Welcome to the Cloud Standards Wiki
Consult the User's Guide for information on using the wiki software.
Cloud Standards Coordination
Welcome to the Wiki site for Cloud Standards Coordination. The goal of this wiki is to document the activities of the various SDOs working on Cloud standards. There is a Press Release announcing our formation.
We plan to follow the same process as was used to create the group known as the Standards Development Organization Collaboration on Networked Resources Management (SCRM-WG): SCRM wiki
This includes the development of a Cloud Landscape to overview the various efforts and introduce terms and definitions that allow each standard to be described in common language, and an entry for each standard categorized by organization.
Below are descriptions of each group with pointers to their efforts (each group has provided their own description).
Cloud Standards Overview
The group prepared a presentation that overviews the standards coordination activities we are doing. It includes a draft landscape and some recommendations for central government collaboration cloud standards overview.
Cloud Standards Positioning
A hopefully interesting initiative can be that of editing and sharing a general "cloud computing standardization positioning", in which more relevant cloud standardization intiatives can be seen and related. a first informal proposal of the positioning can be seen at cloud standards positioning. If interested please provide comments in order to improve the picture.
The Cloud Security Alliance was created to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
Covers key issues and provides advice for both Cloud Computing customers and providers within 15 strategic domains.
The Cloud Security Alliance Controls Matrix (CM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
The purpose of Top Threats to Cloud Computing is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.
The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.
The hype around cloud has created a flurry of standards and open source activity leading to market confusion. As important as current standards development efforts are, they are not enough. There is a lack of a customer driven prioritization and focus within the cloud standards development process.
The council will separate the hype from the reality on how to leverage what customers have today and how to use open, standards-based cloud computing to extend their organizations.
The Cloud Standards Customer Council is an end user advocacy group dedicated to accelerating cloud's successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud.
The Council will provide cloud users with the opportunity to drive client requirements into standards development organizations and deliver materials such as best practices and use cases to assist other enterprises.
Cloud Standards Customer Council founding enterprise members include IBM, Kaavo, CA Technologies, Rackspace, Software AG.
More than 100 of the world's leading organizations including Lockheed Martin, Citigroup, State Street and North Carolina State University have already joined the Council.
Free resources available to non-members include the Practical Guide to Cloud Computing, Cloud Computing Use Cases White-paper, and numerous Case Studies; all accessible via the CSCC web page.
CSCC membership is free for qualified end-user organisations. For more details, visit the web page.
OVF has been designated as ANSI INCITS 469 2010
OVF has been designated as ISO/IEC DIS 17203
OVF 2.0 is available as a work in progress draft
This specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.
DMTF’s Open Cloud Standards Incubator focused on standardizing interactions between cloud environments by developing cloud management use cases, architectures and interactions. This work was completed in July 2010. The work has now transitioned to the Cloud Management Working Group.
DSP-IS0101 Cloud Interoperability White Paper V1.0.0
This white paper describes a snapshot of the work being done in the DMTF Open Cloud Standards Incubator, including use cases and reference architecture as they relate to the interfaces between a cloud service provider and a cloud service consumer.
DSP-IS0102 Architecture for Managing Clouds White Paper V1.0.0
This white paper is one of two Phase 2 deliverables from the DMTF Cloud Incubator and describes the reference architecture as it relates to the interfaces between a cloud service provider and a cloud service consumer. The goal of the Incubator is to define a set of architectural semantics that unify the interoperable management of enterprise and cloud computing.
DSP-IS0103 Use Cases and Interactions for Managing Clouds White Paper V1.0.0
This document is one of two documents that together describe how standardized interfaces and data formats can be used to manage clouds. This document focuses on use cases, interactions, and data formats.
The CMWG is developing a set of prescriptive specifications that deliver architectural semantics as well as implementation details to achieve interoperable management of clouds between service requestors/developers and providers. This WG is proposing a resource model that at minimum captures the key artifacts identified in the Use Cases and Interactions for Managing Clouds document produced by the Open Cloud Incubator.
The Cloud Infrastructure Management Interface is available as Work In Progress Drafts:
This document defines a logical model for the management of resources within the Infrastructure as a Service domain. This model was developed to address the use cases outlined in the “Scoping Framework for Cloud Management Models and Protocol Requirements” document.
This document contains scenarios that describe common uses of the CIMI protocol.
This document defines a CIM representation, in MOF, for the Cloud Infrastructure Management Interface [CIMI] logical model.
A cloud provider’s ability to produce and share specific audit event, log and report information on a per-tenant basis is essential. DMTF’s CADF WG will develop open standards for federating cloud audit information, which will instill customers with greater trust in cloud hosted applications. These reports and logs will include information needed to classify and tag events as relevant to particular compliance control domains and frameworks (such as ISO 27002, PCI DSS, COBIT, etc.).
The CADF will develop specifications for federating audit event data including interface definitions and a compatible interaction model that will describe interactions between IT resources for cloud deployment models. The CADF is also working closely with the DMTF Cloud Management Working Group (CMWG) to reference their resource model and interface protocol work.
The goal of ETSI TC CLOUD (previously TC GRID) is to address issues associated with the convergence between IT (Information Technology) and Telecommunications. The focus is on scenarios where connectivity goes beyond the local network. This includes not only Grid computing but also the emerging commercial trend towards Cloud computing which places particular emphasis on ubiquitous network access to scalable computing and storage resources.
Since TC CLOUD has particular interest in interoperable solutions in situations which involve contributions from both the IT and Telecom industries, the emphasis is on the Infrastructure as a Service (IaaS) delivery model. TC GRID focuses on interoperable applications and services based on global standards and the validation tools to support these standards. Evolution towards a coherent and consistent general purpose infrastructure is envisaged. This will support networked IT applications in business, public sector, academic and consumer environments.
NIST is posting its working definition of cloud computing that serves as a foundation for its upcoming publication on the topic (available above). Computer scientists at NIST developed this definition in collaboration with industry and government. It was developed as the foundation for a NIST special publication that will cover cloud architectures, security, and deployment strategies for the federal government.
Three complementary activities, all performed in collaboration with other agencies and standards development organizations:
- NIST inserts existing standards and de-facto interfaces as specifications.
- NIST identifies and validates specifications using use cases.
- Organizations contribute open specifications.
- NIST receives and coordinates the prioritization of specifications, and validates using use cases.
- NIST identifies gaps in cloud standards (and specifications) and publishes the gaps on the portal: produces opportunity for outside organizations to fill them.
A set of twenty five use cases that seek to express selected portability, interoperability and security concerns that cloud users may have.
Open Grid Forum (OGF) is a leading standards development organization operating in the areas of grid, cloud and related forms of advanced distributed computing. The OGF community pursues these topics through an open process for development, creation and promotion of relevant specifications and use cases.
OGF partners and participants throughout the international arena use these standards to champion architectural blueprints related to cloud and grid computing and the associated software development. This work enables the community to pursue the pervasive adoption of advanced distributed computing techniques for business and research worldwide. Organizations throughout the world use the resulting clouds and grids as production distributed architectures built on these features to collaborate in areas as diverse as scientific data processing, drug discovery, cancer research, financial risk analysis, visualization and product design.
The Open Cloud Computing Interface comprises a set of open community-led specifications delivered through the Open Grid Forum. OCCI is a general-purpose set of specifications for cloud-based interactions with resources in a way that is explicitly vendor-independent, platform-neutral and can be extended to solve a broad variety of problems in cloud computing. The OCCI specification set is a product of the Open Grid Forum. OGF is a leading development organization for open standards in the area of distributed networking, computing and storage with an emphasis on technologies for large-scale distributed computing. OGF develops its standards through an open process that gathers input and contributions from the community and refines them through peer review and public comment to produce standards, guidance and information of value to the community through the Grid Final Document (GFD) series.
OCCI provides a protocol and API design components, including a fully-realized ANTLR grammar, for all kinds of cloud management tasks. The work was originally initiated to create a remote management API for IaaS model based services, allowing for the development of interoperable tools for common tasks including deployment, autonomic scaling and monitoring. It has since evolved into a flexible API with a strong focus on integration, portability, interoperability and innovation while still offering a high degree of extensibility. The current release of the Open Cloud Computing Interface is suitable to serve many other models in addition to IaaS, including e.g. PaaS and SaaS.
The current OCCI specification set consist of three documents, with others under preparation in the OGF standards pipeline. Future releases of OCCI may include additional rendering and extension specifications. The documents of the current OCCI specification suite are:
Open Cloud Computing Interface Core Specification
The OCCI Core Model defines a representation of instance types which can be manipulated through an OCCI rendering implementation. It is an abstraction of real-world resources, including the means to identify, classify, associate and extend those resources. Through these core and model features, the Open Cloud Computing Interface provides a boundary protocol and API that acts as a service front-end to a provider’s internal management framework. Service consumers can be both end-users and other system instances. OCCI is suitable for both cases. The key feature is that OCCI can be used as a management API for all kinds of resources while at the same time maintaining a high level of interoperability.
Current status: published as OGF GFD.183, April 7, 2011.
Open Cloud Computing Interface Infrastructure Specification
An OCCI implementation can model and implement an Infrastructure as a Service API offering by utilizing the OCCI Core Model. The OCCI Infrastructure specification contains the definition of the OCCI Infrastructure extension applicable for use in the IaaS domain. Such an API allows for the creation and management of typical resources associated with an IaaS service. These infrastructure types inherit the OCCI Core Model Resource base type and all of its attributes.
Current status: published as OGF GFD.184, April 7, 2011.
Open Cloud Computing Interface HTTP Rendering Specification
OCCI HTTP Rendering defines how to interact with the OCCI Core Model using the RESTful OCCI API. The document defines how the OCCI Core Model can be communicated and thus serialized using the HTTP protocol.
Current status: Public comment period completed; document in final editing prior to OGF Standards Council review.
OMG's focus is always on modeling, and the first specific cloud-related specification efforts have only just begun, focusing on modeling deployment of applications & services on clouds for portability, interoperability & reuse.
The Open Cloud Consortium (OCC)
- Supports the development of standards for cloud computing and frameworks for interoperating between clouds;
- develops benchmarks for cloud computing; and
- supports reference implementations for cloud computing, preferably open source reference implementations.
The OCC has a particular focus in large data clouds. It has developed the MalStone Benchmark for large data clouds and is working on a reference model for large data clouds.
OASIS drives the development, convergence and adoption of open standards for the global information society. The source of many of the foundational standards in use today, OASIS sees Cloud Computing as a natural extension of SOA and network management models. The OASIS technical agenda is set by members, many of whom are deeply committed to building Cloud models, profiles, and extensions on existing standards, including:
- Security, access and identity policy standards -- e.g., OASIS SAML, XACML, SPML, WS-SecurityPolicy, WS-Trust, WS-Federation, KMIP, and ORMS.
- Content, format control and data import/export standards -- e.g., OASIS ODF, DITA, CMIS, and SDD.
- Registry, repository and directory standards -- e.g., OASIS ebXML and UDDI.
- SOA methods and models, network management, service quality and interoperability -- e.g., OASIS SCA, SDO, SOA-RM, and BPEL.
OASIS Cloud-Specific or Extended Technical Committees
The OASIS IDCloud TC works to address the serious security challenges posed by identity management in cloud computing. The TC identifies gaps in existing identity management standards and investigates the need for profiles to achieve interoperability within current standards. It performs risk and threat analyses on collected use cases and produces guidelines for mitigating vulnerabilities.
Cloud computing, in particular, exacerbates the separation between consumer-based business requirements and provider-supplied IT responses. The SAF facilitates knowledge sharing across these domains, allowing consumer and provider to work cooperatively together to ensure adequate capacity, maximize quality of service, and reduce cost.
The goal of the Topology and Orchestration Specification for Cloud Applications (TOSCA) Technical Committe is to substantially enhance the portability of cloud applications and the IT services that comprise them running on complex software and hardware infrastructure.
TOSCA will facilitate this goal by enabling the interoperable description of application and infrastructure cloud services, the relationships between parts of the service, and the operational behavior of these services (e.g., deploy, patch, shutdown) independent of the supplier creating the service, and any particular cloud provider or hosting technology. TOSCA will also enable the association of that higher-level operational behavior with cloud infrastructure management.
This capability will greatly facilitate much higher levels of cloud service/solution portability without lock-in, including:
- Portable deployment to any compliant cloud
- Easier migration of existing applications to the cloud
- Flexible bursting (consumer choice)
- Dynamic multi-cloud provider applications
Ultimately, this will benefit the consumers, developers, and providers of cloud-based solutions and provide an essential foundation for even higher-level TOSCA-based vocabularies that could be focused on specific solutions and domains.
The SNIA has created the Cloud Storage Technical Work Group for the purpose of developing SNIA Architecture related to system implementations of Cloud Storage technology. The Cloud Storage TWG:
- Acts as the primary technical entity for the SNIA to identify, develop, and coordinate systems standards for Cloud Storage.
- Produces a comprehensive set of specifications and drives consistency of interface standards and messages across the various Cloud Storage related efforts.
- Documents system-level requirements and shares these with other Cloud Storage standards organizations under the guidance of the SNIA Technical Council and in cooperation with the SNIA Strategic Alliances Committee
The CDMI specification is now a SNIA Architecture standard and will be submitted to the INCITS organization for ratification as an ANSI and ISO standard as well.
The first working draft release of the Reference Implementation of CDMI is now available for download.
SNIA and OGF have collaborated on a Cloud Storage for Cloud Computing whitepaper. A demo of this architecture has been implemented and shown several times. More information can be found at the Cloud Demo Google Group.
Cloud Data Management Interface (CDMI) now has a working draft reference implementation available. Download and implement: http://snia.org/cloud
The Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include Cloud Computing technology in a safe and secure way in their architectures to realize its significant cost, scalability and agility benefits. It includes some of the industry’s leading cloud providers and end-user organizations, collaborating on standard models and frameworks aimed at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services.
The Open Group Cloud Work Group has established several projects to enhance business understanding, analysis and uptake of Cloud Computing technologies, including:
- Cloud Business Use Cases
- Cloud Business Artefacts
- Cloud Computing Architecture
- Service Oriented Cloud Computing Infrastructure
- Security in the Cloud
Going forward, the group plans to provide a set of tools and templates to support business decisions on Cloud computing, including:
- Cloud Business Use Case Template
- Cloud Taxonomy for Buyers
- Cloud Taxonomy for Sellers
- CC Financial and ROI Templates
- CC Business Adoption Strategies
- Cloud definitions for business
The Business Scenario technique of TOGAF™ can be used to gather and represent customer requirements in order for the supply side to better understand real needs of the customer side. The purpose of the Business Scenario is to gather customer views on the motivations for, and key requirements of, the use of Cloud Computing technologies.
This White Paper presents the initial conclusions from The Open Group on how to build and measure Return on Investment (ROI) from Cloud Computing. It was produced by the Cloud Business Artifacts (CBA) project of The Open Group Cloud Computing Work Group.
ARTS has recently announced their Cloud Computing White Paper V1.0. This Cloud Computing for Retail whitepaper offers unbiased guidance for achieving maximum results from this relatively new technology. Version 1.0 represents a significant update to the draft version released in October 2009, specifically providing more examples of cloud computing in retail, as well as additional information on the relationship to Service Oriented Architecture (SOA) and constructing a Private Cloud.
Cloud services represent a significant evolution in the use and provision of digital information services for business effectiveness. Yet as buyers start to look at using these services, it is clear there are a number of barriers to adoption.
The primary objective of TM Forum’s Cloud Services Initiative is to help the industry overcome these barriers and assist in the growth of a vibrant commercial marketplace for cloud based services. The centerpiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers.
TM Forum's Cloud Services Initiative Vision
The TM Forum’s Cloud Services Initiative aims to stimulate growth of a vibrant and open marketplace for cloud services by bringing together the entire eco-system of enterprise customers, cloud service providers and technology suppliers to remove barriers to adoption based on industry standards.
The Cloud Services Initiative delivers:
- An Ecosystem of enterprise customers, cloud service providers and technology suppliers that enable the commercialization of this major business opportunity
- Business guidance including benchmarks and service quality metrics
- Technical agreements – many in collaboration with other industry groups
Barriers to Success
The benefits of cloud computing, and its potential application in so many industry verticals, is creating a dramatic shift in the marketplace with many major suppliers of software and hardware reshaping around a cloud operating model. A lack of requirements from the buy-side of the equation will only lead to a repeat the past—opaque pricing, inconsistent offerings and a lack of alignment with buyer needs.
By organizing and clearly articulating buyers requirements, and then bringing buyers and sellers together to agree required standards, the Enterprise Cloud Leadership Council (ECLC)seeks to accelerate the effective adoption of cloud computing on a global scale. The ECLC is shaping the future of enterprise IT by consolidating the requirements of the world’s largest enterprises within TM Forum and sits at the heart of the Cloud Services Initiative Program.
- To foster an effective and efficient marketplace for cloud compute infrastructure and services across all industry verticals and global geographies;
- Accelerate standardization and commoditization of cloud services, and identifying common commodity processes best consumed as a service;
- Solicit definition for standardized core and industry-specific SKUs for cloud services;
- Achieve transparency of cost, service levels and reporting across the ecosystem;
- Enable benchmarking of services across service providers and geographies;
- Enable vendor measurement against normalized and agreed service level metrics
Future Collaborative Programs
- Defining Service Level Agreements for cloud services
- Database-as-a-Service (DBaaS) reference architecture
- Cloud API requirements
- Business Process & Information Frameworks for Cloud
- Secure Virtual Private Cloud reference architecture
- Standard service definitions/SKUs (taxonomy of services)
- Cloud SDO liaisons
- eTOM & ITIL: how to combine them in a cloud context
- Cloud service provider benchmarking & metrics
- Billing engines; client billing & partner revenue sharing for cloud services
- Common definition of commercial terms (business contract language)
The TM Forum is a not-for-profit Global Industry Association with over 750 Members in 195 Countries, including the world’s largest service providers, enterprise customers, hardware and software companies, SIs and consulting companies. TM Forum is the leading industry association focused on enabling best-in-class IT for service providers in the communications, media and cloud service markets. The Forum provides business-critical industry standards and expertise to enable the creation, delivery and monetization of digital services.
TM Forum brings together communications, cloud, technology and media companies, providing an innovative, industry-leading approach to collaborative R&D, along with wide range of support services including benchmarking, training and certification. The Forum produces the renowned international Management World conference series, as well as thought-leading industry research and publications.
TM Forum’s Frameworx Integrated Business Architecture provides an industry agreed, service oriented approach for rationalizing operational IT, processes, and systems that enables Service Providers to significantly reduce their operational costs and improve business agility.
Service-oriented approaches encourage business agility through re-use, essential in today’s market where service providers need to deliver new services rapidly and increase revenues in the face of changing value chains and technologies.
Frameworx uses standard, reusable, generic blocks—Platforms and Business Services—that can be assembled in unique ways to gain the advantages of standardization while still allowing customization where necessary.
Frameworx defines the mechanism by which the Forum's existing NGOSS standard Framework components are integrated into a comprehensive enterprise IT and process architecture that also embraces major IT industry standards such as ITIL and TOGAF. Its components are:
- Business Process Framework (eTOM) is the industry's common process architecture for both business and functional processes 
- Information Framework (SID) provides a common reference model for Enterprise information that service providers, software providers, and integrators use to describe management information 
- Application Framework (TAM) provides a common language between service providers and their suppliers to describe systems and their functions, as well as a common way of grouping them 
- Integration Framework provides a service oriented integration approach with standardized interfaces and support tools 
As cloud standards emerge, demonstrations of interoperability and portability are important to show the value of standardization. Visit the Demos page to see any plans and add your thoughts.