Welcome to the Cloud Standards Wiki
The Cloud Standards Wiki at http://cloud-standards.org is maintained by representatives active in each of the organizations listed. We meet periodically to update each other on the latest cloud standards activities and maintain the wiki site.
Consult the User's Guide for information on using the wiki software.
The hype around cloud has created a flurry of standards and open source activity leading to market confusion. As important as current standards development efforts are, they are not enough. There is a lack of a customer driven prioritization and focus within the cloud standards development process.
The Cloud Standards Customer Council (CSCC) is an end user advocacy group dedicated to accelerating cloud's successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud. The Council separates the hype from the reality on how to leverage what customers have today and how to use open, standards-based cloud computing to extend their organizations. CSCC provides cloud users with the opportunity to drive client requirements into standards development organizations and deliver materials such as best practices and use cases to assist other enterprises.
Cloud Standards Customer Council founding enterprise members include IBM, Kaavo, CA Technologies, Rackspace & Software AG. More than 500 of the world's leading organizations have already joined the Council, including Lockheed Martin, Citigroup, Boeing, State Street Bank, Aetna, AARP, AT&T, Ford Motor Company, Lowe's, and others.
Whitepapers and articles published by the CSCC include:
- Web Application Hosting Cloud Architecture link.
- Interoperability and Portability for Cloud Computing: A Guide link.
- Migrating Applications to the Cloud: Assessing Performance and Response Time Requirements link.
- CSCC Deploying Big Data Analytics Applications to the Cloud link.
- The CSCC Practical Guide to Cloud Computing V2.0 link.
- Social Business in the Cloud: Achieving Measureable Business Results link.
- Migrating Applications to Public Cloud Services: Roadmap for Success link.
- Cloud Security Standards: What to Expect & Negotiate link.
- Convergence of Social, Mobile and Cloud: 7 Steps to Ensure Success link.
- Public Cloud Service Agreements: What to Expect and What to Negotiate link.
- Impact of Cloud Computing on Healthcare link.
- The CSCC Practical Guide to Cloud Service Level Agreements link.
All accessible via the CSCC Resource Hub.
CSCC hosts in-person and virtual events. View the Event Calendar.
CSCC membership is free for qualified end-user organizations. For more details, visit the web page.
OVF has been designated as ANSI INCITS 469 2010
OVF has been designated as ISO/IEC DIS 17203
OVF 2.0 has been designated as DMTF Standard
This specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.
DMTF’s Open Cloud Standards Incubator focused on standardizing interactions between cloud environments by developing cloud management use cases, architectures and interactions. This work was completed in July 2010. The work has now transitioned to the Cloud Management Working Group.
DSP-IS0101 Cloud Interoperability White Paper V1.0.0
This white paper describes a snapshot of the work being done in the DMTF Open Cloud Standards Incubator, including use cases and reference architecture as they relate to the interfaces between a cloud service provider and a cloud service consumer.
DSP-IS0102 Architecture for Managing Clouds White Paper V1.0.0
This white paper is one of two Phase 2 deliverables from the DMTF Cloud Incubator and describes the reference architecture as it relates to the interfaces between a cloud service provider and a cloud service consumer. The goal of the Incubator is to define a set of architectural semantics that unify the interoperable management of enterprise and cloud computing.
DSP-IS0103 Use Cases and Interactions for Managing Clouds White Paper V1.0.0
This document is one of two documents that together describe how standardized interfaces and data formats can be used to manage clouds. This document focuses on use cases, interactions, and data formats.
The CMWG is developing a set of prescriptive specifications that deliver architectural semantics as well as implementation details to achieve interoperable management of clouds between service requestors/developers and providers. This WG is proposing a resource model that at minimum captures the key artifacts identified in the Use Cases and Interactions for Managing Clouds document produced by the Open Cloud Incubator.
The Cloud Infrastructure Management Interface is available as a final standard:
This document defines a logical model for the management of resources within the Infrastructure as a Service domain. This model was developed to address the use cases outlined in the “Scoping Framework for Cloud Management Models and Protocol Requirements” document.
This document contains scenarios that describe common uses of the CIMI protocol..
This document defines a representation, in XML, for the Cloud Infrastructure Management Interface [CIMI] logical model.
This document defines a CIM representation, in MOF, for the Cloud Infrastructure Management Interface [CIMI] logical model.
A cloud provider’s ability to produce and share specific audit event, log and report information on a per-tenant basis is essential. DMTF’s CADF WG will develop open standards for federating cloud audit information, which will instill customers with greater trust in cloud hosted applications. These reports and logs will include information needed to classify and tag events as relevant to particular compliance control domains and frameworks (such as ISO 27002, PCI DSS, COBIT, etc.).
The CADF will develop specifications for federating audit event data including interface definitions and a compatible interaction model that will describe interactions between IT resources for cloud deployment models. The CADF is also working closely with the DMTF Cloud Management Working Group (CMWG) to reference their resource model and interface protocol work.
The goal of ETSI TC CLOUD (previously TC GRID) is to address issues associated with the convergence between IT (Information Technology) and Telecommunications. The focus is on scenarios where connectivity goes beyond the local network. This includes not only Grid computing but also the emerging commercial trend towards Cloud computing which places particular emphasis on ubiquitous network access to scalable computing and storage resources.
Since TC CLOUD has particular interest in interoperable solutions in situations which involve contributions from both the IT and Telecom industries, the emphasis is on the Infrastructure as a Service (IaaS) delivery model. TC GRID focuses on interoperable applications and services based on global standards and the validation tools to support these standards. Evolution towards a coherent and consistent general purpose infrastructure is envisaged. This will support networked IT applications in business, public sector, academic and consumer environments.
ETSI is tasked to coordinate with partakers in the cloud standards ecosystems and devise standards roadmaps in support of EU critical policy in areas such as security, interoperability, data portability and reversibility.
Supported by a membership of 750 organizations from 62 countries, a global network of partners, open and transparent processes, ETSI is launching the Cloud Standards Coordination in collaboration with a series of prominent players.
As ICT services continue to grow in sophistication and diversity, a paradigm shift is taking place from “owning” to “leasing” IT. As a result, “cloud systems” are expected to penetrate the market rapidly as a social infrastructure on which new value will be created. Services provided by cloud systems (hereinafter “cloud services”) are expected to develop into a large market in Japan, which already has a high-speed, broadband network infrastructure in place, because these services not only enable users to employ applications flexibly and securely at low cost but also enable both providers and users to reduce energy consumption.
GICTF is promoting standardization of network protocols and the interfaces through which cloud systems inter-work with each other, to promote international inter-working of cloud systems, to enable global provision of highly reliable, secure and high-quality cloud services, and to contribute to the development Japan’s ICT industry and to the strengthening of its international competitiveness
GICTF has published the following:
Standardization for interoperable Distributed Application Platforms and Services including:
Web Services, Service Oriented Architecture (SOA), and Cloud Computing
SC38 and ITU-T SG13 have formed a Collaborative Team (CT) and are working towards a common Vocabulary and Reference Architecture for Cloud Computing
Study Group 13 leads ITU's work on standards for next generation networks (NGN) and future networks and is the primary SG working on Cloud Computing.
The Focus Group on Cloud Computing has published a report on cloud computing and has concluded its work.
ITU-T Study Groups have working groups called Questions that focus on specific areas. For Cloud Computing, several Questions are grouped into Working Party 6 (WP6) for coordination and alignment.
The scope of JCA-Cloud is coordination of the ITU-T cloud computing standardization work within ITU-T and coordination of the communication with standards development organizations and forums also working on Cloud Computing protocols and standards.
JCA-Cloud is open to ITU Members and designated representatives of relevant Standards Development Organizations and Forums.
NIST is posting its working definition of cloud computing that serves as a foundation for its upcoming publication on the topic (available above). Computer scientists at NIST developed this definition in collaboration with industry and government. It was developed as the foundation for a NIST special publication that will cover cloud architectures, security, and deployment strategies for the federal government.
Three complementary activities, all performed in collaboration with other agencies and standards development organizations:
- NIST inserts existing standards and de-facto interfaces as specifications.
- NIST identifies and validates specifications using use cases.
- Organizations contribute open specifications.
- NIST receives and coordinates the prioritization of specifications, and validates using use cases.
- NIST identifies gaps in cloud standards (and specifications) and publishes the gaps on the portal: produces opportunity for outside organizations to fill them.
A set of twenty five use cases that seek to express selected portability, interoperability and security concerns that cloud users may have.
Open Grid Forum (OGF) is a leading standards development organization operating in the areas of grid, cloud and related forms of advanced distributed computing. The OGF community pursues these topics through an open process for development, creation and promotion of relevant specifications and use cases.
OGF partners and participants throughout the international arena use these standards to champion architectural blueprints related to cloud and grid computing and the associated software development. This work enables the community to pursue the pervasive adoption of advanced distributed computing techniques for business and research worldwide. Organizations throughout the world use the resulting clouds and grids as production distributed architectures built on these features to collaborate in areas as diverse as scientific data processing, drug discovery, cancer research, financial risk analysis, visualization and product design.
The Open Cloud Computing Interface comprises a set of open community-led specifications delivered through the Open Grid Forum. OCCI is a general-purpose set of specifications for cloud-based interactions with resources in a way that is explicitly vendor-independent, platform-neutral and can be extended to solve a broad variety of problems in cloud computing. The OCCI specification set is a product of the Open Grid Forum. OGF is a leading development organization for open standards in the area of distributed networking, computing and storage with an emphasis on technologies for large-scale distributed computing. OGF develops its standards through an open process that gathers input and contributions from the community and refines them through peer review and public comment to produce standards, guidance and information of value to the community through the Grid Final Document (GFD) series.
OCCI provides a protocol and API design components, including a fully-realized ANTLR grammar, for all kinds of cloud management tasks. The work was originally initiated to create a remote management API for IaaS model based services, allowing for the development of interoperable tools for common tasks including deployment, autonomic scaling and monitoring. It has since evolved into a flexible API with a strong focus on integration, portability, interoperability and innovation while still offering a high degree of extensibility. The current release of the Open Cloud Computing Interface is suitable to serve many other models in addition to IaaS, including e.g. PaaS and SaaS.
The current OCCI specification set consist of three documents, with others under preparation in the OGF standards pipeline. Future releases of OCCI may include additional rendering and extension specifications. The documents of the current OCCI specification suite are:
Open Cloud Computing Interface Core Specification
The OCCI Core Model defines a representation of instance types which can be manipulated through an OCCI rendering implementation. It is an abstraction of real-world resources, including the means to identify, classify, associate and extend those resources. Through these core and model features, the Open Cloud Computing Interface provides a boundary protocol and API that acts as a service front-end to a provider’s internal management framework. Service consumers can be both end-users and other system instances. OCCI is suitable for both cases. The key feature is that OCCI can be used as a management API for all kinds of resources while at the same time maintaining a high level of interoperability.
Current status: published as OGF GFD.183, April 7, 2011.
Open Cloud Computing Interface Infrastructure Specification
An OCCI implementation can model and implement an Infrastructure as a Service API offering by utilizing the OCCI Core Model. The OCCI Infrastructure specification contains the definition of the OCCI Infrastructure extension applicable for use in the IaaS domain. Such an API allows for the creation and management of typical resources associated with an IaaS service. These infrastructure types inherit the OCCI Core Model Resource base type and all of its attributes.
Current status: published as OGF GFD.184, April 7, 2011.
Open Cloud Computing Interface HTTP Rendering Specification
OCCI HTTP Rendering defines how to interact with the OCCI Core Model using the RESTful OCCI API. The document defines how the OCCI Core Model can be communicated and thus serialized using the HTTP protocol.
Current status: Public comment period completed; document in final editing prior to OGF Standards Council review.
OMG's focus is always on modeling, and the first specific cloud-related specification efforts have only just begun, focusing on modeling deployment of applications & services on clouds for portability, interoperability & reuse.
The Open Cloud Consortium (OCC)
- Supports the development of standards for cloud computing and frameworks for interoperating between clouds;
- develops benchmarks for cloud computing; and
- supports reference implementations for cloud computing, preferably open source reference implementations.
The OCC has a particular focus in large data clouds. It has developed the MalStone Benchmark for large data clouds and is working on a reference model for large data clouds.
OASIS drives the development, convergence and adoption of open standards for the global information society. The source of many of the foundational standards in use today, OASIS sees Cloud Computing as a natural extension of SOA and network management models. The OASIS technical agenda is set by members, many of whom are deeply committed to building Cloud models, profiles, and extensions on existing standards, including:
- Security, access and identity policy standards -- e.g., OASIS SAML, XACML, SPML, WS-SecurityPolicy, WS-Trust, WS-Federation, KMIP, and ORMS.
- Content, format control and data import/export standards -- e.g., OASIS ODF, DITA, CMIS, and SDD.
- Registry, repository and directory standards -- e.g., OASIS ebXML and UDDI.
- SOA methods and models, network management, service quality and interoperability -- e.g., OASIS SCA, SDO, SOA-RM, and BPEL.
OASIS Cloud-Specific or Extended Technical Committees (TC)
The OASIS CAMP TC advances an interoperable protocol that cloud implementers can use to package and deploy their applications. CAMP defines interfaces for self-service provisioning, monitoring, and control. Based on REST, CAMP is expected to foster an ecosystem of common tools, plugins, libraries and frameworks, which will allow vendors to offer greater value-add.
The OASIS IDCloud TC works to address the serious security challenges posed by identity management in cloud computing. The TC identifies gaps in existing identity management standards and investigates the need for profiles to achieve interoperability within current standards. It performs risk and threat analyses on collected use cases and produces guidelines for mitigating vulnerabilities.
Cloud computing, in particular, exacerbates the separation between consumer-based business requirements and provider-supplied IT responses. The SAF facilitates knowledge sharing across these domains, allowing consumer and provider to work cooperatively together to ensure adequate capacity, maximize quality of service, and reduce cost.
The goal of the Topology and Orchestration Specification for Cloud Applications (TOSCA) Technical Committee is to substantially enhance the portability of cloud applications and the IT services that comprise them running on complex software and hardware infrastructure.
TOSCA will facilitate this goal by enabling the interoperable description of application and infrastructure cloud services, the relationships between parts of the service, and the operational behavior of these services (e.g., deploy, patch, shutdown) independent of the supplier creating the service, and any particular cloud provider or hosting technology. TOSCA will also enable the association of that higher-level operational behavior with cloud infrastructure management.
This capability will greatly facilitate much higher levels of cloud service/solution portability without lock-in, including:
- Portable deployment to any compliant cloud
- Easier migration of existing applications to the cloud
- Flexible bursting (consumer choice)
- Dynamic multi-cloud provider applications
Ultimately, this will benefit the consumers, developers, and providers of cloud-based solutions and provide an essential foundation for even higher-level TOSCA-based vocabularies that could be focused on specific solutions and domains.
CloudAuthorization (CloudAuth) Technical Committee, will develop specifications and protocols to enable contextual attributes and entitlements to be delivered to Policy Enforcement Points in real time.
The OASIS PACR TC will develop cloud computing operational requirements for public administrations to inform procurement, auditable assurance and conformance testing, and acquisition criteria.
The CDMI specification is now an ISO Standard ISO/IEC 17826:2012.
The Open Group is a global consortium that enables the achievement of business objectives through IT standards. It has a Cloud Work Group, which is part of its Open Platform 3.0™ Forum.
The Open Group Open Platform 3.0™ Forum focuses on new and emerging technology trends converging with each other and leading to new business models and system designs. These trends currently include:
- Social networks and social enterprise
- Big data analytics
- Cloud computing
- The Internet of Things (networked sensors and controls)
Other technologies may be taken on board as the Platform develops.
These convergent forces - united by the growing consumerization of technology and the resulting evolution in user behavior - offer the potential to create new business models and system designs. However, they also pose architectural issues and structural considerations that must be addressed for businesses to benefit.
The Open Group Open Platform 3.0™ Forum will advance The Open Group vision of Boundaryless Information Flow™ by helping organizations take advantage of the convergence of these modern technologies.
The Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include Cloud Computing technology in a safe and secure way in their architectures to realize its significant cost, scalability and agility benefits. It includes some of the industry’s leading cloud providers and end-user organizations, collaborating on standard models and frameworks aimed at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services.
The Open Group Cloud Work Group has produced a number of Standards and Guides, including:
- Cloud Computing for Business
- Maximizing the Value of Cloud for Small-Medium Enterprises
- The Open Group Cloud Ecosystem Reference Model
- Cloud Computing Portability and Interoperability
- Cloud Performance Metrics.
Going forward, the group is working on cloud computing aspects of Open Platform 3.0 and on producing a Guide to Cloud Computing Governance.
ARTS has recently announced their Cloud Computing White Paper V1.0. This Cloud Computing for Retail whitepaper offers unbiased guidance for achieving maximum results from this relatively new technology. Version 1.0 represents a significant update to the draft version released in October 2009, specifically providing more examples of cloud computing in retail, as well as additional information on the relationship to Service Oriented Architecture (SOA) and constructing a Private Cloud.
Cloud services represent a significant evolution in the use and provision of digital information services for business effectiveness. Yet as buyers start to look at using these services, it is clear there are a number of barriers to adoption.
The primary objective of TM Forum’s Cloud Services Initiative is to help the industry overcome these barriers and assist in the growth of a vibrant commercial marketplace for cloud based services. The centerpiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers.
TM Forum's Cloud Services Initiative Vision
The TM Forum’s Cloud Services Initiative aims to stimulate growth of a vibrant and open marketplace for cloud services by bringing together the entire eco-system of enterprise customers, cloud service providers and technology suppliers to remove barriers to adoption based on industry standards.
The Cloud Services Initiative delivers:
- An Ecosystem of enterprise customers, cloud service providers and technology suppliers that enable the commercialization of this major business opportunity
- Business guidance including benchmarks and service quality metrics
- Technical agreements – many in collaboration with other industry groups
Barriers to Success
The benefits of cloud computing, and its potential application in so many industry verticals, is creating a dramatic shift in the marketplace with many major suppliers of software and hardware reshaping around a cloud operating model. A lack of requirements from the buy-side of the equation will only lead to a repeat the past—opaque pricing, inconsistent offerings and a lack of alignment with buyer needs.
By organizing and clearly articulating buyers requirements, and then bringing buyers and sellers together to agree required standards, the Enterprise Cloud Leadership Council (ECLC)seeks to accelerate the effective adoption of cloud computing on a global scale. The ECLC is shaping the future of enterprise IT by consolidating the requirements of the world’s largest enterprises within TM Forum and sits at the heart of the Cloud Services Initiative Program.
- To foster an effective and efficient marketplace for cloud compute infrastructure and services across all industry verticals and global geographies;
- Accelerate standardization and commoditization of cloud services, and identifying common commodity processes best consumed as a service;
- Solicit definition for standardized core and industry-specific SKUs for cloud services;
- Achieve transparency of cost, service levels and reporting across the ecosystem;
- Enable benchmarking of services across service providers and geographies;
- Enable vendor measurement against normalized and agreed service level metrics
Future Collaborative Programs
- Defining Service Level Agreements for cloud services
- Database-as-a-Service (DBaaS) reference architecture
- Cloud API requirements
- Business Process & Information Frameworks for Cloud
- Secure Virtual Private Cloud reference architecture
- Standard service definitions/SKUs (taxonomy of services)
- Cloud SDO liaisons
- eTOM & ITIL: how to combine them in a cloud context
- Cloud service provider benchmarking & metrics
- Billing engines; client billing & partner revenue sharing for cloud services
- Common definition of commercial terms (business contract language)
The TM Forum is a not-for-profit Global Industry Association with over 750 Members in 195 Countries, including the world’s largest service providers, enterprise customers, hardware and software companies, SIs and consulting companies. TM Forum is the leading industry association focused on enabling best-in-class IT for service providers in the communications, media and cloud service markets. The Forum provides business-critical industry standards and expertise to enable the creation, delivery and monetization of digital services.
TM Forum brings together communications, cloud, technology and media companies, providing an innovative, industry-leading approach to collaborative R&D, along with wide range of support services including benchmarking, training and certification. The Forum produces the renowned international Management World conference series, as well as thought-leading industry research and publications.
TM Forum’s Frameworx Integrated Business Architecture provides an industry agreed, service oriented approach for rationalizing operational IT, processes, and systems that enables Service Providers to significantly reduce their operational costs and improve business agility.
Service-oriented approaches encourage business agility through re-use, essential in today’s market where service providers need to deliver new services rapidly and increase revenues in the face of changing value chains and technologies.
Frameworx uses standard, reusable, generic blocks—Platforms and Business Services—that can be assembled in unique ways to gain the advantages of standardization while still allowing customization where necessary.
Frameworx defines the mechanism by which the Forum's existing NGOSS standard Framework components are integrated into a comprehensive enterprise IT and process architecture that also embraces major IT industry standards such as ITIL and TOGAF. Its components are:
- Business Process Framework (eTOM) is the industry's common process architecture for both business and functional processes 
- Information Framework (SID) provides a common reference model for Enterprise information that service providers, software providers, and integrators use to describe management information 
- Application Framework (TAM) provides a common language between service providers and their suppliers to describe systems and their functions, as well as a common way of grouping them 
- Integration Framework provides a service oriented integration approach with standardized interfaces and support tools 
As cloud standards emerge, demonstrations of interoperability and portability are important to show the value of standardization. Visit the Demos page to see any plans and add your thoughts.