform risk and threat analyses. Suggestions to mitigate the identified risks and the threats and vulnerabilities will be provided.

The TC will focus on collaborating with relevant standards organizations such as the Cloud Security Alliance and the ITU-T, in the area of cloud security and Identity Management. Liaisons will be identified with other standards bodies, and strong content-sharing arrangements sought where possible, subject to applicable OASIS policies.

The purpose of the TC is to harmonize definitions/terminologies/vocabulary of Identity in the context of Cloud Computing; to identify and define use cases and profiles; and to identify gaps in existing Identity Management standards as they apply in the cloud.

1. The TC will identify and may collect and publish new and/or existing definitions, terminologies and vocabulary of Identity for Cloud Computing as the TC determines.
2. The TC will define use cases for identity deployment, provisioning and management in a Cloud Computing context. These may be existing use cases or new use cases as the TC determines.
3. The TC will define interoperability profile(s) of existing protocols and formats for usage of Identity in the Cloud, based on the identified use cases. Profiles are subsets of specifications and combinations of such subsets.
4. The TC will identify gaps in existing Identity Management interoperability protocols and formats standards at OASIS and other standards bodies and utilize the OASIS liaison process for communicating the gaps.
5. In all of its work, the TC should, to the extent feasible, prefer widely implementable, widely interoperable, modular standards, extensions, profiles and methods that permit use by a variety of participants.
6. The TC will build on and use existing standards and specifications when possible. When there is a need to extend existing OASIS Standards, then the TC will not undertake that exercise but will work with the Technical Committee representing the standard to provide the extension as part of that Technical Committee. As an example, if the TC requires extensions in standards such as SAML or WS-Trust, then this TC will identify the remaining work to be undertaken by the TCs responsible for those standards, or their successors.
7. The TC will build profiles for Identity in Cloud Computing.

Out of Scope:

1. Access Control methods, Levels of Assurance (LOA) for security, and definitions and structures for expressing Personally Identifiable Information (PII). The TC may reference or suggest re-use or extension of such methods in the context of Cloud Computing, but will not develop them.
2. APIs or Implementations
3. Creation of new protocols or formats.

1. A document calling out in detail the specific use cases of identity deployment, provisioning and management in a Cloud Computing context that the TC plans to address in their work product. This document will be completed and approved by the TC by July 2010.
2. A set of profiles and gaps, as described in paragraphs #3 and #4 under 'Scope', to be approved as a Committee Specification by December 2010, and the remainder if any to be approved by Committee Specifications by June 2011. The TC may elect to create one or more of such deliverables in whatever combination it deems appropriate.
3. Optionally, such other deliverables within the scope listed in paragraphs 1-6 (including collections of definitions, terminology and vocabularies, and risk/threat assessments), as the TC may elect, until the later of June 2011 or such later date as the TC may elect to conclude.

Royalty Free on Limited Terms

Enterprises interested in providing or using identity management capabilities in a Cloud Computing infrastructure.

English