[Openid-specs-ab] Fwd: [ABA-IDM-TASK-FORCE] Fw: [CC_SECURITY] NIST Cloud Security WG Meetings - Federated ID project

Nat Sakimura sakimura at gmail.com
Tue Feb 9 00:27:19 UTC 2016

Just got this in the ABA list. Forwarding since some of you may be
interested in it.


---------- Forwarded message ---------
From: VVC <0000005b228c7bd2-dmarc-request at mail.americanbar.org>
Date: 2016年2月9日(火) 8:29
Subject: [ABA-IDM-TASK-FORCE] Fw: [CC_SECURITY] NIST Cloud Security WG
Meetings - Federated ID project
To: <BL-FIDM at mail.americanbar.org>

May be of interest to some on ABA list. Dan, VVC

*From: *Iorga, Michaela <michaela.iorga at nist.gov>
*Sent: *Monday, February 8, 2016 5:38 PM
*To: *ValleyViewCorp at aol.com
*Subject: *Re: [CC_SECURITY] NIST Cloud Security WG Meetings - Federated ID
It is a calendar invitation (so the date and time are provided by the
calendar application) for the bi-weekly meetings of the SWG – Project1:
Federated Identity – next meeting on this topic is on Feb 24th, Wednesday
at 2:00 PM ET .  We will alternate the projects when we work on them.

From: "ValleyViewCorp at aol.com" <ValleyViewCorp at aol.com>
Date: Monday, February 8, 2016 at 5:16 PM
To: "Iorga, Michaela" <michaela.iorga at nist.gov>
Subject: Re: [CC_SECURITY] NIST Cloud Security WG Meetings - Federated ID

*No day or time* is shown on this announcement for Federated Identity

In a message dated 2/8/2016 4:22:02 P.M. Eastern Standard Time,
michaela.iorga at nist.gov writes:

Cloud Security WG meeting - “Federated Identity in a Cloud Ecosystem"

Below please find the proposed charter, objectives, deliverables, and

We are calling for contributors willing to support this project. Please
send an email to me: Iorga, Michaela <michaela.iorga at nist.gov>and Mehta,
Ketan <ketan.mehta at nist.gov>if you are interested.</ketan.mehta at nist.gov><
/michaela.iorga at nist.gov>
*Call information:*
Phone: 866-819-5964

Participant PIN: 157533200754

PLEASE NOTE: if the phone system tells you the pin is wrong, carefully
listen to the pin information and make sure it is the same with the one
provided above. Often the system times you out and does not take all
digits. Please have the PIN handy and provide it as fast as possible.
*Webinar info*: please go to *www.readytalk.com* <http://www.readytalk.com/>
and log in as *participant *using the 3387748 access code .
*SOAP info*: *http://webconf.soaphub.org/conf/room/cc_security*
<http://webconf.soaphub.org/conf/room/cc_security> password 5576521

*Forum Type*: Public

*Information Sensitivity*: Non-sensitive

*Project Lead:* Ketan Mehta (NIST), ketan.mehta at nist.gov

*SWG Co-Chair in charge*: Michaela Iorga (NIST), michaela.iorga at nist.gov


The goal of this project is to identify the challenges in implementing and
managing Federated Identity in the highly complex cloud ecosystem. For the
purpose of this project, we adopt the definition of Federated Identity
(aka, Identity Federation) provided in the FICAM Roadmap and Implementation
Guidance, Section 12.1: “Identity Federation is a term used to describe the
technology, standards, policies, and processes that allow an organization
to trust digital identities, identity attributes, and credentials created
and issued by another organization.”

Federating identity is a complex area by itself and merging this concept
with the cloud ecosystem leads to security challenges. The primary
objective of this project is to identify security issues and implementation
challenges involved in securely enabling Federated Identity in the cloud.

The objectives of this project are as follows:

1.Aggregate use cases for Federated identity in cloud ecosystem in various
cloud configurations (e.g., private cloud, public cloud, and hybrid cloud);

2.Identity Federated Identity security issues and implementation challenges
based on the aggregated use cases;

3.Document security issues and implementation challenges;

4.Define prioritization criteria and prioritize implementation challenges;

5.Research and develop guidance and specifications that address the high
priority implementation challenges.

It is within the scope of this work to study existing authentication and
privacy enhancing technologies and standards. Specifically, this group will
leverage relevant work done by the industry and standards organizations
such as National Institute of Standards and Technology (NIST), Federal
Identity, Credential, and Access Management (FICAM), International
Organization for Standardization / International Electrotechnical
Commission (ISO/IEC), Cloud Security Alliance (CSA), Organization for the
Advancement of Structured Information Standards (OASIS), Fast Identities
Online (FIDO), and World Wide Web Consortium (W3C).

This work will not be limited to Federal Government Identity credentials
and initiatives but instead will be inclusive of private industry and
international initiatives.

1.NIST Interagency Report that identities security issues and challenges in
implementing and managing Federated Identity in cloud ecosystem. (See
Objective 3)

2.NIST Special Publication that provides guidance that addresses the high
priority implementation challenges. (See Objective 5)


2.FICAM, FICAM Roadmap and Implementation Guidance

3.FIDO, https://fidoalliance.org/

4.W3C WebCrypto API for web application security,

5.NIST Identity Management, http://www.nist.gov/nstic/

6.ISO/IEC 24760, Information Technology – Security Techniques, A Framework
for Identity Management.

If you would like to remove yourself from this mailing list, please send an
email with the subject line “unsubscribe” to the chair.
Please do not send your request to the entire mailing list.

Thank you in advance for your kind support.
*Dr. Michaela Iorga*
Senior Security Technical Lead for Cloud Computing
Co-Chair, NIST Cloud Security Working Group
Co-Chair, NIST Cloud Forensic Science Working Group
Director, ITL SURF Program
Secure System and Applications Group 773.03
Computer Security Division, ITL
National Institute of Standards and Technology
*~ (*70)970-208-7756

Cc_security mailing list
Cc_security at nist.gov

Thank you for your continued interest in this list. A summary of your
discussion list subscriptions, including BL-FIDM, can be found at
https://shop.americanbar.org/ebus/myABA/CommunicationPreferences.aspx .
This new List Subscription Page allows you to manage your lists -
unsubscribe from existing or join others.

If you have any issues you may either contact the list owner via email:
BL-FIDM-request at mail.americanbar.org , or the ABA Service Center at phone:
1-800-285-2221 or email: service at americanbar.org .
The purpose of this discussion site is to enable ABA members to share and
exchange their personal views on topics and issues of importance to the
legal profession. All comments that appear are solely those of the
individual, and do not reflect ABA positions or policy. The ABA endorses no
comments made herein.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160209/d7b2e90c/attachment-0001.html>

More information about the Openid-specs-ab mailing list