clouds B. Khasnabish Internet-Draft ZTE USA Intended status: Standards Track C. JunSheng Expires: January 2, 2012 ZTE July 1, 2011 Cloud SDO Activities Survey and Analysis draft-khasnabish-cloud-sdo-survey-01.txt Abstract The objective of this draft is to present a snapshot of industry standards activities related to cloud computing, networking and services including relevant features and functions. This document is a survey of current activities of cloud standards development organizations (SDOs). At the end of this survey a section on gap analysis is also presented. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 2, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Khasnabish & JunSheng Expires January 2, 2012 [Page 1] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Survey of other SDOs . . . . . . . . . . . . . . . . . . . . . 6 3.1. ARTS (The Association for Retail Technology Standards) . . 6 3.2. ATIS (Alliance for Telecommunications Industry Solutions). . . . . . . . . . . . . . . . . . . . . . . . 6 3.2.1. ATIS SON (Service Oriented Networks) Forum. . . . . . 7 3.2.2. ATIS CSF (Cloud Services Forum). . . . . . . . . . . . 8 3.3. CCF (Cloud Computing Forum, Korea). . . . . . . . . . . . 11 3.4. CCIF (Cloud Computing Interoperability Forum). . . . . . . 12 3.5. CloudAudit . . . . . . . . . . . . . . . . . . . . . . . . 13 3.6. CCSA - Clouds . . . . . . . . . . . . . . . . . . . . . . 14 3.7. Cloud Computing Use Cases Group . . . . . . . . . . . . . 14 3.8. China Institute of Electronics. . . . . . . . . . . . . . 15 3.9. Cloud Operations and Security, Japan. . . . . . . . . . . 15 3.10. CSA (Cloud Security Alliance) . . . . . . . . . . . . . . 16 3.11. CSA/TCI (Cloud Security Alliance / Trusted Cloud Initiative) . . . . . . . . . . . . . . . . . . . . . . . 17 3.12. DMTF (Distributed Management Task Force) . . . . . . . . . 17 3.13. DMTF VMAN Initiative (DMTF Virtualization Management Initiative) . . . . . . . . . . . . . . . . . . . . . . . 19 3.14. ENISA(European Network and Information Security Agency) . 20 3.15. ETSI STF 331 (Specialist Task Force on ICT GRID Technologies Interoperability and Standardization) . . . . 20 3.16. ETSI TC GRID (Technical Committee Grid) . . . . . . . . . 21 3.17. GICTF (Global Inter-Cloud Technology Forum, Japan) . . . . 22 3.18. IEEE SA (Standards Association) . . . . . . . . . . . . . 23 3.19. IETF/APP Decade . . . . . . . . . . . . . . . . . . . . . 24 3.20. IETF/TSV/nfsv4 . . . . . . . . . . . . . . . . . . . . . . 26 3.21. IETF/OPS/netconf . . . . . . . . . . . . . . . . . . . . . 28 Khasnabish & JunSheng Expires January 2, 2012 [Page 2] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.22. IRTF/P2PRG . . . . . . . . . . . . . . . . . . . . . . . . 29 3.23. IRTF/VNRG . . . . . . . . . . . . . . . . . . . . . . . . 29 3.24. ISO/IEC JTC1 SC38 SGCC . . . . . . . . . . . . . . . . . . 30 3.25. ITU-T FG Cloud (Focus Group Cloud Computing) . . . . . . . 31 3.26. KCSA (Korea Cloud Service Association) . . . . . . . . . . 33 3.27. Liberty Alliance / Kantara Initiative . . . . . . . . . . 33 3.28. NCOIC (Network Centric Operations Industry Consortium) . . 34 3.29. NIST . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.30. OASIS . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.31. OCC . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.32. OGF / OCCI . . . . . . . . . . . . . . . . . . . . . . . . 38 3.33. OMA(Open Mobile Alliance) . . . . . . . . . . . . . . . . 41 3.34. OMG(Object Management Group) . . . . . . . . . . . . . . . 42 3.35. OCM (Open Cloud Manifesto) . . . . . . . . . . . . . . . . 43 3.36. OGC WG (Open Group Cloud Work Group) . . . . . . . . . . . 44 3.37. SNIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.38. Study group on Smart Cloud, Japan . . . . . . . . . . . . 46 3.39. TM Forum . . . . . . . . . . . . . . . . . . . . . . . . . 47 4. Summary and Analysis . . . . . . . . . . . . . . . . . . . . . 49 5. Security Considerations . . . . . . . . . . . . . . . . . . . 50 6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 51 7. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 52 8. Appendix A: Cloud Standards WiKi. . . . . . . . . . . . . . . 53 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 10. Normative references . . . . . . . . . . . . . . . . . . . . . 55 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 56 Khasnabish & JunSheng Expires January 2, 2012 [Page 3] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 1. Introduction This draft presents a survey of the SDOs related to cloud activities. By conducting a comprehensive survey, gaps and overlaps in cloud standards can be determined. This will allow us to determine the IETF work that would be required to address the gaps. Once these IETF work have been completed, seamless interoperability of cloud services can be realized. Khasnabish & JunSheng Expires January 2, 2012 [Page 4] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 2. Terminology Cloud-based systems are conveniently-connected modular blocks of resources o Both physical and virtual modularizations of resources are possible o For this discussion, the resources include computing (CPU), communications (network), memory, storage, management, database, software, applications, services, interconnectivity, etc. o The objective is to make the resources available ubiquitously for mission-specific applications and services. These resources are used to support the ultimate level of privacy/security, scalability and reliability cost-effectively and without the headache of owning and maintaining the infrastructure. Clouds Discussion Archive: http://www.ietf.org/mail-archive/web/clouds/current/maillist.html NIST definition: http://csrc.nist.gov/groups/SNS/cloud-computing/ Service over Cloud o Utilize (stitch, weave, embroider, ...) the virtualized resources from cloud to provision, create, deliver, and maintain an End-to- End Service o Use the service only when you Need it o Pay only for the time duration and type of use of service (include the costs for resources used) Khasnabish & JunSheng Expires January 2, 2012 [Page 5] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3. Survey of other SDOs 3.1. ARTS (The Association for Retail Technology Standards) The ARTS is dedicated to creating an open environment where both retailers and technology vendors work together to create international retail technology standards and to reduce the costs of the technology. Recently, this group also started looking at researching cloud computing and developing white papers to address cloud issues. Cloud Computing team starts work on a "mini RFP(Request for Proposal)" to help retailers evaluate cloud strategies and solutions. ARTS is a separate council within the NRF(National Retail Federation) governed by a council of retailers and technology solution providers. ARTS has four standards/Committees: o UnifiedPOS - Committee Chair Paul Gay, Epson o Data Model - Committee Chair Lynn Myers, Lowe's Companies o ARTS XML - Committee Chair Tim Hood, SAP o Standard RFPs - Committee Chair Ann McCool ARTS Cloud Computing for Retail White Paper, Best Practices Documents. This Cloud Computing for Retail whitepaper offers unbiased guidance for achieving maximum results from this relatively new technology. Version 1.0 represents a significant update to the draft version released in October 2009, specifically providing more examples of cloud computing in retail, as well as additional information on the relationship to Service Oriented Architecture (SOA) and constructing a Private Cloud. Website:http://www.nrf-arts.org/ Status: Active. Partnership/Coordination: NRF. Language: English. 3.2. ATIS (Alliance for Telecommunications Industry Solutions). ATIS prioritizes the industry's most pressing, technical and operational issues, and creates interoperable, implementable, end to end solutions -- standards when the industry needs them and where they need them. Khasnabish & JunSheng Expires January 2, 2012 [Page 6] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Over 600 industry professionals from more than 250 communications companies actively participate in ATIS committees and incubator solutions programs. ATIS develops standards and solutions addressing a wide range of industry issues in a manner that allocates and coordinates industry resources and produces the greatest return for communications companies. ATIS is accredited by the American National Standards Institute (ANSI). 3.2.1. ATIS SON (Service Oriented Networks) Forum. The SON Forum is addressing work to enable the interoperability and implementation of Service Oriented Network (SON) applications and services by developing standards, providing coordination for the development of standards and practices, and facilitating related technical activities. This forum is placing an emphasis on telecommunications industry needs in collaboration with regional and international standards development programs in the telecommunications, IT and Web industries. ATIS has three Working Areas: o WORK AREA1:Policy and Data Models Work Area (PDM) o WORK AREA2:OSS/BSS and Virtualization Work Area (OBV) o WORK AREA3:Service Delivery Creation and Enablers Work Area (SDCE) SON Forum Chair: Andrew White, Qwest Son Forum Vice Chair:Gary Munson, AT&T Website:http://www.atis.org/SON/index.asp Status: Inactive (The activities have been transferred to ATIS CSF; please see section 3.2.2 for details). Partnership/Coordination: o ANSI o 3GPP(TBC) Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 7] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.2.2. ATIS CSF (Cloud Services Forum). The ATIS Board recently approved the launch of the Cloud Services Forum (CSF). The Forum will focus, among other things, on the operators' provision of cloud services, and develop a framework to ensure integration of the network and IT. It will account for basic APIs in the control plane layer of the network rather than as a service on the network, define a minimum set of APIs to expose between service providers, and define interoperability, security, and standardization, among other things, between service provider clouds. Drawing upon business use cases that leverage Cloud Services' potential, the Forum will address industry priorities and develop implementable solutions for the evolving Cloud marketplace. Ultimately, the CSF will work to see that Cloud capabilities are quickly operationalized and operators are able to offer managed services. Initial CSF objectives that are being discussed include: o Cloud Service Framework for CDN; o Developing a framework to ensure the integration of the network and IT; o Ascertaining basic APIs in the control plane layer of the network; o Using industry input to define a minimum set of APIs to expose between service providers; and o Utilizing control plane layer interfaces to allow for a greater network role. Cloud Services Forum Issues: o Common Product Data Catalog Repository Doc: http://www.atis.org/cloud/_Com/Docs/issue001.doc. Status: Active. o Common Service Enabler Description Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Final Closure. Khasnabish & JunSheng Expires January 2, 2012 [Page 8] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Consistency of 3rd Party Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Final Closure. o Standardization of WS-* Specifications Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Common Policy Reference Model, Syntax, and Semantics Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Common Data Model Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Common Name Space Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Packaging of OSS/BSS Components as Service Enablers Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o IT Infrastructure Virtualization Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Guidelines for COTS/Third-Party Software Installation in a Cloud Environment Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Khasnabish & JunSheng Expires January 2, 2012 [Page 9] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Status: Active. o Cloud Service Framework for CDN Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud-Based Inter-Provider Telepresence: Access Agnostic End to end service flow (Service Architecture Document): In considering Telepresence and VPNs Service Definitions Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud Services Network-Network Interconnect Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Charging for Cloud Services Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud Service Logging and Auditing Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud Services Control Plane Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud Services Checklist Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. Khasnabish & JunSheng Expires January 2, 2012 [Page 10] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Cloud Services Virtual Desktop Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud Services Reference Framework Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. o Cloud Services Glossary and Acronyms Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Active. CSF Interim Chair: Andrew White, NSN CSF Interim Vice Chair:Gary Munson, AT&T Website:http://www.atis.org/cloud/index.asp Status: Active. Partnership/Coordination: o ANSI o 3GPP(TBC) Language: English. 3.3. CCF (Cloud Computing Forum, Korea). Main mission of CCF: o Constitute National level CC Forum o Provide CC technology development and standardization activity o Sharing CC technology information o Study on CC adaptation method into Public sectors o Support international standardization activity of CC Khasnabish & JunSheng Expires January 2, 2012 [Page 11] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Develop CC related Law and policy CCF has six Working Groups: o Group 1: Policy and Certification o Group 2: CC Technology Framework o Group 3: Media Cloud o Group 4: Storage Cloud o Group 5: CC Technology for Green IDC o Group 6: Mobile Cloud Chair: Mr. Son seung-won Website:http://www.ccsf-kr.org/ Status: Active. Partnership/Coordination: Not known. Language: Korean, with some titles in English. 3.4. CCIF (Cloud Computing Interoperability Forum). Goals The CCIF was formed in order to enable a global cloud computing ecosystem whereby organizations are able to seamlessly work together for the purposes for wider industry adoption of cloud computing technology and related services. A key focus will be placed on the creation of a common agreed upon framework / ontology that enables the ability of two or more cloud platforms to exchange information in an unified manor. Mission CCIF is an open, vendor neutral, open community of technology advocates, and consumers dedicated to driving the rapid adoption of global cloud computing services. CCIF shall accomplish this by working through the use open forums (physical and virtual) focused on building community consensus, exploring emerging trends, and advocating best practices / reference architectures for the purposes of standardized cloud computing. Khasnabish & JunSheng Expires January 2, 2012 [Page 12] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Note: CCIF is INACTIVE now. CCIF comes up with a unified cloud interface (a.k.a. cloud broker) whose features are as follows: unify various cloud APIs and abstract it behind an open and standardized cloud interface, that is, create an API about other APIs. Proposed a UCI architecture. CCIF has two Working Groups: o Standard and Interoperability Working Group o Unified Cloud Interface Working Group Chair: Mr. Reuven Cohen (Enomaly Inc.) Website:http://www.cloudforum.org/ Status: Inactive. Partnership/Coordination: Not known. Language: English. 3.5. CloudAudit The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology. Automated Audit, Assertion, Assessment, and Assurance API (A6 Working Group), officially launched in January 2010. Chair: Mr. Christofer Hoff Website:http://www.cloudaudit.org/ Status: Active. Partnership/Coordination: Not known. Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 13] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.6. CCSA - Clouds CCSA only follows up and evaluates the influence of cloud computing on telecommunication network. The main focus of CCSA is on Cloud Computing in Mobile Internet, Cloud Computing with P2P technology, Resource Virtualization Application Mode and Operation Requirement, etc. CCSA has two Clouds related Working Groups: o TC2 WG1 o TC1 WG4 Website:http://www.ccsa.org.cn/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.7. Cloud Computing Use Cases Group The goal of this group is to bring together cloud consumers and cloud vendors to define common use cases for cloud computing. The use cases will demonstrate the performance and economic benefits of cloud computing, and will be based on the needs of the widest possible range of consumers. The ToC of the latest version (V3) of the white paper includes o Definitions and Taxonomy o Use Case Scenarios o Customer Scenarios o Developer Requirements o Security Scenarios o Security Use Case Scenarios Website:http://groups.google.com/group/cloud-computing-use-cases Status: Active. Khasnabish & JunSheng Expires January 2, 2012 [Page 14] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Partnership/Coordination: OCM. Language: English. 3.8. China Institute of Electronics. The goal of the CIA is to solve the emerged problems with the rapid development of Cloud Computing, follows up the latest development of technologies related to Cloud Computing, strengthen communication and cooperation in the domain of Cloud Computing, prompt the research and application on the technology of Cloud Computing, and draw up industry specification on Cloud Computing. Clouds related Group: Cloud Computing Experts Association. Chair: Mr. Li Deyi Website:http://www.ciecloud.org/ Status: Active. Partnership/Coordination: OCM. Language: Chinese, with some titles in English. 3.9. Cloud Operations and Security, Japan. Information Security Awareness Campaign to be jointly launched by the public and private sectors. The Ministry of Economy, Trade and Industry (METI), Symantec Corporation, Trend Micro Incorporated, McAfee, Inc., and the Information-Technology Promotion Agency, Japan, will jointly launch the campaign to strengthen information security measures. As information technology (IT) penetrates further into people's lives and socio-economic activities, Internet users face higher risks of becoming victims of computer viruses, unauthorized access or other security breaches. This campaign is aimed at preventing such risks and increase people's awareness and knowledge of precautions for the safe use of IT. Website:http://www.meti.go.jp/english Status: Active. Partnership/Coordination: Not known. Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 15] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.10. CSA (Cloud Security Alliance) The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. The CSA is mainly focus on: o Promoting a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance. o Promoting independent research into best practices for cloud computing security. o Launching awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions. o Creating consensus lists of issues and guidance for cloud security assurance. 8 Working Groups: o Group 1: Architecture and Framework o Group 2: Governance, Risk Management, Compliance, Audit, Physical, BCM, DR o Group 3: Legal and eDiscovery o Group 4: Portability & Interoperability and Application Security o Group 5: Identity and Access Mgt, Encryption & Key Mgt o Group 6: Data Center Operations and Incident Response o Group 7: Information Lifecycle Management & Storage o Group 8: Virtualization and Technology Compartmentalization Chair: Mr. Jim Reavis (Executive Director), Mr. Christofer Hoff (Technical Director) Website:http://www.cloudsecurityalliance.org/ Status: Active. Khasnabish & JunSheng Expires January 2, 2012 [Page 16] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Partnership/Coordination: Not known. Language: English. 3.11. CSA/TCI (Cloud Security Alliance / Trusted Cloud Initiative) The Trusted Cloud Initiative will help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. We well develop reference models, education, certification criteria and a cloud provider self-certification toolset in 2010. The TCI hopes to publish the industry's first cloud security certification by the end of 2010. Chair: Mr. Liam Lynch (eBay), Mr. Nick Nikols (Novell) Website:http://www.trusted-cloud.com/ Status: Active. Partnership/Coordination: CSA(TBC). Language: English. 3.12. DMTF (Distributed Management Task Force) DMTF's Open Cloud Standards Incubator will focus on standardizing interactions between cloud environments by developing cloud resource management protocols, packaging formats and security mechanisms to facilitate interoperability. Using the recommendations developed by DMTF's Open Cloud Standards Incubator, the Cloud Managenment Working Group (CMWG) is focused on standardizing interactions between cloud environments by developing specifications that deliver architectural semantics and implementation details to achieve interoperable cloud management between service prociders and their consumers and developers. A DMTF partner initiative, SMI is a Storage Networking Industry Association (SNIA) initiative to standardize interoperable storage management technologies, based on the rich foundation provided by the DMTF's CIM and WBEM specifications. The Open Cloud Standards Incubator addresses the following aspects of the lifecycle of a cloud service: Khasnabish & JunSheng Expires January 2, 2012 [Page 17] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o description of the cloud service in a template o deployment of the cloud service into a cloud o offering of the service to consumers o consumer entrance into contracts for the offering o provider operation and management of instances of the service o removal of the service offering The most recent version of DSP4003 v1.3.0 (the Alliance Partner Work Register Process document) approved by the DMTF board of directors on June 8th, 2006 defines how an alliance partner work register is created and the sequence of steps that are required before a work register is approved and the alliance partnership is established. Chair: Mr. Vinston Bumpus (President, DMTF) Website:http://www.dmtf.org/about/cloud-incubator/ Status: Active. Partnership/Coordination: o CSA o CompTIA(Computing Technology Industry Association ) o ECMA(Ecma International) o OGF(Open Grid Forum) o TGG(The Green Grid) o TOG(The Open Group) o OMG(Object Management Group) o PWG(Printer Working Group) o SNIA o TMF(TeleManagement Forum) o TCG(Trusted Computing Group) Khasnabish & JunSheng Expires January 2, 2012 [Page 18] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o UEFI(Unified Extensible Firmware Interface) Language: English. 3.13. DMTF VMAN Initiative (DMTF Virtualization Management Initiative) DMTF's Virtualization Management Initiative (VMAN) includes a set of specifications that address the management lifecycle of a virtual environment. VMAN's OVF (Open Virtualization Format) specification provides a standard format for packaging and describing virtual machines and applications for deployment across heterogeneous virtualization platforms. VMAN's profiles standardize many aspects of the operational management of a heterogeneous virtualized environment. OVF is a common packaging format for independent software vendors (ISVs) to package and securely distribute virtual appliances, enabling cross-platform portability. By packaging virtual appliances in OVF, ISVs can create a single, pre-packaged appliance that can run on customers' virtualization platforms of choice. The key properties of the format are as follows: o Optimized for distribution o Optimized for a simple, automated user experience o Supports both single VM and multiple o Portable VM packaging o Vendor and platform independent o Extensible - OVF is immediately useful - and extensible o Localizable - OVF supports user-visible descriptions in multiple locales Chair: Mr. Vinston Bumpus (President, DMTF) Website:http://www.dmtf.org/initiatives/vman_nitiative/ Status: Active. Partnership/Coordination: DMTF. Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 19] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.14. ENISA(European Network and Information Security Agency) ENISA is carrying out a risk assessment of cloud computing with input from 30 experts from major companies and academic institutions. The paper should provide an assessment of key risks and their mitigation strategies in cloud computing. ENISA Cloud Computing Risk Assessment ENISA is carrying out a risk assessment of cloud computing with input from 30 experts from major companies and academic institutions. The paper should provide an assessment of key risks and their mitigation strategies in cloud computing which will allow: o European Policymakers to decide on research policy (to develop technologies to mitigate risks) o European Policymakers to decide on appropriate policy and economic incentives, legislative measures, awareness-raising initiatives etc... vis-a-vis cloud-computing technologies. o Business leaders to evaluate the risks of adopting such technologies and possible mitigation strategies. Individuals/ citizens to evaluate the cost/benefit of ----using the consumer version of such applications. Executive Director, Dr Udo Helmbrecht Website:http://www.enisa.europa.eu/ Status: Active. Partnership/Coordination: EP3R(European Public-Private Partnership for Resilience, http://ec.europa.eu/information_society/policy/nis/ strategy/activities/ciip/impl_activities/index_en.htm ) Language: English. 3.15. ETSI STF 331 (Specialist Task Force on ICT GRID Technologies Interoperability and Standardization) The Specialist Task Force (STF) addressed, in general, IT-Telecom (Information Technology and Telecommunications) convergence and, in particular, the lack of interoperable GRID solutions built by IT in conjunction with the Telecom industry. At the request of TC GRID, this scope was extended to include "cloud computing". White paper: Khasnabish & JunSheng Expires January 2, 2012 [Page 20] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Grid and Cloud Computing Technology: Interoperability and Standardization for the Telecommunications Industry, 2009. Technical Report: o ETSI TR 102 659-1 Study of ICT GRID interoperability gaps; Part 1: Inventory of ICT Stakeholders V1.2.1, 2009-10 o ETSI TR 102 659-2 Study of ICT GRID interoperability gaps; Part 2: List of identified Gaps V1.2.1, 2009-10 o ETSI TR 102 766 ICT GRID Interoperability Testing Framework and survey of existing ICT Grid interoperability solutions V1.1.1, 2009-10 Technical Specification: o TSI TS 102 786 ICT GRID Interoperability Testing Framework V1.1.1, 2009-10 Chair: Mr. Geoffrey Caryer (STF 331 team leader) Website:http://portal.etsi.org/STFs/STF_HomePages/STF331/STF331.asp Status: Active. Partnership/Coordination: ETSI Language: English. 3.16. ETSI TC GRID (Technical Committee Grid) Responsible for producing test specifications and standards to integrate the use of telecommunications infrastructures in networked computing, including both Grid computing and Cloud computing. ETSI's Grid Technical Committee (TC GRID) is addressing issues associated with the convergence of Information Technology (IT) and telecommunications, paying particular attention to scenarios where connectivity goes beyond the local network. This includes not only Grid computing but also the emerging commercial trend towards Cloud computing which places particular emphasis on ubiquitous network access to scalable computing and storage resources. The vision is to evolve towards a coherent and consistent general purpose infrastructure, made up of interoperable elements ranging from small devices up to supercomputers, connected by global networks and capable of supporting communities ranging from individuals to whole industries, and with applications in business, public sector, Khasnabish & JunSheng Expires January 2, 2012 [Page 21] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 academic and consumer environments. Note: TC GRID will be renamed to TC Cloud shortly and start work on standardization requirements for cloud services (ETSI TR 102 997) Chair: Mr. Michael Fisher (BT Group Plc) Website:http://portal.etsi.org/portal/server.pt/community/GRID/310 Status: Initiating TC Cloud. Partnership/Coordination: o ETSI TC TISPAN o ETSI TC MTS o ETSI CTI (Centre for Testing & Interoperability) o ETSI Plugtests Events o ITU-T o Open Grid Forum, with which a Memorandum of Understanding has been signed o European Commission DG INFSO, DG ENTR o NESSI European Technology Platform Language: English. 3.17. GICTF (Global Inter-Cloud Technology Forum, Japan) GICTF aims to promote standardization of network protocols and the interfaces through which cloud systems interwork with each other, and to enable the provision of more reliable cloud services than those available today. Main activities and goals o Promote the development and standardization of technologies to use cloud systems; o Propose standard interfaces that allow cloud systems to interwork with each other; Khasnabish & JunSheng Expires January 2, 2012 [Page 22] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Collect and disseminate proposals and requests regarding organization of technical exchange meetings and training courses; o Establish liaison with counterparts in the U.S. and Europe, and promote exchange with relevant R&D teams. Working Group o General Assembly o Board of Directors o Technology Task Force o Application Task Force Chair: Prof. Tomonori Aoyama (Keio Univ.) Website:http://www.gictf.jp/index_e.html Status: Active. Partnership/Coordination: Not known Language: English. 3.18. IEEE SA (Standards Association) CLOUD 2009 is created to provide a prime international forum for both researchers and industry practitioners to exchange the latest fundamental advances in the state of the art and practice of Cloud Computing, identify emerging research topics, and define the future of Cloud Computing. http://www.thecloudcomputing.org/2009/2/ CLOUD 2010 tries to attract researchers, practitioners, and industry business leaders in all the following areas to help define and shape cloud computing, and its related modernization strategy and directions of the services industry. http://www.thecloudcomputing.org/2010/ IEEE SA collaborated with CSA in a cloud security standards survey, and in some events related to cloud standards. A number of existing IEEE standards is indirectly linked to cloud computing. Cloud Security Alliance and IEEE Join Forces to Identify Cloud Security Standards Requirements For IT Practitioners General Chairs: Stephen S. Yau, Arizona State University, USA. Liang-Jie Zhang, IBM T.J. Watson Research, USA Khasnabish & JunSheng Expires January 2, 2012 [Page 23] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Program Chairs: Wu Chou, Avaya Labs Research, Avaya, USA. Adrezej M Goscinski, Deakin University, Australia. Application and Industry Track Chairs: Claudio Bartolini, HP Labs, USA. Min Luo, IBM Software Group, USA Website:http://standards.ieee.org/ Status: Active. Partnership/Coordination: CSA Language: English. 3.19. IETF/APP Decade The Working Group (WG) will have three primary tasks. First, the WG will identify target applications to appropriately scope the problem and requirements. P2P applications are the primary target, but suitability to other applications with similar requirements may be considered depending on additional complexity required to support such applications. Second, the WG will identify the requirements to enable target applications to utilize in-network storage. Requirements will include the ability for an application to (1) store, retrieve, and manage data, (2) indicate access control policies for storing and retrieving data suitable to an environment with users across multiple administrative and security domains (e.g., in a P2P environment), and (3) indicate resource control policies for storing and retrieving data. Third, the WG will develop an architecture within which the DECADE protocol can be specified. This architecture will identify DECADE's relationship to existing IETF protocols and where (if any) new protocol is needed or extensions to existing protocols need to be made. The architecture will not specify a protocol or extension; if development of a new protocol is needed, the WG will seek to recharter for this purpose or might ask an existing WG to work on such extensions. The architecture will not specify a protocol or extension; if development of a new protocol is needed, the WG will seek to recharter for this purpose or might ask an existing WG to work on such extensions. Khasnabish & JunSheng Expires January 2, 2012 [Page 24] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 The WG will focus on the following work items: o A "problem statement" document. This document provides a description of the problem and common terminology. o A requirements document. This document lists the requirements for the in-network storage service (e.g., supported operations) and the protocol to support it. The service will include storing, retrieving, and managing data as well as specifying both access control and resource control policies in the in-network storage pertaining to that data. o A survey document. This document will survey existing related mechanisms and protocols (e.g., HTTP, NFS, and WebDAV), and evaluate their applicability to DECADE. o An architecture document. This document will identify DECADE's relationship with existing IETF protocols. Existing protocols will be used wherever possible and appropriate to support DECADE's requirements. In particular, data storage, retrieval, and management may be provided by an existing IETF protocols. The WG will not limit itself to a single data transport protocol since different protocols may have varying implementation costs and performance tradeoffs. However, to keep interoperability manageable, a small number of specific, targeted, data transport protocols will be identified and used. If new protocol development is deemed necessary, the WG will be rechartered. It is not expected that all work items will be ready for IESG review by that point, but WG consensus must show that documents directing eventual protocol development (Requirements and Architecture document) have stabilized. This permits adjustments to such documents as necessary to maintain consistency as protocol development is done. The following issues are considered out-of-scope for the WG: o Specification of policies regarding copyright-protected or illegal content. o Locating the "best" in-network storage location from which to retrieve content if there are more than one location can provide the same content. o Developing a new protocol for data transport between P2P applications and in-network storage. Chairs: Richard Woundy(Richard_Woundy@cable.comcast.com), Haibin Khasnabish & JunSheng Expires January 2, 2012 [Page 25] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Song(melodysong@huawei.com). Area Director: Alexey Melnikov(alexey.melnikov@isode.com). Website:https://datatracker.ietf.org/wg/decade/ Status: Active. Partnership/Coordination: o IRTF o IASA/IAOC/Trust IANA Language: English. 3.20. IETF/TSV/nfsv4 NFS Version 4 is the IETF standard for file sharing. To maintain NFS Version 4's utility and currency, the working group is chartered to: o maintain the existing NFSv4, NFSv4.1 and related specifications, such as RPC and XDR, o progress these specifications along the standards track, o develop a protocol to create a federated namespace using NFSv4's existing referral mechanisms. Goals and Milestones: o Done - Issue strawman Internet-Draft for v4 o Done - Submit Initial Internet-Draft of requirements document o Done - Submit Final Internet-Draft of requirements document o Done - AD reassesses WG charter o Done - Submit v4 Internet-Draft sufficient to begin prototype implementations o Done - Begin Interoperability testing of prototype implementations o Done - Submit NFS version 4 to IESG for consideration as a Proposed Standard. Khasnabish & JunSheng Expires January 2, 2012 [Page 26] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Done - Conduct final Interoperability tests o Done - Conduct full Interoperability tests for all NFSv4 features o Done - Update API advancement draft o Done - Form core design team to work on NFS V4 migration/ replication requirements and protocol o Done - Submit revised NFS Version 4 specification (revision to RFC 3010) to IESG for consideration as a Proposed Standard o Done - Strawman NFS V4 replication/migration protocol proposal submitted as an ID o Done - WG Last Call for RPC and NFS RDMA drafts o Done - WG Last Call for rfc1831bis (RPC version 2) o Done - WG Last Call for NFSv4.1 Object-based layout o Done - WG Last Call for NFSv4 minor version 1 o Done - WG Last Call for NFSv4.1 block/volume layout o Done - Submit NFS Minor Version 1 to IESG for publication as a Proposed Standard o Done - Submit Object-based pNFS Operations to IESG for publication as a Proposed Standard o Done - Submit pNFS Block/Volume Layout to IESG for publication as a Proposed Standard o May 2009 - WG Last Call for Requirements for Federated File Systems draft-ietf-nfsv4-federated-fs-reqts-01 o Sep 2009 - WG Last Call for rfc3530bis (NFS version 4) o Oct 2009 - WG Last Call for Administration Protocol for Federated Filesystems draft-ietf-nfsv4-federated-fs-admin-00.txt o Oct 2009 - WG Last Call for NSDB Protocol for Federated Filesystems draft-ietf-nfsv4-federated-fs-protocol-00.txtwith IPv6. Additionally, it will create an IANA registry for RPC program numbers and seed it with a registry Sun has been maintaining. Khasnabish & JunSheng Expires January 2, 2012 [Page 27] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Chairs: Brian Pawlowski(beepy@netapp.com). Spencer Shepler(spencer.shepler@gmail.com) Website:http://tools.ietf.org/wg/nfsv4/charters Status: Active. Partnership/Coordination: IRTF Language: English. 3.21. IETF/OPS/netconf The NETCONF Working Group is chartered to produce a protocol suitable for network configuration, with the following characteristics: o Provides retrieval mechanisms which can differentiate between configuration data and non-configuration data o Is extensible enough so that vendors will provide access to all configuration data on the device using a single protocol o Has a programmatic interface (avoids screen scraping and formatting-related changes between releases) o Uses a textual data representation, that can be easily manipulated using non-specialized text manipulation tools o Supports integration with existing user authentication methods o Supports integration with existing configuration database systems o Supports network wide configuration transactions (with features such as locking and rollback capability) o Is as transport-independent as possible o Provides support for asynchronous notifications The NETCONF protocol is using XML for data encoding purposes, because XML is a widely deployed standard which is supported by a large number of applications. The NETCONF protocol should be independent of the data definition language and data models used to describe configuration and state data. Chair: Bert Wijnen(bertietf@bwijnen.net), Mehmet Khasnabish & JunSheng Expires January 2, 2012 [Page 28] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Ersue(mehmet.ersue@nsn.com) Website:http://datatracker.ietf.org/wg/netconf/ Status: Active. Partnership/Coordination: o IASA/IAOC/Trust IANA o IRTF Language: English. 3.22. IRTF/P2PRG Overall, the field of P2P technologies presents a number of interesting challenges which includes new methods for optimizing P2P application overlays, performing routing and peer selection decisions, managing traffic and discovering resources. Areas of interest are also new techniques for P2P streaming and interconnecting distinct P2P application overlays. Other challenges for P2P are related to storage, reliability, and information retrieval in P2P systems. Yet another challenging area is security, privacy, anonymity and trust. Finally, it is challenging to examine P2P systems that are deployed, for example, to measure, monitor and characterize P2P applications. In addition to these areas of research, it is of interest to investigate the requirements of new applications (e.g., real-time P2P applications or P2P applications for wireless networks) on the P2P technologies used. The P2P RG will collaborate with academia and industry on making progress addressing these challenges. Chair: Volker Hilt(volkerh@bell-labs.com), Stefano Previdi(sprevidi@cisco.com) Website:http://www.irtf.org/charter?gtype=rg&group=p2prg Status: Active. Partnership/Coordination: IETF Language: English. 3.23. IRTF/VNRG The Virtual Networks Research Group (VNRG) provides a forum for interchange of ideas among a group of network researchers with an Khasnabish & JunSheng Expires January 2, 2012 [Page 29] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 interest in network virtualization in the context of the Internet and also beyond the current Internet. The VNRG will consider the whole system of a VN and not only single components or a limited set of components; we will identify architectural challenges resulting from VNs, addressing network management of VNs, and exploring emerging technological and implementation issues. Initial set of work items: o concepts/background/terminology o common parts of VN architectures o common problems/challenges in VN o descriptions of appropriate uses o some solutions (per-problem perhaps) Chair: Joe Touch (touch@isi.edu), Martin Stiemerling (stiemerling@nw.neclab.eu) Website:http://www.irtf.org/charter?gtype=rg&group=vnrg Status: Active. Partnership/Coordination: IETF Language: English. 3.24. ISO/IEC JTC1 SC38 SGCC Study Group on Cloud Computing(SGCC) o Provide a taxonomy, terminology and value proposition for Cloud Computing. o Assess the current state of standardization in Cloud Computing within JTC1 and in other SDOs and consortia. o Document standardization market/business/user requirements and the challenges to be addressed. o Liaise and collaborate with relevant SDOs and consortia related to Cloud Computing. Khasnabish & JunSheng Expires January 2, 2012 [Page 30] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Hold workshops to gather requirements as needed. o Provide a report of activities and recommendations to SC38. SC38 Chairman: Dr. Donald Deutsch (USA) SGCC Convenor: Dr. Seungyun Lee (Korea) Website:http://www.iso.org/iso/standards_development/ technical_committees/list_of_iso_technical_committees/ iso_technical_committee.htm?commid=601355 Status: Active. Partnership/Coordination: o IEEE o IETF Language: English. 3.25. ITU-T FG Cloud (Focus Group Cloud Computing) The Focus Group will, from the standardization view points and within the competences of ITU-T, contribute with the telecommunication aspects, i.e., the transport via telecommunications networks, security aspects of telecommunications, service requirements, etc., in order to support services/applications of "cloud computing" making use of telecommunication networks; specifically: o identify potential impacts on standards development and priorities for standards needed to promote and facilitate telecommunication/ ICT support for cloud computing o investigate the need for future study items for fixed and mobile networks in the scope of ITU-T o analyze which components would benefit most from interoperability and standardization o familiarize ITU-T and standardization communities with emerging attributes and challenges of telecommunication/ICT support for cloud computing o analyze the rate of change for cloud computing attributes, functions and features for the purpose of assessing the appropriate timing of standardization of telecommunication/ICT in Khasnabish & JunSheng Expires January 2, 2012 [Page 31] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 support of cloud computing The Focus Group will collaborate with worldwide cloud computing communities (e.g., research institutes, forums, academia) including other SDOs and consortia. o Provide a taxonomy, terminology and value proposition for Cloud Computing. o Assess the current state of standardization in Cloud Computing within JTC1 and in other SDOs and consortia. o Document standardization market/business/user requirements and the challenges to be addressed. o Liaise and collaborate with relevant SDOs and consortia related to Cloud Computing. o Hold workshops to gather requirements as needed. o Provide a report of activities and recommendations to SC38. WG1: Cloud computing benefits & requirements o Cloud Definition, Ecosystem & Taxonomy o Uses cases Requirements & Architecture o Cloud security o Infrastructure & Network enabled Cloud o Cloud Services & Resource Management, Platforms and Middleware o Cloud computing benefits & first Requirements from ICT perspectives WG2: Gap Analysis and Roadmap on Cloud Computing Standards development in ITU-T o Overview of cloud computing SDOs activities o Gap analysis & Action plan for development of relevant ITU-T Cloud Standard Former chair: Mr. Vladimir Belenkovich (Federation Russia), current chair: Victor Kutukov (Stack Soft, Russia). Khasnabish & JunSheng Expires January 2, 2012 [Page 32] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Website:http://www.itu.int/ITU-T/focusgroups/cloud/ Status: Initiating (first meeting on 14-16, June 2010). Partnership/Coordination: TBC. Language: English. 3.26. KCSA (Korea Cloud Service Association) Main mission of KCSA: o Create demand of Cloud service o Create Cloud service activation framework and its environments o Disseminate and promote Cloud service to public sectors Chair: Mr. Choi Do-Hwan Website:http://www.kcsa.or.kr/index.jsp Status: Active. Partnership/Coordination: Not known. Language: English. 3.27. Liberty Alliance / Kantara Initiative As of June 2009, the work of the Liberty Alliance is transitioning to the Kantara Initiative. The vision of Liberty Alliance is to enable [a networked world] web services based on open standards where consumers, citizens, businesses and governments can more easily conduct online transactions while protecting the privacy and security of identity information. o Build open standard-based specifications for federated identity and identity-based Web services. o Drive global identity theft prevention solutions. o Provide interoperability testing. o Offer a formal certification program for products utilizing Liberty specifications. Khasnabish & JunSheng Expires January 2, 2012 [Page 33] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Establish best practices, rules, liabilities, and business guidelines. o Collaborate with other standards bodies, privacy advocates, and government policy groups. o Address end user privacy and confidentiality issues. Kantara Initiative: Bridging and harmonizing the identity community with actions that will help ensure secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments. Managing Director: Mr. Joni Brennan Website:http://www.projectliberty.org/, http://kantarainitiative.org/ Status: New Initiative. Partnership/Coordination: Not known. Language: English. 3.28. NCOIC (Network Centric Operations Industry Consortium) The Network Centric Operations Industry Consortium is a global, not- for-profit organization dedicated to advancing interoperability via network centric operations. NCOIC has formed a Cloud Computing Working Group that will investigate ways to leverage clouds to support global interoperability. NCOIC's 90 member organizations from 19 nations will advocate for open standards and, on reaching consensus, will make voice of industry recommendations about their applicability. Further, NCOIC will develop operational and capability patterns that can enable our customers-in military, aviation, emergency response and cyber security-to achieve portability of information and services from cloud to cloud. Managing Director: TBD Website:https://www.ncoic.org/about/ Status: Initiative. Partnership/Coordination: Not known. Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 34] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.29. NIST NIST's role in cloud computing is to promote the effective and secure use of the technology within government and industry by providing technical guidance and promoting standards. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential Characteristics: o On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service's provider. o Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs). o Resource pooling. The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. o Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. o Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service. Khasnabish & JunSheng Expires January 2, 2012 [Page 35] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Working Group: o Cryptographic Technology o Systems & Emerging Technologies Security Research o Security Management & Assurance o CMVP & CAVP - (now part of Security Management & Assurance) Chair: Mr. Peter Mell(mell@nist.gov) Website:http://csrc.nist.gov/groups/SNS/cloud-computing/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.30. OASIS OASIS is a not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society. The consortium produces more Web services standards than any other organization along with standards for security, e-business, and standardization efforts in the public sector and for application- specific markets. OASIS sees Cloud Computing as a natural extension of SOA and network management models. Related standards are: o Security, access and identity policy standards -- e.g., OASIS SAML, XACML, SPML, WS-Security Policy, WS-Trust. o Content, format control and data import/export standards -- e.g., OASIS ODF. o Registry, repository and directory standards -- e.g., OASIS ebXML and UDDI. o SOA methods and models, network management, service quality and interoperability -- e.g., OASIS SOA-RM, and BPEL. OASIS specifications are available here. http://www.oasis-open.org/specs/ OASIS Committees by Category Khasnabish & JunSheng Expires January 2, 2012 [Page 36] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Adoption Services o Computing Management o Document-Centric Applications o e-Commerce o Law & Government o Localisation o Security o SOA o Standards Adoption o Supply Chain o Web Services o XML Processing Website:http://www.oasis-open.org Status: Active. Partnership/Coordination: Not known. Language: English. 3.31. OCC The OCC is a member driven organization that supports the development of standards for cloud computing and frameworks for interoperating between clouds, develops benchmarks for cloud computing, and supports reference implementations for cloud computing. The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud. OCC Working Group. o Working Group on Standards and Interoperability For Large Data Clouds Khasnabish & JunSheng Expires January 2, 2012 [Page 37] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o The Open Cloud Testbed Working Group o The Open Science Data Cloud (OSDC) Working Group o Intercloud Testbed Working Group Website:http://opencloudconsortium.org/ Status: Active. Partnership/Coordination(Contributing Members and Partners): o Calit2 o Johns Hopkins University o National Lambda Rail o University of Chicago Language: English. 3.32. OGF / OCCI OGF is an open community committed to driving the rapid evolution and adoption of applied distributed computing. Applied Distributed Computing is critical to developing new, innovative and scalable applications and infrastructures that are essential to productivity in the enterprise and within the science community. OGF accomplishes its work through open forums that build the community, explore trends, share best practices and consolidate these best practices into standards. The purpose of the OCCI group is the creation of a practical solution to interface with Cloud infrastructures exposed as a service (IaaS). It will focus on a solution which covers the provisioning, monitoring and definition of Cloud Infrastructure services. The group should create this API in an agile way as we can have advantages over other groups if we deliver fast. Overlapping work and efforts will be contributed and synchronized with other groups. OCCI is a RESTful-based network Protocol and API for managing cloud computing infrastructure. It has since evolved into an extensible API with a strong focus on interoperability while still offering a high degree of extensibility. The current release of the OCCI is suitable to serve many other models in addition to IaaS, including e.g. PaaS and SaaS. Khasnabish & JunSheng Expires January 2, 2012 [Page 38] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 OCCI are described from three aspects. o OCCI Core Mode. * Core Mode defines a representation of resource types which is an abstraction of real-world resources, including the means to identify, classify, associate and extend those resources. * Any resource exposed through OCCI is a Resource or a sub-type thereof. The Resource type contains a number of common attributes that Resource sub-types inherit. The Resource type is complemented by the Link type which associates one Resource instance with another. The Link type contains a number of common attributes that Link sub-types inherit. * OCCI Core Model types include Category, Kind, Mixin, Action, Entity, Resource and Link. o OCCI Rendering. * OCCI Rendering types include HTTP Header, XHTML5, etc. * OCCI Rendering is a lightweight yet all-encompassing means to describe infrastructure. * It provides the capability to send a native (e.g. OVF, VMX) representation for clients that can digest such a native rendering. o OCCI Infrastructure Model * OCCI Infrastructure Model describes a particular OCCI Infrastructure extension for the IaaS domain. * The main infrastructure types defined within OCCI Infrastructure are: + Compute. Information processing resources. + Network. Interconnection resource and represents a L2 networking resource. + Storage. Information recording resources. * Link sub-types for the Resource types are the following: + NetworkInterface connects a Compute instance to a Network instance. Khasnabish & JunSheng Expires January 2, 2012 [Page 39] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 + StorageLink connects a Compute instance to a Storage instance. The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud. Areas of work of the OGF Standards Function. o Applications o Architecture o Compute o Data o Infrastructure o Liaison o Management o Security Open Cloud Computing Interface WG (occi-wg), Thijs Metsch Chair, Andy Edmonds Chair, Alexis Richardson Chair, Sam Johnston Secretary Website:http://www.ogf.org/, http://www.occi-wg.org/doku.php Status: Active. Partnership/Coordination: o IETF o W3C(World Wide Web Consortium) o OASIS o DMTF o SNIA o WS-I(Web Services Interoperability Organization) Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 40] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 3.33. OMA(Open Mobile Alliance) OMA is the leading industry forum for developing market driven, interoperable mobile service enablers. OMA has developed OMA Cloud Computing White Paper v1.0 which identifies the following areas of interest as potential future developments opportunities: 1. The development and support of Cloud Computing related O&M functionality with OMA enablers. 2. To extend the OMA Mobile Commerce and Charging area. 3. To evaluate the need of developing new activities/work item to enable the 'Virtualized Experience' in Cloud Computing. OMA has established a new work item namely 'Unified Virtual Experience' i.e. use cases and requirements for Unified Virtual Experience (UVE) Enabler. 4. To extend the OMA Security area. Recently OMA is continuing extension of OMA Cloud Computing White Paper v1.0, i.e. the study of how OMA enablers need to be modified to be useful in the Cloud Computing environment. The scope of this new version v2.0 focuses on: o More detailed gap analysis with other SDOs and start a dialogue/ collaboration with them. o More gap analysis on other OMA areas, e.g.: * Person-to-Person Communication area. * Service Customization area. * End-to-end Efficiency aspect. o More recommendations of the future work in OMA. The goals of such analysis and recommendation in this White Paper are: o to consider a cloud delivery model as a converged platform to deliver IT and communication services over any network (fixed, mobile,..) and used by any end user connected devices (PC, TV, Smart Phone, M2M!). Khasnabish & JunSheng Expires January 2, 2012 [Page 41] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o to facilitate the operators to deliver a rich set of communication services (voice & video call, audio, video & web conf, messaging, unified communication, content creation, broadcasting...). Moreover the network services should be seen as smart pipes !ohigh-grade network!+/- for cloud services transport and cloud interconnection (inter-cloud) in order to guarantee secure and high performance end-to-end quality of service QoS for end users (considered as an important key differentiator for telecommunication players). Working Group: BOD CLOUD Chair: Bin Hu(Huawei Technologies Co., Ltd, bin.hu@huawei.com ) DSO: John Mudge(OMA, jmudge@omaorg.org ) Website: http://www.openmobilealliance.org/ Status: Active. Partnership/Coordination: None Language: English. 3.34. OMG(Object Management Group) The Cloud Standards Coordination Group is committed to development of a joint resource on cloud computing strategies, standards and implementations. Different SDOs are bringing together different but complementary abilities: storage, execution models, deployment models, service level agreements, security, authentication, privacy. Specific cloud-related specification efforts have only just begun in OMG, focusing on modeling deployment of applications & services on clouds for portability, interoperability & reuse. Relevant committees include Analysis & Design Task Force (ADTF) and SOA Special Interest Group (SOA SIG). Working Group: o Architecture Board o Platform Technology Committee o Domain Technology Committee Website:http://www.omg.org/ Status: Active. Khasnabish & JunSheng Expires January 2, 2012 [Page 42] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Partnership/Coordination: o ASC X12 o ASC T1M1 o CEN/ISSS (Information Society Standardization System) o DICOM (Digital Imaging and Communications in Medicine) o DMTF (Distributed Management Task Force) o ECMA (European Computer Manufacturers Association.) o FIPA (Foundation for Intelligent Physical Agents) o HL7 (Health Level Seven) o ICT-SB (Information and Communications Technology Standards Board) o IEEE 1226 o ISO o ITU-T Standardization Sector o NCPDP (National Council for Prescription Drug Programs) o Parlay o SDRF - Software Defined Radio Forum o SWIFT (The Society for Worldwide International Financial Telecommunication) o TMForum (TeleManagement Forum) o 3GPP Language: English. 3.35. OCM (Open Cloud Manifesto) The Open Cloud Manifesto establishes a core set of principles to ensure that organizations will have freedom of choice, flexibility, and openness as they take advantage of cloud computing. While cloud computing has the potential to have a positive impact on organizations, there is also potential for lock-in and lost Khasnabish & JunSheng Expires January 2, 2012 [Page 43] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 flexibility if appropriate open standards are not identified and adopted. To open the cloud computing, the rules specified by the OCM need be referenced. Website:http://www.opencloudmanifesto.org/ Status: Active. Partnership/Coordination: CCIF(Inactive) Language: English. 3.36. OGC WG (Open Group Cloud Work Group) The Open Group Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include Cloud Computing technology in a safe and secure way in their architectures to realize its significant cost, scalability and agility benefits. To open the cloud computing, the rules specified by the OCM need be referenced. Chair: Mr. David Lounsbury (VP Government Programs, The Open Group) Website:http://www.opengroup.org/cloudcomputing/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.37. SNIA SNIA Mission: Lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organizations in the management of information. SNIA's Forums and Initiatives include: o the Cloud Storage Initiative, Khasnabish & JunSheng Expires January 2, 2012 [Page 44] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o the Data Management Forum, o the Green Storage Initiative, o the Ethernet Storage Forum, o Storage Management Initiative, o Solid State Storage Initiative, o the Storage Security Industry Forum o the XAM Initiative The Cloud Data Management Interface (CDMI) defines the functional interface that applications will use to create, retrieve, update and delete data elements from the Cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface. This interface is also used by administrative and management applications to manage containers, accounts, security access and monitoring/billing information, even for storage that is accessible by other protocols. The capabilities of the underlying storage and data services are exposed so that clients can understand the offering. Metadata is a convenient mechanism in managing large amounts of data with differing requirements through expressing those requirements in such a way that underlying data services differentiate their treatment of the data to meet those requirements. Resource types which are accessed through RESTful interface include: o Container. o Accounting. o DataObject. * Files. * Block Devices. * Object Stores. Khasnabish & JunSheng Expires January 2, 2012 [Page 45] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 * Database Tables. o Capability. Storage Management Initiative Specification (SMI-S) defines a method for the interoperable management of a heterogeneous Storage Area Network (SAN), and describes the information available to a WBEM Client from an SMI-S compliant CIM Server and an object-oriented, XML-based, messaging-based interface designed to support the specific requirements of managing devices in and through SANs. The eXtensible Access Method (XAM) Interface specification defines a standard access method (API) between "Consumers" (application and management software) and "Providers" (storage systems) to manage fixed content reference information storage services. XAM includes metadata definitions to accompany data to achieve application interoperability, storage transparency, and automation for ILM-based practices, long term records retention, and information security. XAM will be expanded over time to include other data types as well as support additional implementations based on the XAM API to XAM conformant storage systems. Website:http://www.SNIA.org Status: Active. Partnership/Coordination: o ARMA (Association of Records Managers and Administrators) International o DMTF o Eclipse Aperi Storage Management Project o FCIA (Fibre Channel Industry Association) o OGF (Open Grid Forum) o The Green Grid Language: English. 3.38. Study group on Smart Cloud, Japan Ministry of Internal Affairs and Communications of Japan holds study group meetings on smart cloud collecting key people from the academia and the industry in Japan. They surveyed the current status of cloud Khasnabish & JunSheng Expires January 2, 2012 [Page 46] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 computing and identified important issues from the viewpoints of technologies, standardization and international cooperation. Professor Emeritus Hideo Miyahara, Osaka University Website: http://www.soumu.go.jp Status: Active. Partnership/Coordination: Not known. Language: Japanese. 3.39. TM Forum The primary objective of TM Forum's Cloud Services Initiative is to help the industry overcome the barriers and assist the growth of a vibrant commercial marketplace for cloud based services. The centerpiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers. TM Forum's vision is to ensure acceleration of service standardization and commoditization in an effective and efficient marketplace of cloud computing services in all global geographies, through alignment with the needs of the world's largest IT buyers. Enterprise Cloud Buyers Council Goals are: o to foster an effective and efficient marketplace for cloud compute infrastructure and services across all industry verticals and global geographies; o Accelerate standardization and commoditization of cloud services, and identifying common commodity processes best consumed as a service; o Solicit definition for standardized core and industry-specific SKUs for cloud services; o Achieve transparency of cost, service levels and reporting across the ecosystem; o Enable benchmarking of services across service providers and geographies; o Enable vendor measurement against normalized and agreed service level metrics; Khasnabish & JunSheng Expires January 2, 2012 [Page 47] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 o Radically reduce cost of acquisition and operations for commodity compute & services. James Warner, head of Cloud computing TM Forum. Website: http://www.tmforum.org/ Status: Active. Partnership/Coordination: Not known. Language: English. Khasnabish & JunSheng Expires January 2, 2012 [Page 48] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 4. Summary and Analysis This survey shows that there are a variety of ways to virtualize computing and communication resources in order to support both client-side and server-side applications and services. Many of these services tend to utilize resources across multiple administrative, technology, and geographical domains. Since there is no unified and universally acceptable protocol and mechanism to define the mobility of resources across domains, the early implementers tend to utilize the features and functions of the existing IETF protocols along with their proprietary modifications or extensions in order to achieve their goals. In addition to using a virtualization layer (VM layer), a thin Cloud operating system (OS) layer may be useful to hide the complexity, specificity, and regionality (locality) of the resources. We also observe that different SDOs are trying to develop many different methods for logging and reporting of resource usage for Cloud services. This will create auditing transparency problems which may negatively impact the development of security and service level agreement features. At the end, these may in fact result in an increase in the effective cost for services that utilize the cloud based systems and networks, violating the very foundation on which the concept of utilizing cloud is based on. Khasnabish & JunSheng Expires January 2, 2012 [Page 49] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 5. Security Considerations --[Editor's note] Will be added in future. Khasnabish & JunSheng Expires January 2, 2012 [Page 50] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 6. Conclusion We have presented a survey of the activities of Cloud SDOs along with a simple early analysis. This survey has revealed that different SDOs are utilizing or expect to utilize a set of common IETF protocols for cloud services, and some time they modify or extend these protocols in order to satisfy their niche objectives. These will not only cause interoperability problems, but may also negatively impact further development of protocols and services in this very important area of cloud computing and networking. IETF is the best organization to address these issues. Khasnabish & JunSheng Expires January 2, 2012 [Page 51] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 7. Acknowledgement --[Editor's note] Will be added in future. Khasnabish & JunSheng Expires January 2, 2012 [Page 52] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 8. Appendix A: Cloud Standards WiKi. http://cloud-standards.org/wiki/index.php?title=Main_Page This WiKi Website documents the coordination activities of the various SDOs working on Cloud standards. You can find related Cloud SDOs the WiKi Website addressed here. o CloudAudit o Cloud Security Alliance o Distributed Management Task Force (DMTF) o ETSI(The European Telecommunications Standards Institute) o NIST(National Institute of Standards and Technology) o Open Grid Forum (OGF) o Object Management Group (OMG) o Open Cloud Consortium (OCC) o OASIS(Organization for the Advancement of Structured Information Standards) o SNIA(Storage Networking Industry Association) o OG WG(The Open Group) o ARTS(Association for Retail Technology Standards) Khasnabish & JunSheng Expires January 2, 2012 [Page 53] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 9. IANA Considerations This document has no actions for IANA. Khasnabish & JunSheng Expires January 2, 2012 [Page 54] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 10. Normative references [RFC2119] IETF, "Key words for use in RFCs to Indicate Requirement Levels", March 1997. Khasnabish & JunSheng Expires January 2, 2012 [Page 55] Internet-Draft Cloud SDO Activities Survey and Analysis July 2011 Authors' Addresses Bhumip Khasnabish ZTE USA 55 Madison Avenue, Suite 160 Morristown, NJ 07960 USA Phone: +001-781-752-8003 Email: vumip1@gmail.com Chu JunSheng ZTE No.50 Ruanjian Dadao Road, Yuhuatai District Nanjing China Phone: +86-25-8801-4630 Email: chujunsheng@zte.com.cn Khasnabish & JunSheng Expires January 2, 2012 [Page 56]