Internet Engineering Task Force B. Khasnabish Internet-Draft ZTE USA, Inc. Intended status: Informational C. JunSheng Expires: June 30, 2013 ZTE December 27, 2012 Cloud SDO Activities Survey and Analysis draft-khasnabish-cloud-sdo-survey-04.txt Abstract The objective of this draft is to present a snapshot of industry standards activities related to cloud computing, networking and services including relevant features and functions. This document is a survey of current activities of cloud standards development organizations (SDOs). At the end of this survey a section on gap analysis is also presented. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 30, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Khasnabish & JunSheng Expires June 30, 2013 [Page 1] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Survey of other SDOs . . . . . . . . . . . . . . . . . . . . . 6 3.1. ARTS (The Association for Retail Technology Standards) . . 6 3.2. ATIS (Alliance for Telecommunications Industry Solutions). . . . . . . . . . . . . . . . . . . . . . . . 6 3.2.1. ATIS SON (Service Oriented Networks) Forum. . . . . . 7 3.2.2. ATIS CSF (Cloud Services Forum). . . . . . . . . . . . 8 3.3. CCF (Cloud Computing Forum, Korea). . . . . . . . . . . . 12 3.4. CCIF (Cloud Computing Interoperability Forum). . . . . . . 13 3.5. CloudAudit . . . . . . . . . . . . . . . . . . . . . . . . 14 3.6. CCSA - Clouds . . . . . . . . . . . . . . . . . . . . . . 14 3.7. Cloud Computing Use Cases Group . . . . . . . . . . . . . 15 3.8. China Institute of Electronics. . . . . . . . . . . . . . 15 3.9. Cloud Operations and Security, Japan. . . . . . . . . . . 16 3.10. CSA (Cloud Security Alliance) . . . . . . . . . . . . . . 16 3.11. CSA/TCI (Cloud Security Alliance / Trusted Cloud Initiative) . . . . . . . . . . . . . . . . . . . . . . . 17 3.12. DELTA Cloud . . . . . . . . . . . . . . . . . . . . . . . 18 3.13. DMTF (Distributed Management Task Force) . . . . . . . . . 19 3.13.1. CMWG (Cloud Management Working Group) . . . . . . . . 20 3.13.2. SVPC(System Virtualization, Partitioning, and Clustering) . . . . . . . . . . . . . . . . . . . . . 21 3.13.3. CADF(Cloud Auditing Data Federation Working Group) . . 22 3.13.4. Cloud Incubator . . . . . . . . . . . . . . . . . . . 23 3.14. ENISA(European Network and Information Security Agency) . 24 3.15. ETSI STF 331 (Specialist Task Force on ICT GRID Technologies Interoperability and Standardization) . . . . 25 3.16. ETSI TC GRID (Technical Committee Grid) . . . . . . . . . 26 3.17. GICTF (Global Inter-Cloud Technology Forum, Japan) . . . . 27 Khasnabish & JunSheng Expires June 30, 2013 [Page 2] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3.18. IEEE SA (Standards Association) . . . . . . . . . . . . . 28 3.19. IETF/APP/SCIM . . . . . . . . . . . . . . . . . . . . . . 28 3.20. IETF/TSV Decade . . . . . . . . . . . . . . . . . . . . . 30 3.21. IETF/TSV/nfsv4 . . . . . . . . . . . . . . . . . . . . . . 32 3.22. IETF/OPS/netconf . . . . . . . . . . . . . . . . . . . . . 34 3.23. IETF/OPS/ARMD . . . . . . . . . . . . . . . . . . . . . . 35 3.24. IETF/RTG/NVO3 . . . . . . . . . . . . . . . . . . . . . . 36 3.25. IRTF/P2PRG . . . . . . . . . . . . . . . . . . . . . . . . 38 3.26. IRTF/VNRG . . . . . . . . . . . . . . . . . . . . . . . . 39 3.27. ISO/IEC JTC1 SC38 SGCC . . . . . . . . . . . . . . . . . . 39 3.27.1. Study Group on Cloud Computing(SGCC) . . . . . . . . . 40 3.27.2. Working Group 3 on Cloud Computing . . . . . . . . . . 40 3.28. ITU-T JCA-Cloud (Joint Coordination Activity on Cloud Computing ) . . . . . . . . . . . . . . . . . . . . . . . 41 3.29. KCSA (Korea Cloud Service Association) . . . . . . . . . . 42 3.30. Liberty Alliance / Kantara Initiative . . . . . . . . . . 42 3.31. NCOIC (Network Centric Operations Industry Consortium) . . 43 3.32. NIST . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.33. OASIS . . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.34. OCC . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.35. ODCA (Open Data Center Alliance) . . . . . . . . . . . . . 47 3.36. OGF / OCCI . . . . . . . . . . . . . . . . . . . . . . . . 48 3.37. OMA(Open Mobile Alliance) . . . . . . . . . . . . . . . . 51 3.38. OMG(Object Management Group) . . . . . . . . . . . . . . . 53 3.39. OCM (Open Cloud Manifesto) . . . . . . . . . . . . . . . . 54 3.40. OGC WG (Open Group Cloud Work Group) . . . . . . . . . . . 54 3.41. SNIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.42. Study group on Smart Cloud, Japan . . . . . . . . . . . . 57 3.43. TM Forum . . . . . . . . . . . . . . . . . . . . . . . . . 57 4. Summary and Analysis . . . . . . . . . . . . . . . . . . . . . 59 5. Security Considerations . . . . . . . . . . . . . . . . . . . 60 6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 61 7. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 62 8. Appendix A: Cloud Standards WiKi. . . . . . . . . . . . . . . 63 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 64 10. Normative references . . . . . . . . . . . . . . . . . . . . . 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 66 Khasnabish & JunSheng Expires June 30, 2013 [Page 3] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 1. Introduction This draft presents a survey of the SDOs related to cloud activities. By conducting a comprehensive survey, gaps and overlaps in cloud standards can be determined. This will allow us to determine the IETF work that would be required to address the gaps. Once these IETF work have been completed, seamless interoperability of cloud services can be realized. Khasnabish & JunSheng Expires June 30, 2013 [Page 4] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 2. Terminology Cloud-based systems are conveniently-connected modular blocks of resources o Both physical and virtual modularizations of resources are possible o For this discussion, the resources include computing (CPU), communications (network), memory, storage, management, database, software, applications, services, interconnectivity, etc. o The objective is to make the resources available ubiquitously for mission-specific applications and services. These resources are used to support the ultimate level of privacy/security, scalability and reliability cost-effectively and without the headache of owning and maintaining the infrastructure. Clouds Discussion Archive: http://www.ietf.org/mail-archive/web/clouds/current/maillist.html NIST definition: http://csrc.nist.gov/groups/SNS/cloud-computing/ Service over Cloud o Utilize (stitch, weave, embroider, ...) the virtualized resources from cloud to provision, create, deliver, and maintain an End-to- End Service o Use the service only when you Need it o Pay only for the time duration and type of use of service (include the costs for resources used) Khasnabish & JunSheng Expires June 30, 2013 [Page 5] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3. Survey of other SDOs 3.1. ARTS (The Association for Retail Technology Standards) The ARTS is dedicated to creating an open environment where both retailers and technology vendors work together to create international retail technology standards and to reduce the costs of the technology. Recently, this group also started looking at researching cloud computing and developing white papers to address cloud issues. Cloud Computing team starts work on a "mini RFP(Request for Proposal)" to help retailers evaluate cloud strategies and solutions. ARTS is a separate council within the NRF(National Retail Federation) governed by a council of retailers and technology solution providers. ARTS has four standards/Committees: o UnifiedPOS - Committee Chair Paul Gay, Epson o Data Model - Committee Chair Lynn Myers, Lowe's Companies o ARTS XML - Committee Chair Tim Hood, SAP o Standard RFPs - Committee Chair Ann McCool ARTS Cloud Computing for Retail White Paper, Best Practices Documents. This Cloud Computing for Retail whitepaper offers unbiased guidance for achieving maximum results from this relatively new technology. Version 1.0 represents a significant update to the draft version released in October 2009, specifically providing more examples of cloud computing in retail, as well as additional information on the relationship to Service Oriented Architecture (SOA) and constructing a Private Cloud. Website:http://www.nrf-arts.org/ Status: Active. Partnership/Coordination: NRF. Language: English. 3.2. ATIS (Alliance for Telecommunications Industry Solutions). ATIS prioritizes the industry's most pressing, technical and operational issues, and creates interoperable, implementable, end to end solutions -- standards when the industry needs them and where they need them. Khasnabish & JunSheng Expires June 30, 2013 [Page 6] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Over 600 industry professionals from more than 250 communications companies actively participate in ATIS committees and incubator solutions programs. ATIS develops standards and solutions addressing a wide range of industry issues in a manner that allocates and coordinates industry resources and produces the greatest return for communications companies. ATIS is accredited by the American National Standards Institute (ANSI). 3.2.1. ATIS SON (Service Oriented Networks) Forum. The SON Forum is addressing work to enable the interoperability and implementation of Service Oriented Network (SON) applications and services by developing standards, providing coordination for the development of standards and practices, and facilitating related technical activities. This forum is placing an emphasis on telecommunications industry needs in collaboration with regional and international standards development programs in the telecommunications, IT and Web industries. ATIS has three Working Areas: o WORK AREA1:Policy and Data Models Work Area (PDM) o WORK AREA2:OSS/BSS and Virtualization Work Area (OBV) o WORK AREA3:Service Delivery Creation and Enablers Work Area (SDCE) SON Forum Chair: Andrew White, Qwest Son Forum Vice Chair:Gary Munson, AT&T Website:http://www.atis.org/SON/index.asp Status: Inactive (The activities have been transferred to ATIS CSF; please see section 3.2.2 for details). Partnership/Coordination: o ANSI o 3GPP(TBC) Language: English. Khasnabish & JunSheng Expires June 30, 2013 [Page 7] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3.2.2. ATIS CSF (Cloud Services Forum). The ATIS Board recently approved the launch of the Cloud Services Forum (CSF). The Forum will focus, among other things, on the operators' provision of cloud services, and develop a framework to ensure integration of the network and IT. It will account for basic APIs in the control plane layer of the network rather than as a service on the network, define a minimum set of APIs to expose between service providers, and define interoperability, security, and standardization, among other things, between service provider clouds. Drawing upon business use cases that leverage Cloud Services' potential, the Forum will address industry priorities and develop implementable solutions for the evolving Cloud marketplace. Ultimately, the CSF will work to see that Cloud capabilities are quickly operationalized and operators are able to offer managed services. Initial CSF objectives that are being discussed include: o Cloud Service Framework for CDN; o Developing a framework to ensure the integration of the network and IT; o Ascertaining basic APIs in the control plane layer of the network; o Using industry input to define a minimum set of APIs to expose between service providers; and o Utilizing control plane layer interfaces to allow for a greater network role. Cloud Services Forum Active and Closed Issues: o Common Service Enabler Description Doc: http://www.atis.org/cloud/_Com/Docs/issue002.doc. Status: Final Closure. o Consistency of 3rd Party Interfaces Doc: http://www.atis.org/cloud/_Com/Docs/issue003.doc. Status: Final Closure. Khasnabish & JunSheng Expires June 30, 2013 [Page 8] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Common Name Space Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue007.doc. Status: Active. o Cloud Service Framework for CDN Doc: http://www.atis.org/cloud/_Com/Docs/issue0011.doc. Status: Final Closure. o Cloud-Based Inter-Provider Telepresence: Access Agnostic End to end service flow (Service Architecture Document): In considering Telepresence and VPNs Service Definitions Doc: http://www.atis.org/cloud/_Com/Docs/issue0012.doc. Status: Initial Closure. o Charging for Cloud Services Doc: http://www.atis.org/cloud/_Com/Docs/issue0014.doc. Status: Active. o Cloud Service Logging and Auditing Doc: http://www.atis.org/cloud/_Com/Docs/issue0015.doc. Status: Active. o Cloud Services Control Plane Doc: http://www.atis.org/cloud/_Com/Docs/issue0016.doc. Status: Active. o Cloud Services Checklist Doc: http://www.atis.org/cloud/_Com/Docs/issue0017.doc. Status: Active. o Cloud Services Virtual Desktop Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue0018.doc. Khasnabish & JunSheng Expires June 30, 2013 [Page 9] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Status: Active. o Cloud Services Glossary and Acronyms Doc: http://www.atis.org/cloud/_Com/Docs/issue0020.doc. Status: Active. o CDN Interconnection Use Cases & Requirements for Multicast-Based Content Distribution Doc: http://www.atis.org/cloud/_Com/Docs/issue0021.doc. Status: Initial Closure. o CDN Interconnection Use Cases & Requirements "C Release 2 Doc: http://www.atis.org/cloud/_Com/Docs/issue0022.doc. Status: Active. o Federation of Cloud Services and Networks for Service Delivery Doc: http://www.atis.org/cloud/_Com/Docs/issue0024.doc. Status: Active. o Service provider requirements for VPN-Oriented Data Center Services (VDCS) Doc: http://www.atis.org/cloud/_Com/Docs/issue0025.doc. Status: Active. o Cloud Services Inter-Service Provider Billing Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue0026.doc. Status: Active. o Cloud-Based Telepresence: Interconnect, Interoperability and Architecture Doc: http://www.atis.org/cloud/_Com/Docs/issue0027.doc. Status: Active. Cloud Services Forum Withdrawn Issues: Khasnabish & JunSheng Expires June 30, 2013 [Page 10] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Common Product Data Catalog Repository Doc: http://www.atis.org/cloud/_Com/Docs/issue001.doc. Status: Withdrawn. o Standardization of WS-* Specifications Doc: http://www.atis.org/cloud/_Com/Docs/issue004.doc. Status: Withdrawn. o Common Policy Reference Model, Syntax, and Semantics Doc: http://www.atis.org/cloud/_Com/Docs/issue005.doc. Status: Withdrawn. o Common Data Model Requirements Doc: http://www.atis.org/cloud/_Com/Docs/issue006.doc. Status: Withdrawn. o Packaging of OSS/BSS Components as Service Enablers Doc: http://www.atis.org/cloud/_Com/Docs/issue008.doc. Status: Withdrawn. o IT Infrastructure Virtualization Doc: http://www.atis.org/cloud/_Com/Docs/issue009.doc. Status: Withdrawn. o Guidelines for COTS/Third-Party Software Installation in a Cloud Environment Doc: http://www.atis.org/cloud/_Com/Docs/issue0010.doc. Status: Withdrawn. o Cloud Services Network-Network Interconnect Doc: http://www.atis.org/cloud/_Com/Docs/issue0013.doc. Khasnabish & JunSheng Expires June 30, 2013 [Page 11] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Status: Withdrawn. o Cloud Services Reference Framework Doc: http://www.atis.org/cloud/_Com/Docs/issue0019.doc. Status: Withdrawn. o Landscape of Computing, Storage, and Network Virtualized Resources for Cloud-based Services Offering Doc: http://www.atis.org/cloud/_Com/Docs/issue0023.doc. Status: Withdrawn. CSF Chair: Andrew White, NSN CSF Vice Chair: Dan Druta, AT&T Website:http://www.atis.org/cloud/index.asp Status: Active. Partnership/Coordination: o ANSI o 3GPP(TBC) Language: English. 3.3. CCF (Cloud Computing Forum, Korea). Main mission of CCF: o Constitute National level CC Forum o Provide CC technology development and standardization activity o Sharing CC technology information o Study on CC adaptation method into Public sectors o Support international standardization activity of CC o Develop CC related Law and policy CCF has six Working Groups: Khasnabish & JunSheng Expires June 30, 2013 [Page 12] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Group 1: Policy and Certification o Group 2: CC Technology Framework o Group 3: Media Cloud o Group 4: Storage Cloud o Group 5: CC Technology for Green IDC o Group 6: Mobile Cloud Chair: Mr. Son seung-won Website:http://www.ccsf-kr.org/ Status: Active. Partnership/Coordination: Not known. Language: Korean, with some titles in English. 3.4. CCIF (Cloud Computing Interoperability Forum). Goals The CCIF was formed in order to enable a global cloud computing ecosystem whereby organizations are able to seamlessly work together for the purposes for wider industry adoption of cloud computing technology and related services. A key focus will be placed on the creation of a common agreed upon framework / ontology that enables the ability of two or more cloud platforms to exchange information in an unified manor. Mission CCIF is an open, vendor neutral, open community of technology advocates, and consumers dedicated to driving the rapid adoption of global cloud computing services. CCIF shall accomplish this by working through the use open forums (physical and virtual) focused on building community consensus, exploring emerging trends, and advocating best practices / reference architectures for the purposes of standardized cloud computing. Note: CCIF is INACTIVE now. CCIF comes up with a unified cloud interface (a.k.a. cloud broker) whose features are as follows: unify various cloud APIs and abstract Khasnabish & JunSheng Expires June 30, 2013 [Page 13] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 it behind an open and standardized cloud interface, that is, create an API about other APIs. Proposed a UCI architecture. CCIF has two Working Groups: o Standard and Interoperability Working Group o Unified Cloud Interface Working Group Chair: Mr. Reuven Cohen (Enomaly Inc.) Website:http://www.cloudforum.org/ Status: Inactive. Partnership/Coordination: Not known. Language: English. 3.5. CloudAudit The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology. Automated Audit, Assertion, Assessment, and Assurance API (A6 Working Group), officially launched in January 2010. Chair: Mr. Christofer Hoff Website:http://www.cloudaudit.org/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.6. CCSA - Clouds CCSA only follows up and evaluates the influence of cloud computing on telecommunication network. The main focus of CCSA is on Cloud Computing in Mobile Internet, Cloud Computing with P2P technology, Resource Virtualization Application Mode and Operation Requirement, etc. Khasnabish & JunSheng Expires June 30, 2013 [Page 14] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 CCSA has two Clouds related Working Groups: o TC2 WG1 o TC1 WG4 Website:http://www.ccsa.org.cn/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.7. Cloud Computing Use Cases Group The goal of this group is to bring together cloud consumers and cloud vendors to define common use cases for cloud computing. The use cases will demonstrate the performance and economic benefits of cloud computing, and will be based on the needs of the widest possible range of consumers. The ToC of the latest version (V3) of the white paper includes o Definitions and Taxonomy o Use Case Scenarios o Customer Scenarios o Developer Requirements o Security Scenarios o Security Use Case Scenarios Website:http://groups.google.com/group/cloud-computing-use-cases Status: Active. Partnership/Coordination: OCM. Language: English. 3.8. China Institute of Electronics. The goal of the CIA is to solve the emerged problems with the rapid development of Cloud Computing, follows up the latest development of Khasnabish & JunSheng Expires June 30, 2013 [Page 15] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 technologies related to Cloud Computing, strengthen communication and cooperation in the domain of Cloud Computing, prompt the research and application on the technology of Cloud Computing, and draw up industry specification on Cloud Computing. Clouds related Group: Cloud Computing Experts Association. Chair: Mr. Li Deyi Website:http://www.ciecloud.org/ Status: Active. Partnership/Coordination: OCM. Language: Chinese, with some titles in English. 3.9. Cloud Operations and Security, Japan. Information Security Awareness Campaign to be jointly launched by the public and private sectors. The Ministry of Economy, Trade and Industry (METI), Symantec Corporation, Trend Micro Incorporated, McAfee, Inc., and the Information-Technology Promotion Agency, Japan, will jointly launch the campaign to strengthen information security measures. As information technology (IT) penetrates further into people's lives and socio-economic activities, Internet users face higher risks of becoming victims of computer viruses, unauthorized access or other security breaches. This campaign is aimed at preventing such risks and increase people's awareness and knowledge of precautions for the safe use of IT. Website:http://www.meti.go.jp/english Status: Active. Partnership/Coordination: Not known. Language: English. 3.10. CSA (Cloud Security Alliance) The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. The CSA is mainly focus on: Khasnabish & JunSheng Expires June 30, 2013 [Page 16] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Promoting a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance. o Promoting independent research into best practices for cloud computing security. o Launching awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions. o Creating consensus lists of issues and guidance for cloud security assurance. 8 Working Groups: o Group 1: Architecture and Framework o Group 2: Governance, Risk Management, Compliance, Audit, Physical, BCM, DR o Group 3: Legal and eDiscovery o Group 4: Portability & Interoperability and Application Security o Group 5: Identity and Access Mgt, Encryption & Key Mgt o Group 6: Data Center Operations and Incident Response o Group 7: Information Lifecycle Management & Storage o Group 8: Virtualization and Technology Compartmentalization Chair: Mr. Jim Reavis (Executive Director), Mr. Christofer Hoff (Technical Director) Website:http://www.cloudsecurityalliance.org/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.11. CSA/TCI (Cloud Security Alliance / Trusted Cloud Initiative) The Trusted Cloud Initiative will help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. We well develop Khasnabish & JunSheng Expires June 30, 2013 [Page 17] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 reference models, education, certification criteria and a cloud provider self-certification toolset in 2010. The TCI hopes to publish the industry's first cloud security certification by the end of 2010. Chair: Mr. Liam Lynch (eBay), Mr. Nick Nikols (Novell) Website:http://www.trusted-cloud.com/ Status: Active. Partnership/Coordination: CSA(TBC). Language: English. 3.12. DELTA Cloud Deltacloud is a top-level project at the Apache Software Foundation (ASF), having graduated from the ASF Incubator in October 2011. Through a collaborative and meritocratic development process, Apache projects deliver enterprise-grade, freely available software products that attract large communities of users. Apache Deltacloud is a REST-based (HATEOAS) cloud abstraction API, that enables management of resources in different IaaS clouds using a single API. A series of back-end drivers 'speak' each cloud provider's native API and the Deltacloud Core Framework provides the basis for implementing drivers as needed for other/new IaaS cloud providers. Apache Deltacloud currently supports many back-end cloud providers, as listed in Drivers. The Apache Deltacloud project empowers its users in avoiding lockin to any single cloud provider. Deltacloud provides an API abstraction that can be implemented as a wrapper around a large number of clouds, freeing users of cloud from dealing with the particulars of each cloud's API. Delta Cloud provides: o A RESTful API for simple, any-platform access o Support for all major cloud service providers o Backward compatibility across versions, providing long-term stability for scripts, tools and applications Khasnabish & JunSheng Expires June 30, 2013 [Page 18] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o A separate CIMI frontend, as well as CIMI API compliance tests and a simple CIMI client application. The Deltacloud documentation is divided into the following parts: o Installation, dependencies and quick-start o REST API definition o Information about currently supported drivers o The Deltacloud Ruby client o The libdeltacloud C library Website:http://deltacloud.apache.org Status: Active. Language: English. 3.13. DMTF (Distributed Management Task Force) DMTF enables more effective management of millions of IT systems worldwide by bringing the IT industry together to collaborate on the development, validation and promotion of systems management standards. Virtualization Management(VMAN) Initiative: VMAN unleashes the power of virtualization by delivering broadly supported interoperability and portability standards to virtual computing environments. As another initiative based on the CIM and WBEM standards, the suite of management standards helps IT managers deploy virtual computer systems, discover/inventory virtual computer systems, manage the lifecycle of virtual computer systems, create/modify/delete virtual resources and monitor virtual systems for health and performance. The VMAN initiative strives to promote standards for virtualization management within the industry and enable vendors to implement compliant, interoperable virtualization management solutions. DMTF's Open Cloud Standards Incubator will focus on standardizing interactions between cloud environments by developing cloud resource management protocols, packaging formats and security mechanisms to facilitate interoperability. The Open Cloud Standards Incubator addresses the following aspects of the lifecycle of a cloud service: Khasnabish & JunSheng Expires June 30, 2013 [Page 19] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o description of the cloud service in a template o deployment of the cloud service into a cloud o offering of the service to consumers o consumer entrance into contracts for the offering o provider operation and management of instances of the service o removal of the service offering A DMTF partner initiative, SMI is a Storage Networking Industry Association (SNIA) initiative to standardize interoperable storage management technologies, based on the rich foundation provided by the DMTF's CIM and WBEM specifications. 3.13.1. CMWG (Cloud Management Working Group) Using the recommendations developed by DMTF's Open Cloud Standards Incubator, the Cloud Management Working Group (CMWG) is focused on standardizing interactions between cloud environments by developing specifications that deliver architectural semantics and implementation details to achieve interoperable cloud management between service prociders and their consumers and developers. DSP0263 Cloud Infrastructure Management Interface (CIMI) Model and REST Interface over HTTP is an Interface for Managing Cloud Infrastructure. This profile defines a logical model for the management of resources within the Infrastructure as a Service domain. A model was developed to address the use cases outlined in the !oScoping Framework for Cloud Management Models and Protocol Requirements!+/- document. The most recent version of DSP4003 v1.3.0 (the Alliance Partner Work Register Process document) approved by the DMTF board of directors on June 8th, 2006 defines how an alliance partner work register is created and the sequence of steps that are required before a work register is approved and the alliance partnership is established. WorkGroup Chair: Winston Bumpus, VMware Inc. wbumpus@vmware.com. WorkGroup Chair: Mark Johnson, IBM. mwj@us.ibm.com. Website:http://members.dmtf.org/apps/org/workgroup/cmwg/ Status: Active. Khasnabish & JunSheng Expires June 30, 2013 [Page 20] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Partnership/Coordination: o CSA o CompTIA(Computing Technology Industry Association ) o ECMA(Ecma International) o OGF(Open Grid Forum) o TGG(The Green Grid) o TOG(The Open Group) o OMG(Object Management Group) o PWG(Printer Working Group) o SNIA o TMF(TeleManagement Forum) o TCG(Trusted Computing Group) o UEFI(Unified Extensible Firmware Interface) Language: English. 3.13.2. SVPC(System Virtualization, Partitioning, and Clustering) DMTF's SVPC includes a set of specifications that address the management lifecycle of a virtual environment. SVPC's OVF (Open Virtualization Format) specification provides a standard format for packaging and describing virtual machines and applications for deployment across heterogeneous virtualization platforms. SVPC's profiles standardize many aspects of the operational management of a heterogeneous virtualized environment. OVF is a common packaging format for independent software vendors (ISVs) to package and securely distribute virtual appliances, enabling cross-platform portability. By packaging virtual appliances in OVF, ISVs can create a single, pre-packaged appliance that can run on customers' virtualization platforms of choice. The key properties of the format are as follows: o Optimized for distribution Khasnabish & JunSheng Expires June 30, 2013 [Page 21] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Optimized for a simple, automated user experience o Supports both single VM and multiple o Portable VM packaging o Vendor and platform independent o Extensible - OVF is immediately useful - and extensible o Localizable - OVF supports user-visible descriptions in multiple locales Workgroup Chair: Mr. Lawrence Lamers, VMware Inc. ljlamers@vmware.com. Vice-Chair: Michael Johanssen, IBM. johanssn@de.ibm.com. Website:http://www.dmtf.org/initiatives/vman_nitiative/ Status: Active. Partnership/Coordination: DMTF. Language: English. 3.13.3. CADF(Cloud Auditing Data Federation Working Group) CADF is developing specifications for federating audit event data from cloud providers which includes defining a normative, prescriptive audit data format, event classification taxonomies, interface definitions and a compatible interaction model. The data format specification will include the constructs for federating audit event data in the form of customized audit reports and logs which preserves reference to source information on the participating cloud resources. Member use cases are now being accepted as input to the development process in order to assure the data format and interface models specified by the working group consumable by different customer scenarios and implementations. The WG deliverables: o Cloud Audit Event Data Model Specification Khasnabish & JunSheng Expires June 30, 2013 [Page 22] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Cloud Audit Event API Specification o Profiles of the Cloud Audit Event Data Model and Event API Specifications which the CADF deems necessary. o Protocol requirements delivered to the CMWG (or other groups if they exist) o Other documents and whitepapers which the Cloud Audit Working Group deems necessary. Workgroup Chair: Mr. Matthew Rutkowski, IBM. Workgroup: Mr. David Corlette, Novell. johanssn@de.ibm.com. Website:http://members.dmtf.org/apps/org/workgroup/cadf/ description.php Status: Active. Partnership/Coordination: DMTF, CSA, TOG(The Open Group). Language: English. 3.13.4. Cloud Incubator This Incubator was started in 2009. The goal of the Incubator is to define a set of architectural semantics that unify the interoperable management of enterprise and cloud computing. In July 2010 the incubator delivered two important documents: Use Cases and Interactions for Managing Clouds (DSP-IS0103) and Architecture for Managing Clouds (DSP-IS0102). These two documents together describe how standardized interfaces and data formats can be used to manage clouds. The first document focuses on the overall architecture, including requirements for the architected interfaces in general (e.g., requirements on resource model). The second document focuses on interactions and data formats. The use cases involved resources include service resources provision, changing and monitoring etc. Incubator deliverables: o Cloud taxonomy o Cloud Interoperability whitepaper Khasnabish & JunSheng Expires June 30, 2013 [Page 23] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Informational specifications o Proposed OVF changes for cloud usage o Proposed Profiles for management of resources exposed by a cloud o Proposed changes to other DMTF standards o Requirements for trust for cloud resource management o Work register(s) with appropriate alliance partners (See below) Workgroup Chair: Mr. Billy Cox, Intel Corporation. Website:http://members.dmtf.org/apps/org/workgroup/cloud/ description.php Status: Active. Partnership/Coordination: DMTF, SNIA. Language: English. 3.14. ENISA(European Network and Information Security Agency) ENISA is carrying out a risk assessment of cloud computing with input from 30 experts from major companies and academic institutions. The paper should provide an assessment of key risks and their mitigation strategies in cloud computing. ENISA Cloud Computing Risk Assessment ENISA is carrying out a risk assessment of cloud computing with input from 30 experts from major companies and academic institutions. The paper should provide an assessment of key risks and their mitigation strategies in cloud computing which will allow: o European Policymakers to decide on research policy (to develop technologies to mitigate risks) o European Policymakers to decide on appropriate policy and economic incentives, legislative measures, awareness-raising initiatives etc... vis-a-vis cloud-computing technologies. o Business leaders to evaluate the risks of adopting such technologies and possible mitigation strategies. Individuals/ citizens to evaluate the cost/benefit of ----using the consumer version of such applications. Khasnabish & JunSheng Expires June 30, 2013 [Page 24] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Executive Director, Dr Udo Helmbrecht Website:http://www.enisa.europa.eu/ Status: Active. Partnership/Coordination: EP3R(European Public-Private Partnership for Resilience, http://ec.europa.eu/information_society/policy/nis/ strategy/activities/ciip/impl_activities/index_en.htm ) Language: English. 3.15. ETSI STF 331 (Specialist Task Force on ICT GRID Technologies Interoperability and Standardization) The Specialist Task Force (STF) addressed, in general, IT-Telecom (Information Technology and Telecommunications) convergence and, in particular, the lack of interoperable GRID solutions built by IT in conjunction with the Telecom industry. At the request of TC GRID, this scope was extended to include "cloud computing". White paper: o Grid and Cloud Computing Technology: Interoperability and Standardization for the Telecommunications Industry, 2009. Technical Report: o ETSI TR 102 659-1 Study of ICT GRID interoperability gaps; Part 1: Inventory of ICT Stakeholders V1.2.1, 2009-10 o ETSI TR 102 659-2 Study of ICT GRID interoperability gaps; Part 2: List of identified Gaps V1.2.1, 2009-10 o ETSI TR 102 766 ICT GRID Interoperability Testing Framework and survey of existing ICT Grid interoperability solutions V1.1.1, 2009-10 Technical Specification: o TSI TS 102 786 ICT GRID Interoperability Testing Framework V1.1.1, 2009-10 Chair: Mr. Geoffrey Caryer (STF 331 team leader) Website:http://portal.etsi.org/STFs/STF_HomePages/STF331/STF331.asp Status: Active. Khasnabish & JunSheng Expires June 30, 2013 [Page 25] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Partnership/Coordination: ETSI Language: English. 3.16. ETSI TC GRID (Technical Committee Grid) Responsible for producing test specifications and standards to integrate the use of telecommunications infrastructures in networked computing, including both Grid computing and Cloud computing. ETSI's Grid Technical Committee (TC GRID) is addressing issues associated with the convergence of Information Technology (IT) and telecommunications, paying particular attention to scenarios where connectivity goes beyond the local network. This includes not only Grid computing but also the emerging commercial trend towards Cloud computing which places particular emphasis on ubiquitous network access to scalable computing and storage resources. The vision is to evolve towards a coherent and consistent general purpose infrastructure, made up of interoperable elements ranging from small devices up to supercomputers, connected by global networks and capable of supporting communities ranging from individuals to whole industries, and with applications in business, public sector, academic and consumer environments. Note: TC GRID will be renamed to TC Cloud shortly and start work on standardization requirements for cloud services (ETSI TR 102 997) Chair: Mr. Michael Fisher (BT Group Plc) Website:http://portal.etsi.org/portal/server.pt/community/GRID/310 Status: Initiating TC Cloud. Partnership/Coordination: o ETSI TC TISPAN o ETSI TC MTS o ETSI CTI (Centre for Testing & Interoperability) o ETSI Plugtests Events o ITU-T o Open Grid Forum, with which a Memorandum of Understanding has been signed Khasnabish & JunSheng Expires June 30, 2013 [Page 26] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o European Commission DG INFSO, DG ENTR o NESSI European Technology Platform Language: English. 3.17. GICTF (Global Inter-Cloud Technology Forum, Japan) GICTF aims to promote standardization of network protocols and the interfaces through which cloud systems interwork with each other, and to enable the provision of more reliable cloud services than those available today. Main activities and goals o Promote the development and standardization of technologies to use cloud systems; o Propose standard interfaces that allow cloud systems to interwork with each other; o Collect and disseminate proposals and requests regarding organization of technical exchange meetings and training courses; o Establish liaison with counterparts in the U.S. and Europe, and promote exchange with relevant R&D teams. Working Group o General Assembly o Board of Directors o Technology Task Force o Application Task Force Chair: Prof. Tomonori Aoyama (Keio Univ.) Website:http://www.gictf.jp/index_e.html Status: Active. Partnership/Coordination: Not known Language: English. Khasnabish & JunSheng Expires June 30, 2013 [Page 27] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3.18. IEEE SA (Standards Association) CLOUD 2009 is created to provide a prime international forum for both researchers and industry practitioners to exchange the latest fundamental advances in the state of the art and practice of Cloud Computing, identify emerging research topics, and define the future of Cloud Computing. http://www.thecloudcomputing.org/2009/2/ CLOUD 2010 tries to attract researchers, practitioners, and industry business leaders in all the following areas to help define and shape cloud computing, and its related modernization strategy and directions of the services industry. http://www.thecloudcomputing.org/2010/ IEEE SA collaborated with CSA in a cloud security standards survey, and in some events related to cloud standards. A number of existing IEEE standards is indirectly linked to cloud computing. Cloud Security Alliance and IEEE Join Forces to Identify Cloud Security Standards Requirements For IT Practitioners General Chairs: Stephen S. Yau, Arizona State University, USA. Liang-Jie Zhang, IBM T.J. Watson Research, USA Program Chairs: Wu Chou, Avaya Labs Research, Avaya, USA. Adrezej M Goscinski, Deakin University, Australia. Application and Industry Track Chairs: Claudio Bartolini, HP Labs, USA. Min Luo, IBM Software Group, USA Website:http://standards.ieee.org/ Status: Active. Partnership/Coordination: CSA Language: English. 3.19. IETF/APP/SCIM System for Cross-domain Identity Management (SCIM) WG Charter: The System for Cross-domain Identity Management (SCIM) working group will standardize methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications. "Standardize" does not necessarily mean that the working group will develop new technologies. The existing specifications for "SCIM 1.0" Khasnabish & JunSheng Expires June 30, 2013 [Page 28] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 provide RESTful interfaces on top of HTTP rather than defining a new application protocol. That will be the basis for the new work. Today, distributed identity management across administrative domains is complicated by a lack of protocol and schema standardization between consumers and producers of identities. This has led to a number of approaches, including error-prone manual administration and bulk file uploads, as well as proprietary protocols and mediation devices that must be adapted to each service for each organization. While there is existing work in the field, it has not been widely adopted for a variety of reasons, including a lack of common artifacts such as schema, toolsets, and libraries. The SCIM working group will develop the core schema and interfaces based on HTTP and REST to address these problems. Initially, the group will focus on o a schema definition o a set of operations for creation, modification, and deletion of users o schema discovery o read and search o bulk operations o mapping between the inetOrgPerson LDAP object class (RFC 2798) and the SCIM schema It will follow that by considering extensions for client targeting of specific SCIM endpoints and SAML binding. The approach will be extensible. The group will use, as starting points, the following drafts in the following ways: o draft-scim-use-cases-00 as the initial use cases for SCIM o draft-scim-core-schema-00 as the schema specification o draft-scim-api-00 as the protocol specification These drafts are based on existing specifications, which together are commonly known as SCIM 1.0. Because there is existing work with existing implementations, some consideration should be given to backward compatibility, though getting it right takes priority. This group will consider the operational experience gathered from the existing work, as well as experiences with work done by other bodies, Khasnabish & JunSheng Expires June 30, 2013 [Page 29] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 including the OASIS Provisioning TC. The use cases document will be a "living document", guiding the working group during its development of the standards. The group may take snapshots of that document for Informational publication, to serve as documentation of the motivation for the work in progress and to similarly guide planning and implementation. The group will produce Proposed Standards for a schema, a REST-based protocol, and a SAML binding, as well as an Informational document defining an LDAP mapping. In doing so, the group will make the terminology consistent, identify any functional gaps that would be useful for future work, address internationalization, and provide guidelines and mechanisms for extensibility. In addition, the working group will ensure that the SCIM protocol embodies good security practices. Given both the sensitivity of the information being conveyed in SCIM messages and the regulatory requirements regarding the privacy of personally identifiable information, the working group will pay particular attention to issues around authorization, authenticity, and privacy. The group considers the following out of scope for this group: o Defining new authentication schemes o Defining new policy/authorization schemes Area Director: Barry Leiba (barryleiba@computer.org) Website:http://datatracker.ietf.org/wg/scim/ Status: Active. Partnership/Coordination: IETF Language: English. 3.20. IETF/TSV Decade The Working Group (WG) will have three primary tasks. First, the WG will identify target applications to appropriately scope the problem and requirements. P2P applications are the primary target, but suitability to other applications with similar requirements may be considered depending on additional complexity required to support such applications. Khasnabish & JunSheng Expires June 30, 2013 [Page 30] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Second, the WG will identify the requirements to enable target applications to utilize in-network storage. Requirements will include the ability for an application to (1) store, retrieve, and manage data, (2) indicate access control policies for storing and retrieving data suitable to an environment with users across multiple administrative and security domains (e.g., in a P2P environment), and (3) indicate resource control policies for storing and retrieving data. Third, the WG will develop an architecture within which the DECADE protocol can be specified. This architecture will identify DECADE's relationship to existing IETF protocols and where (if any) new protocol is needed or extensions to existing protocols need to be made. The architecture will not specify a protocol or extension; if development of a new protocol is needed, the WG will seek to recharter for this purpose or might ask an existing WG to work on such extensions. The architecture will not specify a protocol or extension; if development of a new protocol is needed, the WG will seek to recharter for this purpose or might ask an existing WG to work on such extensions. The WG will focus on the following work items: o A "problem statement" document. This document provides a description of the problem and common terminology. o A requirements document. This document lists the requirements for the in-network storage service (e.g., supported operations) and the protocol to support it. The service will include storing, retrieving, and managing data as well as specifying both access control and resource control policies in the in-network storage pertaining to that data. o A survey document. This document will survey existing related mechanisms and protocols (e.g., HTTP, NFS, and WebDAV), and evaluate their applicability to DECADE. o An architecture document. This document will identify DECADE's relationship with existing IETF protocols. Existing protocols will be used wherever possible and appropriate to support DECADE's requirements. In particular, data storage, retrieval, and management may be provided by an existing IETF protocols. The WG will not limit itself to a single data transport protocol since different protocols may have varying implementation costs and Khasnabish & JunSheng Expires June 30, 2013 [Page 31] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 performance tradeoffs. However, to keep interoperability manageable, a small number of specific, targeted, data transport protocols will be identified and used. If new protocol development is deemed necessary, the WG will be rechartered. It is not expected that all work items will be ready for IESG review by that point, but WG consensus must show that documents directing eventual protocol development (Requirements and Architecture document) have stabilized. This permits adjustments to such documents as necessary to maintain consistency as protocol development is done. The following issues are considered out-of-scope for the WG: o Specification of policies regarding copyright-protected or illegal content. o Locating the "best" in-network storage location from which to retrieve content if there are more than one location can provide the same content. o Developing a new protocol for data transport between P2P applications and in-network storage. Chairs: Richard Woundy(Richard_Woundy@cable.comcast.com), Haibin Song(melodysong@huawei.com). Area Director: Alexey Melnikov(alexey.melnikov@isode.com). Website:https://datatracker.ietf.org/wg/decade/ Status: Active. Partnership/Coordination: o IRTF o IASA/IAOC/Trust IANA Language: English. 3.21. IETF/TSV/nfsv4 NFS Version 4 is the IETF standard for file sharing. To maintain NFS Version 4's utility and currency, the working group is chartered to: o maintain the existing NFSv4, NFSv4.1 and related specifications, such as RPC and XDR, Khasnabish & JunSheng Expires June 30, 2013 [Page 32] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o progress these specifications along the standards track, o develop a protocol to create a federated namespace using NFSv4's existing referral mechanisms. Goals and Milestones: o Done - Issue strawman Internet-Draft for v4 o Done - Submit Initial Internet-Draft of requirements document o Done - Submit Final Internet-Draft of requirements document o Done - AD reassesses WG charter o Done - Submit v4 Internet-Draft sufficient to begin prototype implementations o Done - Begin Interoperability testing of prototype implementations o Done - Submit NFS version 4 to IESG for consideration as a Proposed Standard. o Done - Conduct final Interoperability tests o Done - Conduct full Interoperability tests for all NFSv4 features o Done - Update API advancement draft o Done - Form core design team to work on NFS V4 migration/ replication requirements and protocol o Done - Submit revised NFS Version 4 specification (revision to RFC 3010) to IESG for consideration as a Proposed Standard o Done - Strawman NFS V4 replication/migration protocol proposal submitted as an ID o Done - WG Last Call for RPC and NFS RDMA drafts o Done - WG Last Call for rfc1831bis (RPC version 2) o Done - WG Last Call for NFSv4.1 Object-based layout o Done - WG Last Call for NFSv4 minor version 1 o Done - WG Last Call for NFSv4.1 block/volume layout Khasnabish & JunSheng Expires June 30, 2013 [Page 33] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Done - Submit NFS Minor Version 1 to IESG for publication as a Proposed Standard o Done - Submit Object-based pNFS Operations to IESG for publication as a Proposed Standard o Done - Submit pNFS Block/Volume Layout to IESG for publication as a Proposed Standard o May 2009 - WG Last Call for Requirements for Federated File Systems draft-ietf-nfsv4-federated-fs-reqts-01 o Sep 2009 - WG Last Call for rfc3530bis (NFS version 4) o Oct 2009 - WG Last Call for Administration Protocol for Federated Filesystems draft-ietf-nfsv4-federated-fs-admin-00.txt o Oct 2009 - WG Last Call for NSDB Protocol for Federated Filesystems draft-ietf-nfsv4-federated-fs-protocol-00.txtwith IPv6. Additionally, it will create an IANA registry for RPC program numbers and seed it with a registry Sun has been maintaining. Chairs: Brian Pawlowski(beepy@netapp.com). Spencer Shepler(spencer.shepler@gmail.com) Website:http://tools.ietf.org/wg/nfsv4/charters Status: Active. Partnership/Coordination: IRTF Language: English. 3.22. IETF/OPS/netconf The NETCONF Working Group is chartered to produce a protocol suitable for network configuration, with the following characteristics: o Provides retrieval mechanisms which can differentiate between configuration data and non-configuration data o Is extensible enough so that vendors will provide access to all configuration data on the device using a single protocol o Has a programmatic interface (avoids screen scraping and formatting-related changes between releases) Khasnabish & JunSheng Expires June 30, 2013 [Page 34] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Uses a textual data representation, that can be easily manipulated using non-specialized text manipulation tools o Supports integration with existing user authentication methods o Supports integration with existing configuration database systems o Supports network wide configuration transactions (with features such as locking and rollback capability) o Is as transport-independent as possible o Provides support for asynchronous notifications The NETCONF protocol is using XML for data encoding purposes, because XML is a widely deployed standard which is supported by a large number of applications. The NETCONF protocol should be independent of the data definition language and data models used to describe configuration and state data. Chair: Bert Wijnen(bertietf@bwijnen.net), Mehmet Ersue(mehmet.ersue@nsn.com) Website:http://datatracker.ietf.org/wg/netconf/ Status: Active. Partnership/Coordination: o IASA/IAOC/Trust IANA o IRTF Language: English. 3.23. IETF/OPS/ARMD Address Resolution for Massive numbers of hosts in the Data center (armd) WG Charter: Changing workloads in datacenters are having an impact on the performance of current datacenter network designs. For example, the use of virtual machines (VMs) as a means for deployment and management of new services often results in a significant increase in the number of hosts attached to the network. Various requirements for the deployment of VMs in data center networks, such as support for VM mobility, has led to architectures in which broadcast domains are scaling up to span more switching devices and Khasnabish & JunSheng Expires June 30, 2013 [Page 35] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 VM servers, and to interconnect more hosts (as represented by VMs). In these deployment architectures, heavily used protocols that are based on broadcast or multicast, such as ARP and ND, may contribute to poor network performance. The armd Working Group will investigate the impact of changing workloads and existing protocols on datacenter network performance. In its work, the armd Working Group will take into consideration work done in data center networking standardization by other SDOs, such as the IEEE 802.1 Data Center Bridging Task Group, and will communicate and exchange information with these organizations. Area Director: Ronald Bonica (rbonica@juniper.net) Website:http://datatracker.ietf.org/wg/armd/ Status: Active. Partnership/Coordination: IETF Language: English. 3.24. IETF/RTG/NVO3 Network Virtualization Overlays (NVO3) WG Charter: Support for multi- tenancy has become a core requirement of data centers (DCs), especially in the context of data centers supporting virtualized hosts known as virtual machines (VMs). Three key requirements needed to support multi-tenancy are: o Traffic isolation, so that a tenant's traffic is not visible to any other tenant, and o Address independence, so that one tenant's addressing scheme does not collide with other tenant's addressing schemes or with addresses used within the data center itself. o Support the placement and migration of VMs anywhere within the data center, without being limited by DC network constraints such as the IP subnet boundaries of the underlying DC network. An NVO3 solution (known here as a Data Center Virtual Private Network (DCVPN)) is a VPN that is viable across a scaling range of a few thousand VMs to several million VMs running on greater than one hundred thousand physical servers. It thus has good scaling properties from relatively small networks to networks with several million DCVPN endpoints and hundreds of thousands of DCVPNs within a Khasnabish & JunSheng Expires June 30, 2013 [Page 36] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 single administrative domain. A DCVPN also supports VM migration between physical servers in a sub- second timeframe. Note that although this charter uses the term VM throughout, NVO3 must also support connectivity to traditional hosts e.g. hosts that do not have hypervisors. NVO3 will consider approaches to multi-tenancy that reside at the network layer rather than using traditional isolation mechanisms that rely on the underlying layer 2 technology (e.g., VLANs). The NVO3 WG will determine which types of connectivity services are needed by typical DC deployments (for example, IP and/or Ethernet). NVO3 will document the problem statement, the applicability, and an architectural framework for DCVPNs within a data center environment. Within this framework, functional blocks will be defined to allow the dynamic attachment / detachment of VMs to their DCVPN, and the interconnection of elements of the DCVPNs over the underlying physical network. This will support the delivery of packets to the destination VM within the scaling and migration limits described above. Based on this framework, the NVO3 WG will develop requirements for both control plane protocol(s) and data plane encapsulation format(s), and perform a gap analysis of existing candidate mechanisms. In addition to functional and architectural requirements, the NVO3 WG will develop management, operational, maintenance, troubleshooting, security and OAM protocol requirements. The NVO3 WG will investigate the interconnection of the DCVPNs and their tenants with non-NVO3 IP network(s) to determine if any specific work is needed. The NVO3 WG will write the following informational RFCs, which must have completed Working Group Last Call before rechartering can be considered: o Problem Statement o Framework document o Control plane requirements document o Data plane requirements document Khasnabish & JunSheng Expires June 30, 2013 [Page 37] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Operational Requirements o Gap Analysis Driven by the requirements and consistent with the gap analysis, the NVO3 WG may request being rechartered to document solutions consisting of one or more data plane encapsulations and control plane protocols as applicable. Any documented solutions will use existing IETF protocols if suitable. Otherwise, the NVO3 WG may propose the development of new IETF protocols, or the writing of an applicability statement for non-IETF protocols. If the WG anticipates the adoption of the technologies of another SDO, such as the IEEE, as part of the solution, it will liaise with that SDO to ensure the compatibility of the approach. Area Director: Stewart Bryant (stbryant@cisco.com) Website:http://datatracker.ietf.org/wg/nvo3/ Status: Active. Partnership/Coordination: IETF Language: English. 3.25. IRTF/P2PRG Overall, the field of P2P technologies presents a number of interesting challenges which includes new methods for optimizing P2P application overlays, performing routing and peer selection decisions, managing traffic and discovering resources. Areas of interest are also new techniques for P2P streaming and interconnecting distinct P2P application overlays. Other challenges for P2P are related to storage, reliability, and information retrieval in P2P systems. Yet another challenging area is security, privacy, anonymity and trust. Finally, it is challenging to examine P2P systems that are deployed, for example, to measure, monitor and characterize P2P applications. In addition to these areas of research, it is of interest to investigate the requirements of new applications (e.g., real-time P2P applications or P2P applications for wireless networks) on the P2P technologies used. The P2P RG will collaborate with academia and industry on making progress addressing these challenges. Chair: Volker Hilt(volkerh@bell-labs.com), Stefano Previdi(sprevidi@cisco.com) Khasnabish & JunSheng Expires June 30, 2013 [Page 38] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Website:http://www.irtf.org/charter?gtype=rg&group=p2prg Status: Active. Partnership/Coordination: IETF Language: English. 3.26. IRTF/VNRG The Virtual Networks Research Group (VNRG) provides a forum for interchange of ideas among a group of network researchers with an interest in network virtualization in the context of the Internet and also beyond the current Internet. The VNRG will consider the whole system of a VN and not only single components or a limited set of components; we will identify architectural challenges resulting from VNs, addressing network management of VNs, and exploring emerging technological and implementation issues. Initial set of work items: o concepts/background/terminology o common parts of VN architectures o common problems/challenges in VN o descriptions of appropriate uses o some solutions (per-problem perhaps) Chair: Joe Touch (touch@isi.edu), Martin Stiemerling (stiemerling@nw.neclab.eu) Website: http://irtf.org/concluded/vnrg Status: Concluded. Partnership/Coordination: IETF Language: English. 3.27. ISO/IEC JTC1 SC38 SGCC Khasnabish & JunSheng Expires June 30, 2013 [Page 39] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3.27.1. Study Group on Cloud Computing(SGCC) Terms of Reference: o Provide a taxonomy, terminology and value proposition for Cloud Computing. o Assess the current state of standardization in Cloud Computing within JTC1 and in other SDOs and consortia. o Document standardization market/business/user requirements and the challenges to be addressed. o Liaise and collaborate with relevant SDOs and consortia related to Cloud Computing. o Hold workshops to gather requirements as needed. o Provide a report of activities and recommendations to SC38. 3.27.2. Working Group 3 on Cloud Computing Terms of Reference: o Identify, develop, and maintain JTC 1 deliverables initially in the field of Cloud Computing Reference Architecture and Terms and Definitions. o Investigate the requirements for new work in the areas of Use case Analysis Methodology and Principle of Cloud Service Delivery, as provided in Clause 5.2 of the Study Group Report on Cloud Computing (SC 38 N 430). o As a basis for the evaluation and development of new work, utilize a use case-based methodology as described in the SC 38 Study Group Report on Cloud Computing (SC 38 N 430) as appropriate. o Support SC 38 goals and respond to requests pertaining to Cloud Computing initiated by SC 38, JTC 1 and external Liaison organizations. o Liaise and collaborate with SDOs and consortia related to Cloud Computing as appropriate. o Maintain future JTC 1 PAS and Fast Track submissions assigned to SC 38 in the area of Cloud Computing and Virtualization. SC38 Chairman: Dr. Donald Deutsch (USA) Khasnabish & JunSheng Expires June 30, 2013 [Page 40] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 SC38 Secretary: Ms. Marisa Peacock (USA) SGCC Convenor: Dr. Seungyun Lee (Korea) Website:http://www.iso.org/iso/standards_development/ technical_committees/list_of_iso_technical_committees/ iso_technical_committee.htm?commid=601355 Status: Active. Partnership/Coordination: o IEEE o IETF Language: English. 3.28. ITU-T JCA-Cloud (Joint Coordination Activity on Cloud Computing ) The TSAG (January 2012 meeting) agreed the establishment of the Joint Coordination Activity on Cloud Computing (JCA-Cloud) with SG 13 as parent group (Cf. TSB Circular 261, http://www.itu.int/md/T09-TSB-CIR-0261/en). The scope of JCA-Cloud is coordination of the ITU-T cloud computing standardization work within ITU-T and coordination of the communication with standards development organizations and forums also working on Cloud Computing protocols and standards. JCA-Cloud is open to ITU Members and designated representatives of relevant Standards Development Organizations and Forums (http://www.itu.int/en/ITU-T/jca/Cloud/Pages/relevant-sdos.aspx). The terms of reference (ToR) can be found at the website: http:// www.itu.int/en/ITU-T/jca/Cloud/Documents/ToR/ToR%20JCA%20Cloud.pdf. Chair: Monique Morrow (Cisco)). Website: http://www.itu.int/en/ITU-T/jca/Cloud/Pages/default.aspx Status: Active. Partnership/Coordination: Many (http://www.itu.int/en/ITU-T/jca/Cloud/Pages/relevant-sdos.aspx) Language: English. Khasnabish & JunSheng Expires June 30, 2013 [Page 41] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3.29. KCSA (Korea Cloud Service Association) Main mission of KCSA: o Create demand of Cloud service o Create Cloud service activation framework and its environments o Disseminate and promote Cloud service to public sectors Chair: Mr. Choi Do-Hwan Website:http://www.kcsa.or.kr/index.jsp Status: Active. Partnership/Coordination: Not known. Language: English. 3.30. Liberty Alliance / Kantara Initiative As of June 2009, the work of the Liberty Alliance is transitioning to the Kantara Initiative. The vision of Liberty Alliance is to enable [a networked world] web services based on open standards where consumers, citizens, businesses and governments can more easily conduct online transactions while protecting the privacy and security of identity information. o Build open standard-based specifications for federated identity and identity-based Web services. o Drive global identity theft prevention solutions. o Provide interoperability testing. o Offer a formal certification program for products utilizing Liberty specifications. o Establish best practices, rules, liabilities, and business guidelines. o Collaborate with other standards bodies, privacy advocates, and government policy groups. Khasnabish & JunSheng Expires June 30, 2013 [Page 42] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Address end user privacy and confidentiality issues. Kantara Initiative: Bridging and harmonizing the identity community with actions that will help ensure secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments. Managing Director: Mr. Joni Brennan Website:http://www.projectliberty.org/, http://kantarainitiative.org/ Status: New Initiative. Partnership/Coordination: Not known. Language: English. 3.31. NCOIC (Network Centric Operations Industry Consortium) The Network Centric Operations Industry Consortium is a global, not- for-profit organization dedicated to advancing interoperability via network centric operations. NCOIC has formed a Cloud Computing Working Group that will investigate ways to leverage clouds to support global interoperability. NCOIC's 90 member organizations from 19 nations will advocate for open standards and, on reaching consensus, will make voice of industry recommendations about their applicability. Further, NCOIC will develop operational and capability patterns that can enable our customers-in military, aviation, emergency response and cyber security-to achieve portability of information and services from cloud to cloud. Managing Director: TBD Website:https://www.ncoic.org/about/ Status: Initiative. Partnership/Coordination: Not known. Language: English. 3.32. NIST NIST's role in cloud computing is to promote the effective and secure use of the technology within government and industry by providing technical guidance and promoting standards. Khasnabish & JunSheng Expires June 30, 2013 [Page 43] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential Characteristics: o On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service's provider. o Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs). o Resource pooling. The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. o Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. o Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service. Working Group: o Cryptographic Technology Khasnabish & JunSheng Expires June 30, 2013 [Page 44] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Systems & Emerging Technologies Security Research o Security Management & Assurance o CMVP & CAVP - (now part of Security Management & Assurance) Chair: Mr. Peter Mell(mell@nist.gov) Website:http://csrc.nist.gov/groups/SNS/cloud-computing/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.33. OASIS OASIS is a not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society. The consortium produces more Web services standards than any other organization along with standards for security, e-business, and standardization efforts in the public sector and for application- specific markets. OASIS sees Cloud Computing as a natural extension of SOA and network management models. Related standards are: o Security, access and identity policy standards -- e.g., OASIS SAML, XACML, SPML, WS-Security Policy, WS-Trust. o Content, format control and data import/export standards -- e.g., OASIS ODF. o Registry, repository and directory standards -- e.g., OASIS ebXML and UDDI. o SOA methods and models, network management, service quality and interoperability -- e.g., OASIS SOA-RM, and BPEL. OASIS specifications are available here. http://www.oasis-open.org/specs/ OASIS Committees by Category o Adoption Services o Computing Management Khasnabish & JunSheng Expires June 30, 2013 [Page 45] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Document-Centric Applications o e-Commerce o Law & Government o Localisation o Security o SOA o Standards Adoption o Supply Chain o Web Services o XML Processing Website:http://www.oasis-open.org Status: Active. Partnership/Coordination: Not known. Language: English. 3.34. OCC The OCC is a member driven organization that supports the development of standards for cloud computing and frameworks for interoperating between clouds, develops benchmarks for cloud computing, and supports reference implementations for cloud computing. The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud. OCC Working Group. o Working Group on Standards and Interoperability For Large Data Clouds o The Open Cloud Testbed Working Group o The Open Science Data Cloud (OSDC) Working Group Khasnabish & JunSheng Expires June 30, 2013 [Page 46] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o Intercloud Testbed Working Group Website:http://opencloudconsortium.org/ Status: Active. Partnership/Coordination(Contributing Members and Partners): o Calit2 o Johns Hopkins University o National Lambda Rail o University of Chicago Language: English. 3.35. ODCA (Open Data Center Alliance) The Open Data Center Alliance (ODCA) was formed in 2010 as a unique consortium of leading global IT organizations. ODCA's focus is to deliver a unified voice for emerging data center and cloud computing requirements. The mission of ODCA is to speed the migration to cloud computing by enabling the solution and service ecosystem to address IT requirements with the highest level of interoperability and standards. This includes: o Identifying customer requirements for corporate adoption and deployment of cloud computing o Defining usage models for these requirements based on open, industry-standard, multi-vendor solutions that support a vision of secure federation, automation, common management, and transparency o Influencing industry innovation with: * Collective membership commitment to use Alliance usage models to guide corporate planning and purchasing of data center resources * Solution Provider member commitment to prioritize solution delivery based on Alliance Usage Model requirements o Collaborating with industry standards bodies to define standards development aligned with Alliance priorities. ODCA established technical workgroups in five categories that cover Khasnabish & JunSheng Expires June 30, 2013 [Page 47] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 essential areas of cloud computing: o Infrastructure: Related to core infrastructure of a cloud, including cloud data centers, access devices, and platforms. Use cases will span compute, storage, network, and facilities. o Management: Related to effective management of the cloud and cloud services to meet cloud subscriber, cloud provider, end user, and intermediary objectives. o Regulation and Ecosystem: Use cases and patterns where government regulations help or hinder cloud adoption. Also included are ecosystem practices that impede cloud models and/or render the models inefficient (for example, licensing). o Security: Use cases that highlight security needs of the cloud, particularly where significant user concerns limit adoption. o Services: Related to the kinds of cloud services and ways they might be used. This category is driven by dominant and emerging business models in the cloud. Website:http://www.opendatacenteralliance.org/ Status: Active. Partnership/Coordination(Contributing Members and Partners): o CSA o DMTF o TM Forum o OASIS o Open Computer Project Language: English. 3.36. OGF / OCCI OGF is an open community committed to driving the rapid evolution and adoption of applied distributed computing. Applied Distributed Computing is critical to developing new, innovative and scalable applications and infrastructures that are essential to productivity in the enterprise and within the science community. OGF accomplishes its work through open forums that build the community, explore Khasnabish & JunSheng Expires June 30, 2013 [Page 48] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 trends, share best practices and consolidate these best practices into standards. The purpose of the OCCI group is the creation of a practical solution to interface with Cloud infrastructures exposed as a service (IaaS). It will focus on a solution which covers the provisioning, monitoring and definition of Cloud Infrastructure services. The group should create this API in an agile way as we can have advantages over other groups if we deliver fast. Overlapping work and efforts will be contributed and synchronized with other groups. OCCI is a RESTful-based network Protocol and API for managing cloud computing infrastructure. It has since evolved into an extensible API with a strong focus on interoperability while still offering a high degree of extensibility. The current release of the OCCI is suitable to serve many other models in addition to IaaS, including e.g. PaaS and SaaS. OCCI are described from three aspects. o OCCI Core Mode. * Core Mode defines a representation of resource types which is an abstraction of real-world resources, including the means to identify, classify, associate and extend those resources. * Any resource exposed through OCCI is a Resource or a sub-type thereof. The Resource type contains a number of common attributes that Resource sub-types inherit. The Resource type is complemented by the Link type which associates one Resource instance with another. The Link type contains a number of common attributes that Link sub-types inherit. * OCCI Core Model types include Category, Kind, Mixin, Action, Entity, Resource and Link. o OCCI Rendering. * OCCI Rendering types include HTTP Header, XHTML5, etc. * OCCI Rendering is a lightweight yet all-encompassing means to describe infrastructure. * It provides the capability to send a native (e.g. OVF, VMX) representation for clients that can digest such a native rendering. Khasnabish & JunSheng Expires June 30, 2013 [Page 49] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o OCCI Infrastructure Model * OCCI Infrastructure Model describes a particular OCCI Infrastructure extension for the IaaS domain. * The main infrastructure types defined within OCCI Infrastructure are: + Compute. Information processing resources. + Network. Interconnection resource and represents a L2 networking resource. + Storage. Information recording resources. * Link sub-types for the Resource types are the following: + NetworkInterface connects a Compute instance to a Network instance. + StorageLink connects a Compute instance to a Storage instance. The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud. Areas of work of the OGF Standards Function. o Applications o Architecture o Compute o Data o Infrastructure o Liaison o Management o Security Open Cloud Computing Interface WG (occi-wg), Thijs Metsch Chair, Andy Edmonds Chair, Alexis Richardson Chair, Sam Johnston Secretary Khasnabish & JunSheng Expires June 30, 2013 [Page 50] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Website:http://www.ogf.org/, http://www.occi-wg.org/doku.php Status: Active. Partnership/Coordination: o IETF o W3C(World Wide Web Consortium) o OASIS o DMTF o SNIA o WS-I(Web Services Interoperability Organization) Language: English. 3.37. OMA(Open Mobile Alliance) OMA is the leading industry forum for developing market driven, interoperable mobile service enablers. OMA has developed OMA Cloud Computing White Paper v1.0 which identifies the following areas of interest as potential future developments opportunities: 1. The development and support of Cloud Computing related O&M functionality with OMA enablers. 2. To extend the OMA Mobile Commerce and Charging area. 3. To evaluate the need of developing new activities/work item to enable the 'Virtualized Experience' in Cloud Computing. OMA has established a new work item namely 'Unified Virtual Experience' i.e. use cases and requirements for Unified Virtual Experience (UVE) Enabler. 4. To extend the OMA Security area. Recently OMA is continuing extension of OMA Cloud Computing White Paper v1.0, i.e. the study of how OMA enablers need to be modified to be useful in the Cloud Computing environment. The scope of this new version v2.0 focuses on: Khasnabish & JunSheng Expires June 30, 2013 [Page 51] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o More detailed gap analysis with other SDOs and start a dialogue/ collaboration with them. o More gap analysis on other OMA areas, e.g.: * Person-to-Person Communication area. * Service Customization area. * End-to-end Efficiency aspect. o More recommendations of the future work in OMA. The goals of such analysis and recommendation in this White Paper are: o to consider a cloud delivery model as a converged platform to deliver IT and communication services over any network (fixed, mobile,..) and used by any end user connected devices (PC, TV, Smart Phone, M2M!). o to facilitate the operators to deliver a rich set of communication services (voice & video call, audio, video & web conf, messaging, unified communication, content creation, broadcasting...). Moreover the network services should be seen as smart pipes !ohigh-grade network!+/- for cloud services transport and cloud interconnection (inter-cloud) in order to guarantee secure and high performance end-to-end quality of service QoS for end users (considered as an important key differentiator for telecommunication players). Working Group: BOD CLOUD Chair: Bin Hu(Huawei Technologies Co., Ltd, bin.hu@huawei.com ) DSO: John Mudge(OMA, jmudge@omaorg.org ) Website: http://www.openmobilealliance.org/ Status: Active. Partnership/Coordination: None Language: English. Khasnabish & JunSheng Expires June 30, 2013 [Page 52] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 3.38. OMG(Object Management Group) The Cloud Standards Coordination Group is committed to development of a joint resource on cloud computing strategies, standards and implementations. Different SDOs are bringing together different but complementary abilities: storage, execution models, deployment models, service level agreements, security, authentication, privacy. Specific cloud-related specification efforts have only just begun in OMG, focusing on modeling deployment of applications & services on clouds for portability, interoperability & reuse. Relevant committees include Analysis & Design Task Force (ADTF) and SOA Special Interest Group (SOA SIG). Working Group: o Architecture Board o Platform Technology Committee o Domain Technology Committee Website:http://www.omg.org/ Status: Active. Partnership/Coordination: o ASC X12 o ASC T1M1 o CEN/ISSS (Information Society Standardization System) o DICOM (Digital Imaging and Communications in Medicine) o DMTF (Distributed Management Task Force) o ECMA (European Computer Manufacturers Association.) o FIPA (Foundation for Intelligent Physical Agents) o HL7 (Health Level Seven) o ICT-SB (Information and Communications Technology Standards Board) o IEEE 1226 Khasnabish & JunSheng Expires June 30, 2013 [Page 53] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 o ISO o ITU-T Standardization Sector o NCPDP (National Council for Prescription Drug Programs) o Parlay o SDRF - Software Defined Radio Forum o SWIFT (The Society for Worldwide International Financial Telecommunication) o TMForum (TeleManagement Forum) o 3GPP Language: English. 3.39. OCM (Open Cloud Manifesto) The Open Cloud Manifesto establishes a core set of principles to ensure that organizations will have freedom of choice, flexibility, and openness as they take advantage of cloud computing. While cloud computing has the potential to have a positive impact on organizations, there is also potential for lock-in and lost flexibility if appropriate open standards are not identified and adopted. To open the cloud computing, the rules specified by the OCM need be referenced. Website:http://www.opencloudmanifesto.org/ Status: Active. Partnership/Coordination: CCIF(Inactive) Language: English. 3.40. OGC WG (Open Group Cloud Work Group) The Open Group Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include Cloud Computing technology in a safe and secure way in their architectures to realize its significant cost, scalability and agility benefits. Khasnabish & JunSheng Expires June 30, 2013 [Page 54] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 To open the cloud computing, the rules specified by the OCM need be referenced. Chair: Mr. David Lounsbury (VP Government Programs, The Open Group) Website:http://www.opengroup.org/cloudcomputing/ Status: Active. Partnership/Coordination: Not known. Language: English. 3.41. SNIA SNIA Mission: Lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organizations in the management of information. SNIA's Forums and Initiatives include: o the Cloud Storage Initiative, o the Data Management Forum, o the Green Storage Initiative, o the Ethernet Storage Forum, o Storage Management Initiative, o Solid State Storage Initiative, o the Storage Security Industry Forum o the XAM Initiative The Cloud Data Management Interface (CDMI) defines the functional interface that applications will use to create, retrieve, update and delete data elements from the Cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface. This interface is also used by administrative and management Khasnabish & JunSheng Expires June 30, 2013 [Page 55] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 applications to manage containers, accounts, security access and monitoring/billing information, even for storage that is accessible by other protocols. The capabilities of the underlying storage and data services are exposed so that clients can understand the offering. Metadata is a convenient mechanism in managing large amounts of data with differing requirements through expressing those requirements in such a way that underlying data services differentiate their treatment of the data to meet those requirements. Resource types which are accessed through RESTful interface include: o Container. o Accounting. o DataObject. * Files. * Block Devices. * Object Stores. * Database Tables. o Capability. Storage Management Initiative Specification (SMI-S) defines a method for the interoperable management of a heterogeneous Storage Area Network (SAN), and describes the information available to a WBEM Client from an SMI-S compliant CIM Server and an object-oriented, XML-based, messaging-based interface designed to support the specific requirements of managing devices in and through SANs. The eXtensible Access Method (XAM) Interface specification defines a standard access method (API) between "Consumers" (application and management software) and "Providers" (storage systems) to manage fixed content reference information storage services. XAM includes metadata definitions to accompany data to achieve application interoperability, storage transparency, and automation for ILM-based practices, long term records retention, and information security. XAM will be expanded over time to include other data types as well as support additional implementations based on the XAM API to XAM conformant storage systems. Website:http://www.SNIA.org Khasnabish & JunSheng Expires June 30, 2013 [Page 56] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Status: Active. Partnership/Coordination: o ARMA (Association of Records Managers and Administrators) International o DMTF o Eclipse Aperi Storage Management Project o FCIA (Fibre Channel Industry Association) o OGF (Open Grid Forum) o The Green Grid Language: English. 3.42. Study group on Smart Cloud, Japan Ministry of Internal Affairs and Communications of Japan holds study group meetings on smart cloud collecting key people from the academia and the industry in Japan. They surveyed the current status of cloud computing and identified important issues from the viewpoints of technologies, standardization and international cooperation. Professor Emeritus Hideo Miyahara, Osaka University Website: http://www.soumu.go.jp Status: Active. Partnership/Coordination: Not known. Language: Japanese. 3.43. TM Forum The primary objective of TM Forum's Cloud Services Initiative is to help the industry overcome the barriers and assist the growth of a vibrant commercial marketplace for cloud based services. The centerpiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers. TM Forum's vision is to ensure acceleration of service standardization and commoditization in an effective and efficient Khasnabish & JunSheng Expires June 30, 2013 [Page 57] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 marketplace of cloud computing services in all global geographies, through alignment with the needs of the world's largest IT buyers. Enterprise Cloud Buyers Council Goals are: o to foster an effective and efficient marketplace for cloud compute infrastructure and services across all industry verticals and global geographies; o Accelerate standardization and commoditization of cloud services, and identifying common commodity processes best consumed as a service; o Solicit definition for standardized core and industry-specific SKUs for cloud services; o Achieve transparency of cost, service levels and reporting across the ecosystem; o Enable benchmarking of services across service providers and geographies; o Enable vendor measurement against normalized and agreed service level metrics; o Radically reduce cost of acquisition and operations for commodity compute & services. James Warner, head of Cloud computing TM Forum. Website: http://www.tmforum.org/ Status: Active. Partnership/Coordination: Not known. Language: English. Khasnabish & JunSheng Expires June 30, 2013 [Page 58] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 4. Summary and Analysis This survey shows that there are a variety of ways to virtualize computing and communication resources in order to support both client-side and server-side applications and services. Many of these services tend to utilize resources across multiple administrative, technology, and geographical domains. Since there is no unified and universally acceptable protocol and mechanism to define the mobility of resources across domains, the early implementers tend to utilize the features and functions of the existing IETF protocols along with their proprietary modifications or extensions in order to achieve their goals. In addition to using a virtualization layer (VM layer), a thin Cloud operating system (OS) layer may be useful to hide the complexity, specificity, and regionality (locality) of the resources. We also observe that different SDOs are trying to develop many different methods for logging and reporting of resource usage for Cloud services. This will create auditing transparency problems which may negatively impact the development of security and service level agreement features. At the end, these may in fact result in an increase in the effective cost for services that utilize the cloud based systems and networks, violating the very foundation on which the concept of utilizing cloud is based on. Khasnabish & JunSheng Expires June 30, 2013 [Page 59] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 5. Security Considerations To be added later, on as-needed basis. Khasnabish & JunSheng Expires June 30, 2013 [Page 60] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 6. Conclusion We have presented a survey of the activities of Cloud SDOs along with a simple early analysis. This survey has revealed that different SDOs are utilizing or expect to utilize a set of common IETF protocols for cloud services, and some time they modify or extend these protocols in order to satisfy their niche objectives. These will not only cause interoperability problems, but may also negatively impact further development of protocols and services in this very important area of cloud computing and networking. IETF is the best organization to address these issues. Khasnabish & JunSheng Expires June 30, 2013 [Page 61] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 7. Acknowledgement To be added later. Khasnabish & JunSheng Expires June 30, 2013 [Page 62] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 8. Appendix A: Cloud Standards WiKi. http://cloud-standards.org/wiki/index.php?title=Main_Page This WiKi Website documents the coordination activities of the various SDOs working on Cloud standards. You can find related Cloud SDOs the WiKi Website addressed here. o CloudAudit o Cloud Security Alliance o Distributed Management Task Force (DMTF) o ETSI(The European Telecommunications Standards Institute) o NIST(National Institute of Standards and Technology) o Open Grid Forum (OGF) o Object Management Group (OMG) o Open Cloud Consortium (OCC) o OASIS(Organization for the Advancement of Structured Information Standards) o SNIA(Storage Networking Industry Association) o OG WG(The Open Group) o ARTS(Association for Retail Technology Standards) Khasnabish & JunSheng Expires June 30, 2013 [Page 63] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 9. IANA Considerations This document has no actions for IANA. Khasnabish & JunSheng Expires June 30, 2013 [Page 64] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 10. Normative references [Cloud Definition] NIST, Special Publication 800-145, "The NIST definition of Cloud Computing", September 2011. [RFC2119] IETF, "Key words for use in RFCs to Indicate Requirement Levels", March 1997. Khasnabish & JunSheng Expires June 30, 2013 [Page 65] Internet-Draft Cloud SDO Activities Survey and Analysis December 2012 Authors' Addresses Bhumip Khasnabish ZTE USA, Inc. 55 Madison Avenue, Suite 160 Morristown, NJ 07960 USA Phone: +001-781-752-8003 Email: vumip1@gmail.com, bhumip.khasnabish@zteusa.com Chu JunSheng ZTE No.50 Ruanjian Dadao Road, Yuhuatai District Nanjing China Phone: +86-25-8801-4630 Email: chu.junsheng@zte.com.cn Khasnabish & JunSheng Expires June 30, 2013 [Page 66]