CloudID Sec Meeting Notes 2013-03-27

Kantara Initiative CloudID Sec WG Teleconference

Call not at quorum

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Nominations and ballots
  2. Discussion
    1. Review of Charter and Roadmap planning
  3. AOB
  4. Adjourn

 

Attendees

  • Liam Lynch
  • Neil McEvoy
  • Nuccio Piscopo

     

Non-Voting

  • Nathan Faut
  • Susan Morrow
  • Colin Wallis

Staff

  • Heather Flanagan (scribe)

 

Action Items

Action

Assigned To

Status

Description

Comments

20130327-01Neil McEvoy Link the GoogleDoc draft of the white paper to the CloudID Sec WG wiki space 
20130327-02Heather Flanagan Send out doodle poll to establish regular meeting schedule, starting week of 8 April 2013 

 

Minutes

Purpose and Group Agenda and Introductions - Neil McEvoy

Idea for Could ID group; Neil has been running the Cloud Identity best practices group to develop best practices; one of the sub topics in this area is identity and there needs to be some documentation between Cloud Industry and Identity worlds

The agenda for the group is to document the detail of that intersection between the two worlds, with the principle headline message being identity as a service, so we can figure out how to take identity services and extend them in to cloud services.  If identity is better integrated in to a cloud environment, does that make it more secure, does it make the application within the cloud better integrated?

One of the first deliverables is to write a white paper which would explain what has been summarized in more detail, to provide the opportunity to bring together the experts to go in to more detail.  Particularly keen to bring in the Cloud Industry, and they will be more our target audience.

As per the charter of the group, we will also look at producing deliverables to make delivery models more accessible with a view to encourage adoption of technologies introduced in the paper.

Other introductions
  • Liam Lynch - used to work in Info Security, founding member of Cloud Security Alliance, has been involved in this space for several years; would like to get a working model that can easily be consumed by a wide variety of organizations using the cloud across sectors (telco, gov't, individuals); passwords are dead and would like to see how we can improve the experience and be more secure
  • Nuccio Piscopo - comes from data and security background; wants to organize a better approach to identity as a service
  • Nathan Faut - with KPMG and sits on the Kantara Assessment Review Board; KPMG is making a big push in to supporting Cloud; thought it would be valuable to lurk in a non-voting member way to see what the group develops and bring in an auditors experience if and when necessary
  • Susan Morrow - there isn't a best practice guide towards doing cloud-based identity, so this will be a very helpful WG; it is an uphill struggle to educate people about the difference between an enterprise and consumer identity system, particularly around usability and security
  • Colin Wallis - from New Zealand, first country in the world to create an eGovernment SAML profile; interested in how non-traditional identity will happen
Note on quorum and voting
  • Current quorum number is 4 out of the 6 voting members
  • Quorum is important for several reasons: being able to vote on leadership, vote on the white paper when it is ready, voting on the minutes of the meeting, and showing the Kantara Leadership Council that the group is active
  • If a voting participant is unable to attend for 3 meetings, they will be shifted to non-voting and can be added back when they rejoin the calls and ask to be added again as voting
Next steps
  • seeking contributions to the white paper, start producing reference materials right away
  • A draft has been started, and Neil will add a link to the wiki to the google doc where this is drafted
  • Will need to vote for leadership, but group is encouraged to meet a few times to get to know each other before nominations
  • Will aim for meeting every other week, noting that with participation from New Zealand to Europe there will be very limited times when the call can be held; Heather will send out a doodle poll and see if we can start our every other week call the week of April 8
    • request that next call discuss structure and organization of the white paper, forming a table of contents so that people may form a complete picture of scope of work

 

Next Meeting