Meeting Hosts: Jericho Forum and The Open Group France
Meeting Sponsor: Qualys - http://ww
w.qualys.comMeeting Location:
Hotel Sofitel La Defense
Web: http://www.accorhotels.com/gb/hotel-0912-sofitel-paris-la-defense/index.shtml
Phone: (+33)147764443 - (+33)147767210
Email: H0912@sofitel.com
Accommodation: Cost per room at this hotel is €245.00 per night (incl.
Breakfast).
Reservations: Attendees must make their own accommodation reservations.
Directions to Meeting Location:
See the hotel directions, above.
Logistics:
Context and Objectives:
This meeting is hosted by the Jericho Forum and The Open Group France, and is sponsored by Qualys. Strong interest in our agenda has resulted in us opening this meeting to a wider community of security and business practitioners who are well-positioned to contribute their experience and expertise to the focus of the meeting:
The background to this meeting is that in March 2009 we published our Cloud Cube Model, which identified the different types of Cloud and outlined an approach that business managers can use to decide how to use the enormous potential of Clouds with least risk to their operations. We moved on to examine the challenges to providing effective and scalable Identity & Access Management (IAM) for business collaborations, including in the Cloud. Through 2009 we have seen many discussions, presentations, articles, papers, blogs, and other pronouncements on Cloud Computing, but the risks and threats are still not well documented or understood, and, critically, neither are the new challenges for IAM that are essential to assure secure operations.
Jericho Forum members have held several workshop-style meetings to analyse the key IAM issues for global business collaboration - whether in the Cloud or not - and translate them into practical requirements that security solutions providers will find acceptable. In another project, we started to develop a Self-Assessment Scheme which solutions suppliers and customers could use to assess how well a security solution satisfies the requirements set out by our Jericho Forum "commandments" (design principles) - see http://www.opengroup.org/jericho/commandments_v1.2.pdfIn this Paris meeting we will run several workshops, to complete development of the Self-Assessment Scheme, and assess the ways forward to develop effective secure IAM solutions for global business collaborations in the Cloud. By the end of November we may have the Cloud Security Alliance's version 2 Guidelines for Securing the Cloud, which will contribute to our discussion in this meeting. The outcomes from this meeting will enable us to publish our Self-Assessment Scheme, and to construct a practical framework of requirements for effective IAM security solutions at every level of abstraction for deploying the services in the Cloud that a business may choose to use.
Agenda - Monday:
Headlines:
Final review: The Jericho Forum Self-Assessment Scheme
New work: The key pillars for the future: De-perimeterised Identity & Reputation Management enabling Data-centric Access
09.30: Arrival & reception
10.00: Start of Meeting: welcome, facilities, host introduction
10.10: Agenda Review & Attendee Feedback
10.20: Workshop: Self Assessment Review - Part 1
11.15: Break
11.30: Workshop: Self Assessment Review - Part 2
12.30: Lunch & networking
13.15: Introduction: Holistic Approach to Identity and Data Access in a
De-perimeterised Environment
13.30: Workshop: Requirements for Device & User Identity
15.00: Break
15.15: Workshop: Reconciling Identity with Reputation Management
16.15: Workshop: Aligning Holistic Identity to Data Access
Agenda - Tuesday:
Headlines:
Security in the cloud; evolution of the cloud model and interaction with CSA and TOG cloud WG
Cloud Computing business scenario; Contract Lifecycle Management model for business collaborations User-centric identify in the Cloud
08.30: Arrival & Reception
09.00: Start of Meeting: welcome, facilities, host introduction
09.10: Agenda Review & Attendee Feedback
09.20:
09.20: Workshop: Understanding Abstraction Levels and Attendant Security/IAM
Requirements
10.30: Break
10.45: Workshop: The requirement for Contract and Lifecycle Management in a
Cloud Model
12.30: Workshop: Status of Alignment with Clouds Work, CSA, TOG etc. and where Jericho
Forum adds value
12.45: Summary/review on Outcomes
13.00: Lunch & Networking
14.00: Close