1 / 7

Cloud Computing, Policy Management and Standardization

when title IS NOT a question there is NO ‘WE CAN’ in the box. Cloud Computing, Policy Management and Standardization. John Sabo, Director Global Government Relations, CA Technologies Chair, OASIS IDtrust Member Section Steering Committee. Europe Identity Conference 2011 .

clove
Download Presentation

Cloud Computing, Policy Management and Standardization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. when title IS NOT a question there is NO ‘WE CAN’in the box Cloud Computing, Policy Management and Standardization John Sabo, Director Global Government Relations, CA Technologies Chair, OASIS IDtrust Member Section Steering Committee Europe Identity Conference 2011

  2. Cloud, Cloud Infrastructures, and the Expanding Reliance on Standardization • Cloud Computing and Cloud-based infrastructures • e-identity systems • Smart Grid systems • electronic health systems • government services • Cybersecurity risk management • Data protection, privacy and related data retention and law enforcement issues • International laws, regulations, and policies

  3. U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC) • public and private sector collaboration to raise the level of trust associated with the identities of individuals, organizations, networks, services, and devices involved in online transactions • an identity ecosystem that will: • enhance privacy and support of civil liberties • be secure and resilient and part of layered security • ensure policy and technology interoperability among identity solutions • be built from identity solutions that are cost-effective and easy to use

  4. NSTIC Policy and Technical Interoperability • Technical interoperability (including semantic interoperability) refers to the ability for different technologies to communicate and exchange data based upon well-defined and testable interface standards • Policy- level interoperability is the ability for organizations to adopt common business policies and processes (e g , liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems • The use of open and collaboratively developed security standards and the presence of auditable security processes are critical to an identity solution’s trustworthiness

  5. International Policy-Standards Convergence • Evaluation report on the Data Retention Directive (Directive 2006/24/EC) from the European Commission to the Council and the European Parliament - April 18, 2011 • ARTICLE 29 DATA PROTECTION WORKING PARTY, 00062/10/EN WP 173, Opinion 3/2010 on the principle of accountability, July 2010 • Asia Pacific Economic Cooperation Forum Doc No. 2010/SOM3/ECSG/DPS/003 (“51 Questions” ) – September 2010 • India Ministry of Communications and Information Technology, Data Security and Privacy Final Rules – April 13 2011 • Digital Agenda for Europe, COM(2010) 245 final/2 – August 2010 • China “Multi-Level Protection Scheme”- MLPS • U.S. Proposed Cybersecurity Legislation -critical infrastructures and government systems • Industry Initiatives – Cloud Security Alliance, Kantara Initiative, Open Identity Exchange, Open ID Foundation • Standards Initiatives Focusing on policy level security, privacy and trust management – ISO/IEC, ITU-T, ETSI, OASIS….

  6. OASIS IDtrust Member Section –Technical Committee Work Underway • Key Management Interoperability Protocol (KMIP) • OASIS Digital Signature Services eXtended (DSS-X) • Identity in the Cloud Technical Committee (IDCloud) • Open Reputation Management Systems Technical Committee(ORMS) • Privacy Management Reference Model Technical Committee (PMRM)

  7. thank youjohn.t.sabo@ca.com

More Related