Monday, January 18, 2010

OASIS Identity in the Clouds

I just found out that a group of folks are putting together a Technical Committee named for Identity in the Clouds.  The main function of this Technical Committee will be "to collect and harmonize definitions, terminologies and vocabulary of Cloud Computing" as it relates to Digital Identities.

I did find it interesting though, that the following is out-of-scope for the TC: Access Control, Levels of Assurance (LOA) and Personally Identifiable Information (PII) in the context of cloud computing, because these have important relations to an Identity.  An Identity is not useful if it does not require "access" to a resource and risk cannot be quantified without "Level of Assurance".  If that was the case, Identities would not be needed.   Personal Identifiable Information is in the context of any Identity, and in some cases the only unique identifier of an Identity.  So, I would like to see more information on the reasoning behind deeming these out-of-scope.