Last week I had the opportunity to participate in the "Cloudchasers" series of podcasts hosted by noted raconteur Mathew T. Grant. This one included Ajay Sharma, the product marketing manager for identity management at Novell, and myself talking about "Identity and the enterprise cloud." (You can catch the replay here.)
One issue that came up, and which we mostly danced around, was the issue of standards. Now we all know that there are lots of standards in identity (SAML, WS-Federation, OpenID, CardSpace, etc.) but -- so far -- none are perfect for the cloud. Still, work is going on.
The Organization for the Advancement of Structured Information Standards (OASIS) has recently formed a technical committee (TC) to examine this issue, called the "Identity in the Cloud" TC. It's headed by IdM veterans Tony Nadalin of Microsoft and Anil Saldhana of Red Hat. According to their charter:
"The purpose of the OASIS Identity in the Cloud TC is to collect and harmonize definitions, terminologies and vocabulary of Cloud Computing, and develop profiles of open standards for identity deployment, provisioning and management. Where possible, the TC will seek to re-use existing work. The TC will collect use cases to help identify gaps in existing Identity Management standards. The use cases will be used to identify gaps in current standards and investigate the need for profiles for achieving interoperability within current standards, with a preference for widely interoperable and modular methods."
The membership includes: Alfresco Software, CA, Capgemini, Cisco Systems, Citrix Systems, eBay, IBM, Jericho Systems, Microsoft, Novell, Ping Identity, Red Hat, SafeNet, SAP, Skyworth TTG Holdings, Symantec, Boeing, the U.S. Department of Defense and VeriSign. That's an excellent cross-section of business and technology organizations, providers and users. If you're an Oasis member, you should join this TC.
Coming up next month is the Cloud Identity Summit), July 20-22 in Keystone, Colo. Besides the normal sessions of the conferences there'll also be extended workshops that address standards and the cloud including:
* Implementing OpenID, OAuth & OAuth/WRAP for Consumer Identity (hosted by Google's Chris Messina and David Primmer).
* Implementing SAML for Secure Single Sign-On (hosted by Ping Identity Security Architect Ian Barnett).
* The Essential XACML Primer (hosted by Axiomatics' Gerry Gebel -- formerly of the Burton Group).
There'll also be presentations by the Cloud Security Alliance , the Oasis Identity in the Cloud TC, and interesting sessions with titles such as: "Cloud Identity: Yesterday, Today & Tomorrow" and "Identity: The cloud security foundation." Additionally, there'll be a one-day track called "Cloud Identity Standards". I don't think I'll be there, but you should be.