OASIS Cloud Authorization (CloudAuthZ) from Melvin Carvalho on 2013-05-02 (public-rww@w3.org from May 2013)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 2 May 2013 17:37:59 +0200
To: public-rww <public-rww@w3.org>
Message-ID: <CAKaEYhJJY+44x3tbDS15owRP5nxEdk2q_D5oVXhKHjMzyp+-QQ@mail.gmail.com>

FYI: A new initiative : OASIS Cloud Authorization (CloudAuthZ) Technical
Committee

https://www.oasis-open.org/committees/cloudauthz/charter.php

Statement of Purpose

 As Cloud Computing gains traction in the industry, Cloud providers face
challenges from the lack of standardized profiles for authorization and
entitlements. In Cloud Computing Systems, resources such as bandwidth and
memory are constrained. There are, for example, use cases where the access
policy enforcement of a cloud resource needs to be performed as close to
the Consumer as possible. In addition, in most enforcement models, there
are general requirements for making attributes, including contextual
attributes, readily available to Policy Enforcement Points in order to
streamline calls to the authorization engine. This requires availability of
attributes including contextual attributes. Additionally, since the
computing resources are limited, there are use cases where there is a need
for the Policy Enforcement Point to obtain the contextual entitlements that
the Consumer has with one call, rather than perform a large number of calls
to the authorization engine as seen in the classic enforcement model.

 The CloudAuthZ Technical Committee will use existing, well designed
standards, to provide mechanisms for enabling the delivery of cloud
contextual attributes to Policy Enforcement Points. Such mechanisms can
enable the development of cloud infrastructures that provide in real time a
subset of contextual entitlements sets that a decision point can use to
authorize or deny a Consumer’s use of a specific resource. By developing
standard mechanisms to do this, the need to customize the interactions
between customer and vendor systems will be reduced, the overhead needed to
support authorization and entitlement will decrease, and portability across
multiple systems will be enhanced.

 The CloudAuthZ Technical Committee will use existing, well designed
standards to provide mechanisms for enabling the delivery of contextual
entitlements to the Policy Enforcement Points.

Received on Thursday, 2 May 2013 15:38:27 UTC