Monday, January 18, 2010

OASIS Identity in the Clouds

I just found out that a group of folks are putting together a Technical Committee named for Identity in the Clouds.  The main function of this Technical Committee will be "to collect and harmonize definitions, terminologies and vocabulary of Cloud Computing" as it relates to Digital Identities.

I did find it interesting though, that the following is out-of-scope for the TC: Access Control, Levels of Assurance (LOA) and Personally Identifiable Information (PII) in the context of cloud computing, because these have important relations to an Identity.  An Identity is not useful if it does not require "access" to a resource and risk cannot be quantified without "Level of Assurance".  If that was the case, Identities would not be needed.   Personal Identifiable Information is in the context of any Identity, and in some cases the only unique identifier of an Identity.  So, I would like to see more information on the reasoning behind deeming these out-of-scope.

1 comment:

  1. Thanks for the link to the Identity in the Clouds Oasis group. I think it will be a valuable exercise to promote standardization of a vocabulary we can use to discuss Identity in Cloud Computing more rationally.

    I do agree with you that Access Control, LOA and PII need to be part of that exercise. Those are critical concepts for Identity Management - in the cloud or not.