70 likes | 219 Views
when title IS NOT a question there is NO ‘WE CAN’ in the box. Cloud Computing, Policy Management and Standardization. John Sabo, Director Global Government Relations, CA Technologies Chair, OASIS IDtrust Member Section Steering Committee. Europe Identity Conference 2011 .
E N D
when title IS NOT a question there is NO ‘WE CAN’in the box Cloud Computing, Policy Management and Standardization John Sabo, Director Global Government Relations, CA Technologies Chair, OASIS IDtrust Member Section Steering Committee Europe Identity Conference 2011
Cloud, Cloud Infrastructures, and the Expanding Reliance on Standardization • Cloud Computing and Cloud-based infrastructures • e-identity systems • Smart Grid systems • electronic health systems • government services • Cybersecurity risk management • Data protection, privacy and related data retention and law enforcement issues • International laws, regulations, and policies
U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC) • public and private sector collaboration to raise the level of trust associated with the identities of individuals, organizations, networks, services, and devices involved in online transactions • an identity ecosystem that will: • enhance privacy and support of civil liberties • be secure and resilient and part of layered security • ensure policy and technology interoperability among identity solutions • be built from identity solutions that are cost-effective and easy to use
NSTIC Policy and Technical Interoperability • Technical interoperability (including semantic interoperability) refers to the ability for different technologies to communicate and exchange data based upon well-defined and testable interface standards • Policy- level interoperability is the ability for organizations to adopt common business policies and processes (e g , liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems • The use of open and collaboratively developed security standards and the presence of auditable security processes are critical to an identity solution’s trustworthiness
International Policy-Standards Convergence • Evaluation report on the Data Retention Directive (Directive 2006/24/EC) from the European Commission to the Council and the European Parliament - April 18, 2011 • ARTICLE 29 DATA PROTECTION WORKING PARTY, 00062/10/EN WP 173, Opinion 3/2010 on the principle of accountability, July 2010 • Asia Pacific Economic Cooperation Forum Doc No. 2010/SOM3/ECSG/DPS/003 (“51 Questions” ) – September 2010 • India Ministry of Communications and Information Technology, Data Security and Privacy Final Rules – April 13 2011 • Digital Agenda for Europe, COM(2010) 245 final/2 – August 2010 • China “Multi-Level Protection Scheme”- MLPS • U.S. Proposed Cybersecurity Legislation -critical infrastructures and government systems • Industry Initiatives – Cloud Security Alliance, Kantara Initiative, Open Identity Exchange, Open ID Foundation • Standards Initiatives Focusing on policy level security, privacy and trust management – ISO/IEC, ITU-T, ETSI, OASIS….
OASIS IDtrust Member Section –Technical Committee Work Underway • Key Management Interoperability Protocol (KMIP) • OASIS Digital Signature Services eXtended (DSS-X) • Identity in the Cloud Technical Committee (IDCloud) • Open Reputation Management Systems Technical Committee(ORMS) • Privacy Management Reference Model Technical Committee (PMRM)