Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0



Similar documents
Open Data Center Alliance Usage: Cloud Based Identity Provisioning Rev. 1.0

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY

OPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0

OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS

Open Data Center Alliance Usage: SERVICE CATALOG

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

Cloud Tech Solution at T-Systems International Cloud Integration Center

OPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY

OPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0

Compute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of

OPEN DATA CENTER ALLIANCE Sm Master Usage Model: Commercial framework REV 1.0

Security Issues in Cloud Computing

Addressing Cloud Computing Security Considerations

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

OPEN DATA CENTER ALLIANCE USAGE MODEL: Cloud Maturity Model Rev. 2.0

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

Guideline on Implementing Cloud Identity and Access Management

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

SafeNet Authentication Service

Vistara Lifecycle Management

Strengthen security with intelligent identity and access management

Simplify SSL Certificate Management Across the Enterprise

Open Data Center Alliance Usage Model: Long Distance Workload Migration REV. 1.0

journey to a hybrid cloud

White Paper. Simplify SSL Certificate Management Across the Enterprise

Guideline on Auditing and Log Management

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

How To Create Situational Awareness

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

How To Build An Operating Software For The Enterprise

FISMA / NIST REVISION 3 COMPLIANCE

Improving PCI Compliance with Network Configuration Automation

Securing and protecting the organization s most sensitive data

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

ISO COMPLIANCE WITH OBSERVEIT

How To Manage It Asset Management On Peoplesoft.Com

IBM QRadar Security Intelligence April 2013

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

RSA Identity Management & Governance (Aveksa)

CA SiteMinder SSO Agents for ERP Systems

PEOPLESOFT IT ASSET MANAGEMENT

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Feature. Log Management: A Pragmatic Approach to PCI DSS

PCI Requirements Coverage Summary Table

HIGH-RISK USER MONITORING

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

EMC ViPR Controller. Version 2.4. User Interface Virtual Data Center Configuration Guide REV 01 DRAFT

This research note is restricted to the personal use of

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

CA Service Desk Manager

FISMA NIST (Rev 4) Audit and Accountability: Shared Public Cloud Infrastructure Standards

1 Novell Use Cases. 1.1 Use Case: Per Tenant Identity Provider Configuration Description/User Story Goal or Desired Outcome

Safeguarding the cloud with IBM Dynamic Cloud Security

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

How To Buy Nitro Security

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

I D C S P O T L I G H T. Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s

IBM Security Privileged Identity Manager helps prevent insider threats

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Enterprise Identity Management Reference Architecture

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

LANDesk Service Desk Certified in All 15 ITIL. v3 Suitability Requirements. LANDesk demonstrates capabilities for all PinkVERIFY 3.

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Network Access Control ProCurve and Microsoft NAP Integration

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

C21 Introduction to User Access

TrustedX - PKI Authentication. Whitepaper

CA Cloud Service Delivery Platform

Oracle WebCenter Content

Certification Report

ORACLE HYPERION DATA RELATIONSHIP MANAGEMENT

HP Change Configuration and Release Management (CCRM) Solution

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Proven LANDesk Solutions

Axway API Portal. Putting APIs first for your developer ecosystem

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

How To Manage Security On A Networked Computer System

PCI Requirements Coverage Summary Table

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

HIPAA: The Role of PatientTrak in Supporting Compliance

Transcription:

sm Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0

Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Reference Framework... 5 Context... 6 Applicability... 7 Related Usage Models... 7 Taxonomy... 7 Usage Scenarios... 8 Identity Governance... 8 Real-Time User Access Revalidation... 8 Batch or Event-Driven User Access Revalidation... 9 Auditing and Monitoring...11 Identity Management Audit Logging and Monitoring...11 Related Usage Models...12 Industry Call to Action...12 2

Legal Notice This Open Data Center Alliance SM Usage Model: Cloud-Based Identity Governance and Auditing is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS WHO ARE NOT OPEN DATA CENTER ALLIANCE PARTICIPANTS: Non-Open Data Center Alliance Participants only have the right to review, and make reference or cite, this document. Any such references or citations to this document must give the Open Data Center Alliance, Inc. full attribution and must acknowledge the Open Data Center Alliance, Inc. s copyright in this document. Such users are not permitted to revise, alter, modify, make any derivatives of, or otherwise amend this document in any way. NOTICE TO USERS WHO ARE OPEN DATA CENTER ALLIANCE PARTICIPANTS: Use of this document by Open Data Center Alliance Participants is subject to the Open Data Center Alliance s bylaws and its other policies and procedures. OPEN CENTER DATA ALLIANCE SM, ODCA SM, and the OPEN DATA CENTER ALLIANCE logo SM are service marks owned by Open Data Center Alliance, Inc. and all rights are reserved therein. Unauthorized use is strictly prohibited. This document and its contents are provided AS IS and are to be used subject to all of the limitation set forth herein. Users of this document should not reference any initial or recommended methodology, metric, requirements, or other criteria that may be contained in this document or in any other document distributed by the Alliance ( Initial Models ) in any way that implies the user and/or its products or services are in compliance with, or have undergone any testing or certification to demonstrate compliance with, any of these Initial Models. Any proposals or recommendations contained in this document including, without limitation, the scope and content of any proposed methodology, metric, requirements, or other criteria does not mean the Alliance will necessarily be required in the future to develop any certification or compliance or testing programs to verify any future implementation or compliance with such proposals or recommendations. This document does not grant any user of this document any rights to use any of the Alliance s trademarks. All other service marks, trademarks and trade names referenced herein are those of their respective owners. Published April, 2012 3

sm Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0 Executive Summary Many organizations today have requirements that drive the need to have strong identity governance and auditing on systems that support core business processes or store sensitive information. These requirements are largely driven by regulatory bodies, compliance requirements, internal security policies/standards, and internal and external audit. Identity governance and auditing are seen as strong forms of monitoring controls, the effectiveness of which can easily be independently tested. Where core services have been moved into the cloud, these systems naturally fall under the same security requirements as internally hosted systems. These usage scenarios promote the review of access rights and account status that have been provisioned by the cloud subscriber s identity management system, as well as account and access monitoring in regards to identity management specific concerns. This document serves a variety of audiences. Solution providers and technology vendors will benefit from its content to better understand customer needs and tailor service and product offerings. Standards organizations will find the information helpful in defining end-user relevant and open standards. 4

Purpose The ODCA Cloud-Based Identity Governance and Auditing Usage Model was written to promote a consistent approach for the reconciliation of access rights and account status processes required by a cloud subscriber to perform identity governance. It also promote a consistent approach to support identity auditing requirements for cloud-based resources. Additionally, it provides cloud providers and subscribers with clear guidelines for the development of identity management systems and interfaces for cloud-based resources. Reference Framework The following diagram shows a framework of the functional areas of identity management. This framework provides a reference model for the usage models described below. The usage model will deal with the identity governance and auditing and monitoring function as shown. Identity and Access Management Framework Identity and Access Management Identity Lifecycle Management Identity and Authentication Management Authorization and Permission Lifecycle Management Authorization and Permission Management Identity Governance Identity Creation/ Validation Identity Federation Entitlement Externalization Access Control Services Confirm Validation Identity Provisioning (add/modify/delete) Directory Services / User Repositories Entitlement Provisioning Policy Enforcement Point (PEP) Auditing and Reporting Mover / Leaver Process Authentication Mover / Leaver Process Policy Decision Point (PDP) Monitoring Strong Authentication Role Mining and Discovery Weak Authentication Reporting for Audit / Compliance Checks Sign On Multiple Sign On Reduced Sign On (web, desktop) Single Sign On Credential Management Policy Enforcement Point (PEP) 5

Context The following diagram shows a summary for the usage models described below regarding identity governance and auditing. This diagram should be used for indicative purposes only and is not intended to be definitive. The identity management (idm) system and the security incident and event monitoring (SIEM) system can be hosted either at the cloud provider or cloud subscriber depending on the assurance level. Cloud Subscriber Cloud Subscriber User Access Cloud Resource Cloud Provider Managed Systems Cloud Administrator Administer Systems Identity IdM System Reconciliation of User Access Pull back accounts and entitlements Administer Systems IaaS SaaS Paas Central Auditing and Logging Service Relevant IdM events are logged UAR Reporting Cloud Administrator SIEM System Log Aggregation Identity related log events back to log aggregation system Event Correlation Security Activity Reporting 6

Applicability This usage model is applicable to all levels of cloud services including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The usage model should be applied in the model of Bronze, Silver, Gold, and Platinum levels of security, as defined in the cloud provider ODCA Provider Assurance Usage Model 1, being required. Correlation of applicability to other use models can be found in the ODCA Identity Management Interoperability Guide 2. Related Usage Models This usage model is referenced from the ODCA Identity Management Interoperability Guide. This guide demonstrates the relationships between the different elements of identity management. The ODCA Identity Governance and Auditing Usage Model 3 should be read in conjunction with the Interoperability Guide. General requirements for the levels of security required in cloud solutions can be found in the ODCA Provider Assurance Usage Model. Taxonomy Actor Name Cloud Subscriber Cloud Subscriber User Cloud Subscriber Administrator Cloud Administrator Cloud Provider Cloud Provider Administrator Description A person or organization that has been authenticated to a cloud and maintains a business relationship with a cloud. A user of a cloud subscriber organization who consumes the cloud service provided by the cloud provider as an end user. For example, an organization s email user who is using a SaaS email service the organization subscribes to would be a cloud subscriber s user. An administrator type user of a cloud subscriber organization that performs (cloud) system related administration tasks for the cloud subscriber organization. An administrator type user that performs administration tasks on a system providing services to a cloud subscriber organization. This is independent of whether the administrator is part of the cloud subscriber organization or whether he/she is part of a cloud provider organization working on resources supplied to the cloud subscriber. An organization providing network services and charging cloud subscribers. A (public) cloud provider provides services over the Internet. An administrator type user of a cloud provider organization that performs (cloud) system related administration tasks for the cloud provider organization as part of a service offering. 1 www.opendatacenteralliance.org/docs/odca_providerassurance_rev.1.1_final.pdf 2 www.opendatacenteralliance.org/docs/odca_idm_ InteropGuide_Rev1.0_final.pdf 3 www.opendatacenteralliance.org/docs/odca_identity_gov_auditing_rev1.0_final.pdf 7

Usage Scenarios Identity Governance Usage Scenario 1: Realtime-Time User Access Revalidation Actors: cloud subscriber, cloud subscriber administrator, cloud provider Goal: The cloud subscriber requires a review process to be initiated in real time to pull back provisioned account status and associated access rights. This is to account for cloud subscriber users and cloud administrators that have access to resources managed by the cloud provider. The cloud subscriber has the ability to select one user or multiple users as part of the process. Assumption 1: The cloud subscriber has a role-based identity management system that can differentiate the types of resources required for a cloud subscriber user. Assumption 2: The interface provided by the cloud provider will be through a single standards-based application programming interface (API). Assumption 3: There is a predefined, secure, and trusted communication channel (SSL, VPN (IPSEC/SSL)) between parties. Assumption 4: There is a predefined, secure, trusted, and time-stamped mechanism to ensure message integrity and authenticity of the payload. Assumption 5: The cloud subscriber can apply policies to determine where a cloud subscriber s access does not conform to roles or if the access is different from what was originally provisioned. Consequently, a course of action can be performed such as automatic removal of access or initiation of a review cycle process. Assumption 6: Modification of access of cloud provider managed resources is performed using Service Provisioning Markup Language (SPML). Assumption 7: The interactions defined below are to be carried out in a timely manner. The maximum delay in transaction time should be defined in the contract. Success Scenario 1: A reconciliation process is initiated that pulls back all the current cloud subscriber users and cloud administrators from the cloud provider managed resources. That information is stored in the cloud subscriber identity management system to facilitate the review processes. Steps: 1. The cloud subscriber administrator logs into the identity management system and initiates a real time request to reconcile the account status and/or access rights managed by the cloud provider. 2. The cloud provider completes the necessary steps to send back the account status and/or access rights for the relevant resource. 3. The cloud provider returns a Completed message indicating the successful completion of the reconciliation request. 4. Within the cloud subscriber s identity management system, the policies associated with the review process are applied to the reconciled account status and or access rights. a. Where a policy and workflow have been implemented to include automated remediation activities the cloud subscriber s identity management system may initiate the identity provisioning service to suspend or remove access automatically. b. Where there is a secondary process required for remediation such as a manual review cycle the information is sent to the identity management system s user access rights (UAR) reporting service. 8

5. The identity management system of the cloud subscriber registers the successful operation. The results can be reviewed by the cloud subscriber administrator. Failure Condition 1: A failure message is received from the cloud provider system as a response that the reconciliation request has failed. Failure Handling 1: The identity management system of the cloud subscriber should identify the error and escalate as appropriate. Failure Condition 2: Following the reconciliation request no response is received from the cloud provider in a timely manner. In this case, the status of the request is unclear. Failure Handling 2: The request should be identified within the identity management system of the cloud subscriber as a potential risk and should be flagged to the cloud subscriber administrator as requiring further investigation. Failure Condition 3: A failure message is received from the cloud subscriber s system regarding the integrity of the message payload that is a result of a failed integrity check or time synchronization issue. Failure Handling 3: Event message should be flagged to the cloud subscriber administrator as requiring further investigation. Failure Condition 4: A failure message is received from the cloud provider s system as a response that it is unable to initiate automatic remediation activities. Failure Handling 4: Event message should be flagged to the cloud subscriber administrator as requiring further investigation. Usage Scenario 2: Batch or Event-Driven User Access Revalidation Actors: cloud subscriber, cloud subscriber administrator, cloud provider Goal: The cloud subscriber requires a review process to be initiated by a batch process to pull back provisioned account status and associated access rights. This is to account for cloud subscriber users and cloud administrators that have access to resources managed by the cloud provider. The batch process is triggered by a predefined event, such as time for a monthly review cycle. Assumption 1: The cloud subscriber has a role-based identity management system that can differentiate the types of resources required for a cloud subscriber user. Assumption 2: The interface provided by the cloud provider will be made through a single standards based API. Assumption 3: There is a predefined, secure, and trusted communication channel (SSL, VPN(IPSEC/SSL)) between parties. Assumption 4: There is a predefined, secure, trusted, and time-stamped mechanism to ensure message integrity and authenticity of the payload. 9

Assumption 5: The cloud subscriber can apply policies to determine where a cloud subscriber s access does not conform to roles or if access is different from what was originally provisioned. Consequently, a course of action can be performed, such as automatic removal of access or going through a review cycle process. Assumption 6: Modification of access as part of remediation of the cloud provider managed resources is performed using an SPML interface. Assumption 7: The cloud subscriber will configure a batch schedule, based on the subscriber s requirements, which needs to be agreed on with the cloud provider (e.g., don t want to perform a batch process at a critical time of the day that may affect performance of the service). Assumption 8: The interactions defined below are to be carried out in a timely manner. The maximum delay in transaction time should be defined in the contract. Success Scenario 1: A reconciliation process is initiated that pulls back all the current cloud subscriber users from the cloud provider managed resources. That information is stored in the cloud subscriber identity management system to facilitate the cloud subscriber s review processes. Steps: 1. The cloud subscriber s identity management system initiates a configured batch schedule to reconcile all, or a subset of, the account status and/or access rights managed by the cloud provider. 2. The cloud provider completes the necessary steps to send back the account status and/or access rights for the relevant resource. 3. The cloud provider returns a Completed message indicating the successful completion of the reconciliation request. 4. Within the cloud subscriber s identity management system, the policies associated with the review process are applied to the reconciled accounts and entitlements. a. Where a policy and workflow have been implemented to include automated remediation activities, the cloud subscriber s identity management system may initiate the identity provisioning service to remove access automatically. b. Where there is a secondary process required for remediation, such as a review cycle, the information is sent to the identity management system s UAR reporting service. 5. The identity management system of the cloud subscriber registers the successful operation. The results can be reviewed by the cloud subscriber administrator. Failure Condition 1: A failure message is received from the cloud provider s system as a response that the reconciliation request has failed. Failure Handling 1: The identity management system of the cloud subscriber should identify the error and escalate as appropriate. Failure Condition 2: Following the reconciliation request, no response is received from the cloud provider in a timely manner. In this model, the status of the request is unclear. Failure Handling 2: The request should be identified within the cloud subscriber s identity management system as a potential risk and should be flagged to the cloud subscriber administrator as requiring further investigation. Failure Condition 3: A failure message is received from the cloud subscriber s system regarding the integrity of the message payload which is a result of a failed integrity check or a time synchronization issue. 10

Failure Handling 3: Event message should be flagged to the cloud subscriber administrator as requiring further investigation. Failure Condition 4: A failure message is received from the cloud provider system as a response that it is unable to initiate automatic remediation activities. Failure Handling 4: Event message should be flagged to the cloud subscriber administrator as requiring further investigation. Auditing and Monitoring Usage Scenario 1: Identity Management Audit Logging and Monitoring Actors: cloud subscriber, cloud subscriber administrator, cloud provider, cloud provider administrator Goal: The cloud subscriber requires that identity management-related auditing of cloud subscriber user or cloud administrator activity on resources that are managed by the cloud provider are logged and sent back to the SIEM system. This includes cloud provider staff. Assumption 1: The audit logs maintained by the cloud provider are at a level which meets the cloud subscriber s integrity and confidentiality requirements. For example, gold could be forensic level, tamper proof, etc. Assumption 2: At a minimum, the audit logs will contain the following fields: a time-stamp of the event, the type of event, error code if applicable, user s identity, resource being accessed, IP address of the client, and hostname. Assumption 3: The following identity management events will, where technically possible, be captured authentication logs, access and authorization logs, user login and logoff events (both permit and deny type events based on assurance level). Assumption 4: All human and non human interaction (e.g. monitoring tools, system accounts) identity management events are logged, unless specifically excluded within the contract. Assumption 5: The storage of logs, modification of minimum fields and retention of the logs at the cloud provider must be agreed upon to meet any cloud subscriber and cloud provider regulatory and legal requirements. All such agreements will form part of the contract. Assumption 6: There is a predefined, secure, and trusted communication channel (SSL, VPN (IPSEC/SSL)) between parties. Assumption 7: There is a predefined, secure, trusted, and time-stamped mechanism to ensure message integrity and authenticity of the payload. Assumption 8: The interactions defined below are to be carried out in a timely manner. The maximum delay in transaction time should be defined in the contract. Success Scenario 1: As a cloud subscriber user accesses and uses a cloud provider managed resource, security events relating to identity management are logged. Steps: 1. The cloud subscriber user / cloud subscriber administrator accesses the cloud provider managed resource. 2. As the cloud subscriber triggers certain identity management events, the cloud provider logs security events to its central logging service. 11

3. The cloud provider consolidates the events and forwards them, upon a pre-defined event or upon specific request, to the cloud subscriber s preferred SIEM system. 4. The SIEM system acknowledges it has received the log update from the cloud provider s auditing and logging service. 5. The SIEM system performs security correlation on the logs obtained from the cloud provider s managed resources. 6. The cloud subscriber administrator reviews the logs and generates reports as required. Failure Condition 1: No logs have been received for a period of time between the cloud provider s managed resource and the central logging service. Failure Handling 1: An alert should be raised to the cloud provider administrator as requiring further investigation. Failure Condition 2: No logs have been received for a period of time between the cloud provider s central logging service and the SIEM system. Failure Handling 2: An alert should be raised to the cloud subscriber administrator as requiring further investigation. Failure Condition 3: A failure message is received from the cloud subscriber s system regarding the integrity of the message payload which is a result of a failed integrity check or a time synchronization issue. Failure Handling 3: Event message should be flagged to the cloud subscriber administrator as requiring further investigation. Related Usage Models The following usage models are related to the topic of cloud-based governance and auditing and will provide further detail. ODCA Usage Model: Security Monitoring Rev.1.1 4 ODCA Usage Model: Cloud-Based Identity Provisioning Rev.1.0 5 Industry Call to Action The following further actions are required: The ODCA requests providers of identity management systems for the enterprise and cloud providers to produce reference models and proofof-concept implementations that will show compliance to this requirement. 4 www.opendatacenteralliance.org/docs/odca_securitymonitoring_rev1.1_final.pdf 5 www.opendatacenteralliance.org/docs/odca_identity_provisioning_rev1.0_final.pdf 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information