Cloud Authorization TC

earsplittinggoodbeeInternet and Web Development

Nov 3, 2013 (4 years and 10 days ago)

63 views

OASIS

Cloud Authorization TC
(CloudAuthZ)





www.oasis
-
open.org

Rakesh Radhakrishnan, TC Member


2

Cloud Authorization TC


A new starting TC


Statement of Purpose


Cloud Computing is gaining traction in the industry.


Cloud Providers are facing challenges from the lack of standardized profiles
for authorization and entitlements.


In Cloud Computing Systems there are use cases where the access policy
enforcement of a cloud resource needs to be performed as close to the
consumer as possible.


Requires availability of attributes including contextual attributes.


There are use cases where there is a need for the Policy Enforcement Point to
obtain the contextual entitlements (the consumer has) with one call, rather
than perform a large number of calls to the authorization set up as seen in the
classic enforcement model.



TC will use existing standards, to provide mechanisms for enabling the delivery of
cloud contextual attributes as close as possible to Policy Enforcement Points.


Enable the development of cloud infrastructures that provide in real time a subset of
contextual entitlements sets that a decision point can use to authorize or deny a
consumer’s use of a specific resource.

3

Scope of work

1.
The TC will define use cases for authorization and entitlements in a Cloud
Computing context. These may be existing use cases or new use cases as the
TC determines. The TC will reuse use cases identified by the OASIS Identity In
The Cloud (ID) TC in the context of Cloud Authorization.


2.
When necessary, the TC will work on defining missing specifications for Cloud
Authorization and Entitlements. The TC will reuse as a primary objective,
existing standards as well as standards that are being developed in the area of
scope. The TC will make an effort at not reinventing the wheel.


3.
The TC will generate Cloud Authorization and Entitlements profiles for Platform
As A Service (PaaS), Infrastructure As a Service (IaaS) and Software As a
Service (SaaS) models of Cloud Computing.


4.
In all of its work, the TC should, to the extent feasible, prefer widely
implementable, widely interoperable, modular standards, extensions, profiles
and methods that permit use by a variety of participants.


5.
5. The TC will develop strong liaison relationships with other OASIS Technical
Committees, Standards groups and Bodies in the industry. Some of these non
-
OASIS organizations include OASIS, IETF, ITU
-
T, ISO and W3C. The TC is free
to adopt liaison relationships with any standards organization as it sees fit.


4

List of deliverables

1.
A document calling out in detail the specific use cases of authorization and
entitlements in a Cloud Computing context that the TC plans to address in their
work product. This document will be completed and approved by the TC by
January 2013. This document will be a OASIS Committee Note Track document.


2.
A document detailing the configuration of relevant standards in order to allow
enforcement of authorization policies to be carried out as close to the consumer
as possible, using the Cloud Computing Models of IaaS, PaaS and SaaS as
examples in this document. This document will be completed and approved by
the TC by June 2013. This document will be a OASIS Committee Specification
Track document.


3.
A document detailing the configuration and specifications to define the download
of contextual entitlements in a single call to a Policy Enforcement Point, using the
Cloud Computing Models of IaaS, PaaS and SaaS as examples in this document.
This document will be completed and approved by the TC by December 2013.
This document will be a OASIS Committee Specification Track document.


IPR Mode under which the TC will operate


The Cloud Authorization TC will operate under the Non Assertion IPR mode


TC will collaborate with ID cloud TC, ISO, ITU and CSA among others

5

Next Steps


TC Convener

Abbie Barbir,
abbie.barbir@bankofamerica.com


Convener call will be announced soon


We do encourage all of you to participate

6

Use Cases and Examples

7

Integrated Enterprise Security
Architecture for Distributed models

8

Integrated Net Security

9

Integrated Info Sec

10

Integrated Info Sec

11

Integrated Info Sec

12

ABAC vs TBAC