BOSTON: The international consortium, OASIS, has formed a new group to address the serious security challenges posed by identity management in cloud computing. The new OASIS Identity in the Cloud (IDCloud) Technical Committee will identify gaps in existing identity management standards and investigate the need for profiles to achieve interoperability within current standards. Committee members will perform risk and threat analyses on collected use cases and produce guidelines for mitigating vulnerabilities.
“Identity management vendors are currently wrestling with the challenge of facilitating the transition toward a loosely coupled architecture and services-based models through a set of common standards,” noted Steve Coplan, Senior Analyst with The 451 Group’s Enterprise Security Practice. “The OASIS IDCloud Technical Committee, with its focus on taxonomies and use cases, is taking a pragmatic stance on how to resolve the most pressing challenges presented by cloud-based services adoption, and lay the foundation for a sustainable approach. We anticipate that the resulting IDCloud profiles will enable a consistent set of policies that will do the job of encapsulating business logic across multiple domains.”
“Our goal is to build on existing standards wherever possible, in order to extend ongoing industry collaboration and progress around identity to the cloud.” noted Anthony Nadalin of Microsoft, co-chair of the OASIS IDCloud Technical Committee. “By utilizing existing efforts and organizations, we’ll help maintain security and privacy in cloud computing.”
“If the IDCloud TC identifies a need for an extension to a standard, for example, the Security Assertion Markup Language (SAML), then the IDCloud Committee will provide input to the SAML Committee, which will remain responsible for the actual extension development. Hence it is sensible to advance the IDCloud work at OASIS,” explained Anil Saldhana of Red Hat, co-chair of the OASIS IDCloud Technical Committee. “Most of the foundational security standards (XACML, SAML, WS-Security, WS-Trust) were developed at OASIS and continue to be advanced here.”
The IDCloud Technical Committee also is committed to maintaining strong liaison relationships with other relevant standards organizations, including the Cloud Security Alliance and the International Telecommunication Union (ITU-T).
Participation in the IDCloud Technical Committee is open to all interested parties, including enterprises that provide or use identity management in a cloud computing infrastructure. Archives of the Committee’s work will be accessible to both members and non-members, and OASIS will invite public review and comment.
Support for OASIS IDCloud
“Identity is a critical component of the evolving cloud ecosystem. As enterprises consume private, hybrid, and public services, the use of identity across those boundaries is increasingly important. CA is proud to be a co-proposer and supporter of the OASIS IDCloud Technical Committee, and we are eager to build a foundation that will enhance and simplify Identity and Access Management use for the cloud.” — Tim Brown, Chief Security Architect
“As business information moves out of enterprise data centers and into the federated world of cloud computing the challenge of identity is increasing. In order for businesses to remain in control of their information while enabling intra-company collaboration, there needs to be identity standards that start from an assumption of federation. It is to help address this new generation of business challenges that Capgemini supports the work of the IDCloud group.” — Steve Jones, Global Solution Director Business Information Management
“With the increasingly rapid adoption of cloud computing, the need for identity-based security is crucial and urgent. During the development of Novell’s Cloud Security Services we have seen areas where further collaboration with our industry peers is needed to fully realize the promise of cloud computing. Novell is looking forward to working with the IDCloud Technical Committee to develop profiles of open standards for identity management in the cloud.” — Dale Olds, Distinguished Engineer
“Ping Identity firmly believes that standards are critical to the long term success of protecting user identities in the Cloud. By joining OASIS IDCloud, we will share the insights we’ve gained through eight years of federation work with our 100+ SaaS partners to help expedite the move to the Cloud.” — Patrick Harding, CTO
“Cloud Computing is powering a fundamental change in enterprise computing. The paradigm shift raises challenges securing computing infrastructure and Identity Management. SafeNet is excited to participate in the OASIS effort to enhance interoperability for identity management in the cloud. We are confident that with collaboration around industry standards and use cases, the industry will make important steps in bringing trust to the cloud.” — Russell Dietz, Vice President and CTO
Skyworth TTG Holdings
“Cloud computing is a natural evolution from virtualization and the service provider model, and it magnifies the need for federating identities between providers and customers. The building blocks for identity federation standards already exist today, such as SAML and SPML. Now for cloud to succeed, standards must further evolve to make identity federation economical, scalable, and practical for the mass market. Skyworth TTG looks forward to working with the IDCloud Technical Committee to make this happen.” — Richard Sand, CEO
“Cloud computing is transforming IT service delivery, decreasing IT costs, and enabling new ways for businesses and consumers to access and exchange information. Working with the OASIS IDCloud Technical Committee to advance identity standards and best practices for cloud computing is a critical effort for enabling organizations to manage identity information in the cloud and maximize its capabilities with confidence.” — Gary Phillips, Senior Director, Industry Standards, Tools and Technologies
Vanguard Integrity Professionals
“Mainframes host 85% of the world’s data and critical information infrastructure. Clearly these large systems are destined to be major ‘hubs’ within Clouds of all shapes and sizes. The security challenges that currently exist are deployment inhibitors for government agencies and large enterprises. Our goal is to work closely with OASIS to enable these systems to be active and secure participates within Cloud computing.” — Ronn Bailey, CEO and CTO
“Ensuring a solid foundation of trust in cloud-based identities is essential to fully realize the promise of cloud computing. The OASIS IDCloud Committee is committed to the use of well understood and defined identity management technologies based on open standards and best practices. As a leader in cloud-based identity and authentication services, VeriSign supports the important work of the IDCloud Committee.” — Alex Deacon, Distinguished Engineer
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for the Smart Grid, security, Web services, XML conformance, business transactions, electronic publishing, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries.