clouds                                                     B. Khasnabish
Internet-Draft                                                   ZTE USA
Intended status: Standards Track                             C. JunSheng
Expires: July 4, 2011                                                ZTE
                                                       December 31, 2010


                Cloud SDO Activities Survey and Analysis
                draft-khasnabish-cloud-sdo-survey-00.txt

Abstract

   At the IETF 77 Clouds Bar BoF, it was suggested that an internet
   draft on survey of standard organizations and working groups that are
   focusing on cloud-based systems and services be prepared.  The
   objective is to take a snapshot of industry activities related to
   cloud features and functions for the purpose of creating a gap
   analysis.  This document is that survey.  At the end of this survey a
   section on gap analysis is presented.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 4, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Khasnabish & JunSheng     Expires July 4, 2011                  [Page 1]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Survey of other SDOs . . . . . . . . . . . . . . . . . . . . .  6
     3.1.  ARTS (The Association for Retail Technology Standards) . .  6
     3.2.  ATIS (Alliance for Telecommunications Industry
           Solutions) SON FG. . . . . . . . . . . . . . . . . . . . .  6
     3.3.  CCF (Cloud Computing Forum, Korea).  . . . . . . . . . . .  7
     3.4.  CCIF (Cloud Computing Interoperability Forum). . . . . . .  8
     3.5.  CloudAudit . . . . . . . . . . . . . . . . . . . . . . . .  9
     3.6.  CCSA - Clouds  . . . . . . . . . . . . . . . . . . . . . .  9
     3.7.  Cloud Computing Use Cases Group  . . . . . . . . . . . . . 10
     3.8.  China Institute of Electronics.  . . . . . . . . . . . . . 11
     3.9.  Cloud Operations and Security, Japan.  . . . . . . . . . . 11
     3.10. CSA (Cloud Security Alliance)  . . . . . . . . . . . . . . 11
     3.11. CSA/TCI (Cloud Security Alliance / Trusted Cloud
           Initiative)  . . . . . . . . . . . . . . . . . . . . . . . 13
     3.12. DMTF (Distributed Management Task Force) . . . . . . . . . 13
     3.13. DMTF VMAN Initiative (DMTF Virtualization Management
           Initiative)  . . . . . . . . . . . . . . . . . . . . . . . 15
     3.14. ENISA(European Network and Information Security Agency)  . 15
     3.15. ETSI STF 331 (Specialist Task Force on ICT GRID
           Technologies Interoperability and Standardization) . . . . 16
     3.16. ETSI TC GRID (Technical Committee Grid)  . . . . . . . . . 17
     3.17. GICTF (Global Inter-Cloud Technology Forum, Japan) . . . . 18
     3.18. IEEE SA (Standards Association)  . . . . . . . . . . . . . 19
     3.19. IETF/APP Decade  . . . . . . . . . . . . . . . . . . . . . 20
     3.20. IETF/TSV/nfsv4 . . . . . . . . . . . . . . . . . . . . . . 22
     3.21. IETF/OPS/netconf . . . . . . . . . . . . . . . . . . . . . 24
     3.22. IRTF/P2PRG . . . . . . . . . . . . . . . . . . . . . . . . 25



Khasnabish & JunSheng     Expires July 4, 2011                  [Page 2]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


     3.23. IRTF/VNRG  . . . . . . . . . . . . . . . . . . . . . . . . 25
     3.24. ISO/IEC JTC1 SC38 SGCC . . . . . . . . . . . . . . . . . . 26
     3.25. ITU-T FG Cloud (Focus Group Cloud Computing) . . . . . . . 27
     3.26. KCSA (Korea Cloud Service Association) . . . . . . . . . . 29
     3.27. Liberty Alliance / Kantara Initiative  . . . . . . . . . . 29
     3.28. NCOIC (Network Centric Operations Industry Consortium) . . 30
     3.29. NIST . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
     3.30. OASIS  . . . . . . . . . . . . . . . . . . . . . . . . . . 32
     3.31. OCC  . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
     3.32. OGF / OCCI . . . . . . . . . . . . . . . . . . . . . . . . 34
     3.33. OMG(Object Management Group) . . . . . . . . . . . . . . . 35
     3.34. OCM (Open Cloud Manifesto) . . . . . . . . . . . . . . . . 37
     3.35. OGC WG (Open Group Cloud Work Group) . . . . . . . . . . . 37
     3.36. SNIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
     3.37. Study group on Smart Cloud, Japan  . . . . . . . . . . . . 39
     3.38. TM Forum . . . . . . . . . . . . . . . . . . . . . . . . . 40
   4.  Summary and Analysis . . . . . . . . . . . . . . . . . . . . . 42
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 43
   6.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 44
   7.  Acknowledgement  . . . . . . . . . . . . . . . . . . . . . . . 45
   8.  Appendix A: Cloud Standards WiKi.  . . . . . . . . . . . . . . 46
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 47
   10. Normative references . . . . . . . . . . . . . . . . . . . . . 48
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 49



























Khasnabish & JunSheng     Expires July 4, 2011                  [Page 3]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


1.  Introduction

   This draft presents a survey of the standards development
   organizations (SDOs) related to cloud activities.  By conducting a
   comprehensive survey, gaps and overlaps in Clouds standards can be
   determined.  This will allow us to determine the IETF work that would
   be required to address the gaps.  Once these IETF work have been
   completed, seamless interoperability of cloud services can be
   realized.










































Khasnabish & JunSheng     Expires July 4, 2011                  [Page 4]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


2.  Terminology

   Cloud-based systems are conveniently-connected modular blocks of
   resources

   o  Both physical and virtual modularizations of resources are
      possible

   o  For this discussion, the resources include computing (CPU),
      communications (bandwidth), memory (storage), management,
      database, software, applications, services, interconnectivity,
      etc.

   o  The objective is to make the resources available ubiquitously for
      mission-specific applications and services in order to support the
      ultimate level of privacy/security, scalability and reliability
      cost-effectively and without the headache of owning and
      maintaining the infrastructure

   Clouds Discussion Archive:
   http://www.ietf.org/mail-archive/web/clouds/current/maillist.html

   NIST definition: http://csrc.nist.gov/groups/SNS/cloud-computing/

   Service over Cloud

   o  Utilize (stitch, weave, embroider, ...) the resources from Cloud
      to provision, create, deliver, and maintain an End-to-End Service

   o  Use the service only when you Need it

   o  Pay only for the time duration and type of use of service (include
      the costs for resources used)


















Khasnabish & JunSheng     Expires July 4, 2011                  [Page 5]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


3.  Survey of other SDOs

3.1.  ARTS (The Association for Retail Technology Standards)

   The ARTS is dedicated to creating an open environment where both
   retailers and technology vendors work together to create
   international retail technology standards and to reduce the costs of
   the technology.  Recently, this group also started looking at
   researching cloud computing and developing white papers to address
   cloud issues.  Cloud Computing team starts work on a "mini
   RFP(Request for Proposal)" to help retailers evaluate cloud
   strategies and solutions.  ARTS is a separate council within the
   NRF(National Retail Federation) governed by a council of retailers
   and technology solution providers.

   ARTS has four standards/Committees:

   o  UnifiedPOS - Committee Chair Paul Gay, Epson

   o  Data Model - Committee Chair Lynn Myers, Lowe's Companies

   o  ARTS XML - Committee Chair Tim Hood, SAP

   o  Standard RFPs - Committee Chair Ann McCool

   ARTS Cloud Computing for Retail White Paper, Best Practices
   Documents.  This Cloud Computing for Retail whitepaper offers
   unbiased guidance for achieving maximum results from this relatively
   new technology.  Version 1.0 represents a significant update to the
   draft version released in October 2009, specifically providing more
   examples of cloud computing in retail, as well as additional
   information on the relationship to Service Oriented Architecture
   (SOA) and constructing a Private Cloud.

   Website:http://www.nrf-arts.org/

   Status: Active.

   Partnership/Coordination: NRF.

   Language: English.

3.2.  ATIS (Alliance for Telecommunications Industry Solutions) SON FG.

   The SON Forum is addressing work to enable the interoperability and
   implementation of Service Oriented Network (SON) applications and
   services by developing standards, providing coordination for the
   development of standards and practices, and facilitating related



Khasnabish & JunSheng     Expires July 4, 2011                  [Page 6]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   technical activities.  This forum is placing an emphasis on
   telecommunications industry needs in collaboration with regional and
   international standards development programs in the
   telecommunications, IT and Web industries.

   ATIS is accredited by the American National Standards Institute
   (ANSI).

   ATIS has three Working Areas:

   o  WORK AREA1:Policy and Data Models Work Area (PDM)

   o  WORK AREA2:OSS/BSS and Virtualization Work Area (OBV)

   o  WORK AREA3:Service Delivery Creation and Enablers Work Area (SDCE)

   SON Forum Chair: Andrew White, Qwest

   Son Forum Vice Chair:Gary Munson, AT&T

   Website:http://www.atis.org/SON/index.asp

   Status: Active.

   Partnership/Coordination:

   o  ANSI

   o  3GPP(TBC)

   Language: English.

3.3.  CCF (Cloud Computing Forum, Korea).

   Main mission of CCF:

   o  Constitute National level CC Forum

   o  Provide CC technology development and standardization activity

   o  Sharing CC technology information

   o  Study on CC adaptation method into Public sectors

   o  Support international standardization activity of CC

   o  Develop CC related Law and policy




Khasnabish & JunSheng     Expires July 4, 2011                  [Page 7]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   CCF has six Working Groups:

   o  Group 1: Policy and Certification

   o  Group 2: CC Technology Framework

   o  Group 3: Media Cloud

   o  Group 4: Storage Cloud

   o  Group 5: CC Technology for Green IDC

   o  Group 6: Mobile Cloud

   Chair: Mr. Son seung-won

   Website:http://www.ccsf-kr.org/

   Status: Active.

   Partnership/Coordination: Not known.

   Language: Korean, with some titles in English.

3.4.  CCIF (Cloud Computing Interoperability Forum).

   Goals

   The CCIF was formed in order to enable a global cloud computing
   ecosystem whereby organizations are able to seamlessly work together
   for the purposes for wider industry adoption of cloud computing
   technology and related services.  A key focus will be placed on the
   creation of a common agreed upon framework / ontology that enables
   the ability of two or more cloud platforms to exchange information in
   an unified manor.

   Mission

   CCIF is an open, vendor neutral, open community of technology
   advocates, and consumers dedicated to driving the rapid adoption of
   global cloud computing services.  CCIF shall accomplish this by
   working through the use open forums (physical and virtual) focused on
   building community consensus, exploring emerging trends, and
   advocating best practices / reference architectures for the purposes
   of standardized cloud computing.

   Note: CCIF is INACTIVE now.




Khasnabish & JunSheng     Expires July 4, 2011                  [Page 8]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   CCIF comes up with a unified cloud interface (a.k.a. cloud broker)
   whose features are as follows: unify various cloud APIs and abstract
   it behind an open and standardized cloud interface, that is, create
   an API about other APIs.  Proposed a UCI architecture.

   CCIF has two Working Groups:

   o  Standard and Interoperability Working Group

   o  Unified Cloud Interface Working Group

   Chair: Mr. Reuven Cohen (Enomaly Inc.)

   Website:http://www.cloudforum.org/

   Status: Inactive.

   Partnership/Coordination: Not known.

   Language: English.

3.5.  CloudAudit

   The goal of CloudAudit is to provide a common interface and namespace
   that allows cloud computing providers to automate the Audit,
   Assertion, Assessment, and Assurance (A6) of their infrastructure
   (IaaS), platform (PaaS), and application (SaaS) environments and
   allow authorized consumers of their services to do likewise via an
   open, extensible and secure interface and methodology.

   Automated Audit, Assertion, Assessment, and Assurance API (A6 Working
   Group), officially launched in January 2010.

   Chair: Mr. Christofer Hoff

   Website:http://www.cloudaudit.org/

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.

3.6.  CCSA - Clouds

   CCSA only follows up and evaluates the influence of cloud computing
   on telecommunication network.  The main focus of CCSA is on Cloud
   Computing in Mobile Internet, Cloud Computing with P2P technology,



Khasnabish & JunSheng     Expires July 4, 2011                  [Page 9]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Resource Virtualization Application Mode and Operation Requirement,
   etc.

   CCSA has two Clouds related Working Groups:

   o  TC2 WG1

   o  TC1 WG4

   Website:http://www.ccsa.org.cn/

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.

3.7.  Cloud Computing Use Cases Group

   The goal of this group is to bring together cloud consumers and cloud
   vendors to define common use cases for cloud computing.  The use
   cases will demonstrate the performance and economic benefits of cloud
   computing, and will be based on the needs of the widest possible
   range of consumers.

   The ToC of the latest version (V3) of the white paper includes

   o  Definitions and Taxonomy

   o  Use Case Scenarios

   o  Customer Scenarios

   o  Developer Requirements

   o  Security Scenarios

   o  Security Use Case Scenarios

   Website:http://groups.google.com/group/cloud-computing-use-cases

   Status: Active.

   Partnership/Coordination: OCM.

   Language: English.





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 10]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


3.8.  China Institute of Electronics.

   The goal of the CIA is to solve the emerged problems with the rapid
   development of Cloud Computing, follows up the latest development of
   technologies related to Cloud Computing, strengthen communication and
   cooperation in the domain of Cloud Computing, prompt the research and
   application on the technology of Cloud Computing, and draw up
   industry specification on Cloud Computing.

   Clouds related Group: Cloud Computing Experts Association.

   Chair: Mr. Li Deyi

   Website:http://www.ciecloud.org/

   Status: Active.

   Partnership/Coordination: OCM.

   Language: Chinese, with some titles in English.

3.9.  Cloud Operations and Security, Japan.

   Information Security Awareness Campaign to be jointly launched by the
   public and private sectors.  The Ministry of Economy, Trade and
   Industry (METI), Symantec Corporation, Trend Micro Incorporated,
   McAfee, Inc., and the Information-Technology Promotion Agency, Japan,
   will jointly launch the campaign to strengthen information security
   measures.  As information technology (IT) penetrates further into
   people's lives and socio-economic activities, Internet users face
   higher risks of becoming victims of computer viruses, unauthorized
   access or other security breaches.  This campaign is aimed at
   preventing such risks and increase people's awareness and knowledge
   of precautions for the safe use of IT.

   Website:http://www.meti.go.jp/english

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.

3.10.  CSA (Cloud Security Alliance)

   The Cloud Security Alliance is a non-profit organization formed to
   promote the use of best practices for providing security assurance
   within Cloud Computing, and provide education on the uses of Cloud



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 11]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Computing to help secure all other forms of computing.

   The CSA is mainly focus on:

   o  Promoting a common level of understanding between the consumers
      and providers of cloud computing regarding the necessary security
      requirements and attestation of assurance.

   o  Promoting independent research into best practices for cloud
      computing security.

   o  Launching awareness campaigns and educational programs on the
      appropriate uses of cloud computing and cloud security solutions.

   o  Creating consensus lists of issues and guidance for cloud security
      assurance.

   8 Working Groups:

   o  Group 1: Architecture and Framework

   o  Group 2: Governance, Risk Management, Compliance, Audit, Physical,
      BCM, DR

   o  Group 3: Legal and eDiscovery

   o  Group 4: Portability & Interoperability and Application Security

   o  Group 5: Identity and Access Mgt, Encryption & Key Mgt

   o  Group 6: Data Center Operations and Incident Response

   o  Group 7: Information Lifecycle Management & Storage

   o  Group 8: Virtualization and Technology Compartmentalization

   Chair: Mr. Jim Reavis (Executive Director), Mr. Christofer Hoff
   (Technical Director)

   Website:http://www.cloudsecurityalliance.org/

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 12]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


3.11.  CSA/TCI (Cloud Security Alliance / Trusted Cloud Initiative)

   The Trusted Cloud Initiative will help cloud providers develop
   industry-recommended, secure and interoperable identity, access and
   compliance management configurations, and practices.  We well develop
   reference models, education, certification criteria and a cloud
   provider self-certification toolset in 2010.

   The TCI hopes to publish the industry's first cloud security
   certification by the end of 2010.

   Chair: Mr. Liam Lynch (eBay), Mr. Nick Nikols (Novell)

   Website:http://www.trusted-cloud.com/

   Status: Active.

   Partnership/Coordination: CSA(TBC).

   Language: English.

3.12.  DMTF (Distributed Management Task Force)

   DMTF's Open Cloud Standards Incubator will focus on standardizing
   interactions between cloud environments by developing cloud resource
   management protocols, packaging formats and security mechanisms to
   facilitate interoperability.

   Using the recommendations developed by DMTF's Open Cloud Standards
   Incubator, the Cloud Managenment Working Group (CMWG) is focused on
   standardizing interactions between cloud environments by developing
   specifications that deliver architectural semantics and
   implementation details to achieve interoperable cloud management
   between service prociders and their consumers and developers.

   A DMTF partner initiative, SMI is a Storage Networking Industry
   Association (SNIA) initiative to standardize interoperable storage
   management technologies, based on the rich foundation provided by the
   DMTF's CIM and WBEM specifications.

   The Open Cloud Standards Incubator addresses the following aspects of
   the lifecycle of a cloud service:

   o  description of the cloud service in a template

   o  deployment of the cloud service into a cloud





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 13]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  offering of the service to consumers

   o  consumer entrance into contracts for the offering

   o  provider operation and management of instances of the service

   o  removal of the service offering

   The most recent version of DSP4003 v1.3.0 (the Alliance Partner Work
   Register Process document) approved by the DMTF board of directors on
   June 8th, 2006 defines how an alliance partner work register is
   created and the sequence of steps that are required before a work
   register is approved and the alliance partnership is established.

   Chair: Mr. Vinston Bumpus (President, DMTF)

   Website:http://www.dmtf.org/about/cloud-incubator/

   Status: Active.

   Partnership/Coordination:

   o  CSA

   o  CompTIA(Computing Technology Industry Association )

   o  ECMA(Ecma International)

   o  OGF(Open Grid Forum)

   o  TGG(The Green Grid)

   o  TOG(The Open Group)

   o  OMG(Object Management Group)

   o  PWG(Printer Working Group)

   o  SNIA

   o  TMF(TeleManagement Forum)

   o  TCG(Trusted Computing Group)

   o  UEFI(Unified Extensible Firmware Interface)

   Language: English.




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 14]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


3.13.  DMTF VMAN Initiative (DMTF Virtualization Management Initiative)

   DMTF's Virtualization Management Initiative (VMAN) includes a set of
   specifications that address the management lifecycle of a virtual
   environment.  VMAN's OVF (Open Virtualization Format) specification
   provides a standard format for packaging and describing virtual
   machines and applications for deployment across heterogeneous
   virtualization platforms.  VMAN's profiles standardize many aspects
   of the operational management of a heterogeneous virtualized
   environment.

   OVF is a common packaging format for independent software vendors
   (ISVs) to package and securely distribute virtual appliances,
   enabling cross-platform portability.  By packaging virtual appliances
   in OVF, ISVs can create a single, pre-packaged appliance that can run
   on customers!_ virtualization platforms of choice.

   The key properties of the format are as follows:

   o  Optimized for distribution

   o  Optimized for a simple, automated user experience

   o  Supports both single VM and multiple

   o  Portable VM packaging

   o  Vendor and platform independent

   o  Extensible - OVF is immediately useful - and extensible

   o  Localizable - OVF supports user-visible descriptions in multiple
      locales

   Chair: Mr. Vinston Bumpus (President, DMTF)

   Website:http://www.dmtf.org/initiatives/vman_nitiative/

   Status: Active.

   Partnership/Coordination: DMTF.

   Language: English.

3.14.  ENISA(European Network and Information Security Agency)

   ENISA is carrying out a risk assessment of cloud computing with input
   from 30 experts from major companies and academic institutions.  The



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 15]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   paper should provide an assessment of key risks and their mitigation
   strategies in cloud computing.

   ENISA Cloud Computing Risk Assessment

   ENISA is carrying out a risk assessment of cloud computing with input
   from 30 experts from major companies and academic institutions.  The
   paper should provide an assessment of key risks and their mitigation
   strategies in cloud computing which will allow:

   o  European Policymakers to decide on research policy (to develop
      technologies to mitigate risks)

   o  European Policymakers to decide on appropriate policy and economic
      incentives, legislative measures, awareness-raising initiatives
      etc... vis-a-vis cloud-computing technologies.

   o  Business leaders to evaluate the risks of adopting such
      technologies and possible mitigation strategies.  Individuals/
      citizens to evaluate the cost/benefit of ----using the consumer
      version of such applications.

   Executive Director, Dr Udo Helmbrecht

   Website:http://www.enisa.europa.eu/

   Status: Active.

   Partnership/Coordination: EP3R(European Public-Private Partnership
   for Resilience, http://ec.europa.eu/information_society/policy/nis/
   strategy/activities/ciip/impl_activities/index_en.htm )

   Language: English.

3.15.  ETSI STF 331 (Specialist Task Force on ICT GRID Technologies
       Interoperability and Standardization)

   The Specialist Task Force (STF) addressed, in general, IT-Telecom
   (Information Technology and Telecommunications) convergence and, in
   particular, the lack of interoperable GRID solutions built by IT in
   conjunction with the Telecom industry.  At the request of TC GRID,
   this scope was extended to include "cloud computing".

   White paper:

   o  Grid and Cloud Computing Technology: Interoperability and
      Standardization for the Telecommunications Industry, 2009.




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 16]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Technical Report:

   o  ETSI TR 102 659-1 Study of ICT GRID interoperability gaps; Part 1:
      Inventory of ICT Stakeholders V1.2.1, 2009-10

   o  ETSI TR 102 659-2 Study of ICT GRID interoperability gaps; Part 2:
      List of identified Gaps V1.2.1, 2009-10

   o  ETSI TR 102 766 ICT GRID Interoperability Testing Framework and
      survey of existing ICT Grid interoperability solutions V1.1.1,
      2009-10

   Technical Specification:

   o  TSI TS 102 786 ICT GRID Interoperability Testing Framework V1.1.1,
      2009-10

   Chair: Mr. Geoffrey Caryer (STF 331 team leader)

   Website:http://portal.etsi.org/STFs/STF_HomePages/STF331/STF331.asp

   Status: Active.

   Partnership/Coordination: ETSI

   Language: English.

3.16.  ETSI TC GRID (Technical Committee Grid)

   Responsible for producing test specifications and standards to
   integrate the use of telecommunications infrastructures in networked
   computing, including both Grid computing and Cloud computing.

   ETSI's Grid Technical Committee (TC GRID) is addressing issues
   associated with the convergence of Information Technology (IT) and
   telecommunications, paying particular attention to scenarios where
   connectivity goes beyond the local network.  This includes not only
   Grid computing but also the emerging commercial trend towards Cloud
   computing which places particular emphasis on ubiquitous network
   access to scalable computing and storage resources.  The vision is to
   evolve towards a coherent and consistent general purpose
   infrastructure, made up of interoperable elements ranging from small
   devices up to supercomputers, connected by global networks and
   capable of supporting communities ranging from individuals to whole
   industries, and with applications in business, public sector,
   academic and consumer environments.

   Note: TC GRID will be renamed to TC Cloud shortly and start work on



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 17]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   standardization requirements for cloud services (ETSI TR 102 997)

   Chair: Mr. Michael Fisher (BT Group Plc)

   Website:http://portal.etsi.org/portal/server.pt/community/GRID/310

   Status: Initiating TC Cloud.

   Partnership/Coordination:

   o  ETSI TC TISPAN

   o  ETSI TC MTS

   o  ETSI CTI (Centre for Testing & Interoperability)

   o  ETSI Plugtests Events

   o  ITU-T

   o  Open Grid Forum, with which a Memorandum of Understanding has been
      signed

   o  European Commission DG INFSO, DG ENTR

   o  NESSI European Technology Platform

   Language: English.

3.17.  GICTF (Global Inter-Cloud Technology Forum, Japan)

   GICTF aims to promote standardization of network protocols and the
   interfaces through which cloud systems interwork with each other, and
   to enable the provision of more reliable cloud services than those
   available today.

   Main activities and goals

   o  Promote the development and standardization of technologies to use
      cloud systems;

   o  Propose standard interfaces that allow cloud systems to interwork
      with each other;

   o  Collect and disseminate proposals and requests regarding
      organization of technical exchange meetings and training courses;





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 18]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  Establish liaison with counterparts in the U.S. and Europe, and
      promote exchange with relevant R&D teams.

   Working Group

   o  General Assembly

   o  Board of Directors

   o  Technology Task Force

   o  Application Task Force

   Chair: Prof. Tomonori Aoyama (Keio Univ.)

   Website:http://www.gictf.jp/index_e.html

   Status: Active.

   Partnership/Coordination: Not known

   Language: English.

3.18.  IEEE SA (Standards Association)

   CLOUD 2009 is created to provide a prime international forum for both
   researchers and industry practitioners to exchange the latest
   fundamental advances in the state of the art and practice of Cloud
   Computing, identify emerging research topics, and define the future
   of Cloud Computing. http://www.thecloudcomputing.org/2009/2/

   CLOUD 2010 tries to attract researchers, practitioners, and industry
   business leaders in all the following areas to help define and shape
   cloud computing, and its related modernization strategy and
   directions of the services industry.
   http://www.thecloudcomputing.org/2010/

   IEEE SA collaborated with CSA in a cloud security standards survey,
   and in some events related to cloud standards.  A number of existing
   IEEE standards is indirectly linked to cloud computing.  Cloud
   Security Alliance and IEEE Join Forces to Identify Cloud Security
   Standards Requirements For IT Practitioners

   General Chairs: Stephen S. Yau, Arizona State University, USA.
   Liang-Jie Zhang, IBM T.J. Watson Research, USA

   Program Chairs: Wu Chou, Avaya Labs Research, Avaya, USA.  Adrezej M
   Goscinski, Deakin University, Australia.



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 19]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Application and Industry Track Chairs: Claudio Bartolini, HP Labs,
   USA.  Min Luo, IBM Software Group, USA

   Website:http://standards.ieee.org/

   Status: Active.

   Partnership/Coordination: CSA

   Language: English.

3.19.  IETF/APP Decade

   The Working Group (WG) will have three primary tasks.

   First, the WG will identify target applications to appropriately
   scope the problem and requirements.  P2P applications are the primary
   target, but suitability to other applications with similar
   requirements may be considered depending on additional complexity
   required to support such applications.

   Second, the WG will identify the requirements to enable target
   applications to utilize in-network storage.  Requirements will
   include the ability for an application to (1) store, retrieve, and
   manage data, (2) indicate access control policies for storing and
   retrieving data suitable to an environment with users across multiple
   administrative and security domains (e.g., in a P2P environment), and
   (3) indicate resource control policies for storing and retrieving
   data.

   Third, the WG will develop an architecture within which the DECADE
   protocol can be specified.  This architecture will identify DECADE's
   relationship to existing IETF protocols and where (if any) new
   protocol is needed or extensions to existing protocols need to be
   made.

   The architecture will not specify a protocol or extension; if
   development of a new protocol is needed, the WG will seek to
   recharter for this purpose or might ask an existing WG to work on
   such extensions.

   The architecture will not specify a protocol or extension; if
   development of a new protocol is needed, the WG will seek to
   recharter for this purpose or might ask an existing WG to work on
   such extensions.

   The WG will focus on the following work items:




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 20]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  A "problem statement" document.  This document provides a
      description of the problem and common terminology.

   o  A requirements document.  This document lists the requirements for
      the in-network storage service (e.g., supported operations) and
      the protocol to support it.  The service will include storing,
      retrieving, and managing data as well as specifying both access
      control and resource control policies in the in-network storage
      pertaining to that data.

   o  A survey document.  This document will survey existing related
      mechanisms and protocols (e.g., HTTP, NFS, and WebDAV), and
      evaluate their applicability to DECADE.

   o  An architecture document.  This document will identify DECADE's
      relationship with existing IETF protocols.  Existing protocols
      will be used wherever possible and appropriate to support DECADE's
      requirements.  In particular, data storage, retrieval, and
      management may be provided by an existing IETF protocols.  The WG
      will not limit itself to a single data transport protocol since
      different protocols may have varying implementation costs and
      performance tradeoffs.

   However, to keep interoperability manageable, a small number of
   specific, targeted, data transport protocols will be identified and
   used.  If new protocol development is deemed necessary, the WG will
   be rechartered.  It is not expected that all work items will be ready
   for IESG review by that point, but WG consensus must show that
   documents directing eventual protocol development (Requirements and
   Architecture document) have stabilized.  This permits adjustments to
   such documents as necessary to maintain consistency as protocol
   development is done.

   The following issues are considered out-of-scope for the WG:

   o  Specification of policies regarding copyright-protected or illegal
      content.

   o  Locating the "best" in-network storage location from which to
      retrieve content if there are more than one location can provide
      the same content.

   o  Developing a new protocol for data transport between P2P
      applications and in-network storage.

   Chairs: Richard Woundy(Richard_Woundy@cable.comcast.com), Haibin
   Song(melodysong@huawei.com).




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 21]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Area Director: Alexey Melnikov(alexey.melnikov@isode.com).

   Website:https://datatracker.ietf.org/wg/decade/

   Status: Active.

   Partnership/Coordination:

   o  IRTF

   o  IASA/IAOC/Trust IANA

   Language: English.

3.20.  IETF/TSV/nfsv4

   NFS Version 4 is the IETF standard for file sharing.  To maintain NFS
   Version 4's utility and currency, the working group is chartered to:

   o  maintain the existing NFSv4, NFSv4.1 and related specifications,
      such as RPC and XDR,

   o  progress these specifications along the standards track,

   o  develop a protocol to create a federated namespace using NFSv4's
      existing referral mechanisms.

   Goals and Milestones:

   o  Done - Issue strawman Internet-Draft for v4

   o  Done - Submit Initial Internet-Draft of requirements document

   o  Done - Submit Final Internet-Draft of requirements document

   o  Done - AD reassesses WG charter

   o  Done - Submit v4 Internet-Draft sufficient to begin prototype
      implementations

   o  Done - Begin Interoperability testing of prototype implementations

   o  Done - Submit NFS version 4 to IESG for consideration as a
      Proposed Standard.

   o  Done - Conduct final Interoperability tests





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 22]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  Done - Conduct full Interoperability tests for all NFSv4 features

   o  Done - Update API advancement draft

   o  Done - Form core design team to work on NFS V4 migration/
      replication requirements and protocol

   o  Done - Submit revised NFS Version 4 specification (revision to RFC
      3010) to IESG for consideration as a Proposed Standard

   o  Done - Strawman NFS V4 replication/migration protocol proposal
      submitted as an ID

   o  Done - WG Last Call for RPC and NFS RDMA drafts

   o  Done - WG Last Call for rfc1831bis (RPC version 2)

   o  Done - WG Last Call for NFSv4.1 Object-based layout

   o  Done - WG Last Call for NFSv4 minor version 1

   o  Done - WG Last Call for NFSv4.1 block/volume layout

   o  Done - Submit NFS Minor Version 1 to IESG for publication as a
      Proposed Standard

   o  Done - Submit Object-based pNFS Operations to IESG for publication
      as a Proposed Standard

   o  Done - Submit pNFS Block/Volume Layout to IESG for publication as
      a Proposed Standard

   o  May 2009 - WG Last Call for Requirements for Federated File
      Systems draft-ietf-nfsv4-federated-fs-reqts-01

   o  Sep 2009 - WG Last Call for rfc3530bis (NFS version 4)

   o  Oct 2009 - WG Last Call for Administration Protocol for Federated
      Filesystems draft-ietf-nfsv4-federated-fs-admin-00.txt

   o  Oct 2009 - WG Last Call for NSDB Protocol for Federated
      Filesystems draft-ietf-nfsv4-federated-fs-protocol-00.txtwith
      IPv6.

   Additionally, it will create an IANA registry for RPC program numbers
   and seed it with a registry Sun has been maintaining.

   Chairs: Brian Pawlowski(beepy@netapp.com).  Spencer



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 23]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Shepler(spencer.shepler@gmail.com)

   Website:http://tools.ietf.org/wg/nfsv4/charters

   Status: Active.

   Partnership/Coordination: IRTF

   Language: English.

3.21.  IETF/OPS/netconf

   The NETCONF Working Group is chartered to produce a protocol suitable
   for network configuration, with the following characteristics:

   o  Provides retrieval mechanisms which can differentiate between
      configuration data and non-configuration data

   o  Is extensible enough so that vendors will provide access to all
      configuration data on the device using a single protocol

   o  Has a programmatic interface (avoids screen scraping and
      formatting-related changes between releases)

   o  Uses a textual data representation, that can be easily manipulated
      using non-specialized text manipulation tools

   o  Supports integration with existing user authentication methods

   o  Supports integration with existing configuration database systems

   o  Supports network wide configuration transactions (with features
      such as locking and rollback capability)

   o  Is as transport-independent as possible

   o  Provides support for asynchronous notifications

   The NETCONF protocol is using XML for data encoding purposes, because
   XML is a widely deployed standard which is supported by a large
   number of applications.

   The NETCONF protocol should be independent of the data definition
   language and data models used to describe configuration and state
   data.

   Chair: Bert Wijnen(bertietf@bwijnen.net), Mehmet
   Ersue(mehmet.ersue@nsn.com)



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 24]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Website:http://datatracker.ietf.org/wg/netconf/

   Status: Active.

   Partnership/Coordination:

   o  IASA/IAOC/Trust IANA

   o  IRTF

   Language: English.

3.22.  IRTF/P2PRG

   Overall, the field of P2P technologies presents a number of
   interesting challenges which includes new methods for optimizing P2P
   application overlays, performing routing and peer selection
   decisions, managing traffic and discovering resources.  Areas of
   interest are also new techniques for P2P streaming and
   interconnecting distinct P2P application overlays.  Other challenges
   for P2P are related to storage, reliability, and information
   retrieval in P2P systems.  Yet another challenging area is security,
   privacy, anonymity and trust.  Finally, it is challenging to examine
   P2P systems that are deployed, for example, to measure, monitor and
   characterize P2P applications.  In addition to these areas of
   research, it is of interest to investigate the requirements of new
   applications (e.g., real-time P2P applications or P2P applications
   for wireless networks) on the P2P technologies used.  The P2P RG will
   collaborate with academia and industry on making progress addressing
   these challenges.

   Chair: Volker Hilt(volkerh@bell-labs.com), Stefano
   Previdi(sprevidi@cisco.com)

   Website:http://www.irtf.org/charter?gtype=rg&group=p2prg

   Status: Active.

   Partnership/Coordination: IETF

   Language: English.

3.23.  IRTF/VNRG

   The Virtual Networks Research Group (VNRG) provides a forum for
   interchange of ideas among a group of network researchers with an
   interest in network virtualization in the context of the Internet and
   also beyond the current Internet.



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 25]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   The VNRG will consider the whole system of a VN and not only single
   components or a limited set of components; we will identify
   architectural challenges resulting from VNs, addressing network
   management of VNs, and exploring emerging technological and
   implementation issues.

   Initial set of work items:

   o  concepts/background/terminology

   o  common parts of VN architectures

   o  common problems/challenges in VN

   o  descriptions of appropriate uses

   o  some solutions (per-problem perhaps)

   Chair: Joe Touch (touch@isi.edu), Martin Stiemerling
   (stiemerling@nw.neclab.eu)

   Website:http://www.irtf.org/charter?gtype=rg&group=vnrg

   Status: Active.

   Partnership/Coordination: IETF

   Language: English.

3.24.  ISO/IEC JTC1 SC38 SGCC

   Study Group on Cloud Computing(SGCC)

   o  Provide a taxonomy, terminology and value proposition for Cloud
      Computing.

   o  Assess the current state of standardization in Cloud Computing
      within JTC1 and in other SDOs and consortia.

   o  Document standardization market/business/user requirements and the
      challenges to be addressed.

   o  Liaise and collaborate with relevant SDOs and consortia related to
      Cloud Computing.

   o  Hold workshops to gather requirements as needed.





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 26]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  Provide a report of activities and recommendations to SC38.

   SC38 Chairman: Dr. Donald Deutsch (USA)

   SGCC Convenor: Dr. Seungyun Lee (Korea)

   Website:http://www.iso.org/iso/standards_development/
   technical_committees/list_of_iso_technical_committees/
   iso_technical_committee.htm?commid=601355

   Status: Active.

   Partnership/Coordination:

   o  IEEE

   o  IETF

   Language: English.

3.25.  ITU-T FG Cloud (Focus Group Cloud Computing)

   The Focus Group will, from the standardization view points and within
   the competences of ITU-T, contribute with the telecommunication
   aspects, i.e., the transport via telecommunications networks,
   security aspects of telecommunications, service requirements, etc.,
   in order to support services/applications of "cloud computing" making
   use of telecommunication networks; specifically:

   o  identify potential impacts on standards development and priorities
      for standards needed to promote and facilitate telecommunication/
      ICT support for cloud computing

   o  investigate the need for future study items for fixed and mobile
      networks in the scope of ITU-T

   o  analyze which components would benefit most from interoperability
      and standardization

   o  familiarize ITU-T and standardization communities with emerging
      attributes and challenges of telecommunication/ICT support for
      cloud computing

   o  analyze the rate of change for cloud computing attributes,
      functions and features for the purpose of assessing the
      appropriate timing of standardization of telecommunication/ICT in
      support of cloud computing




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 27]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   The Focus Group will collaborate with worldwide cloud computing
   communities (e.g., research institutes, forums, academia) including
   other SDOs and consortia.

   o  Provide a taxonomy, terminology and value proposition for Cloud
      Computing.

   o  Assess the current state of standardization in Cloud Computing
      within JTC1 and in other SDOs and consortia.

   o  Document standardization market/business/user requirements and the
      challenges to be addressed.

   o  Liaise and collaborate with relevant SDOs and consortia related to
      Cloud Computing.

   o  Hold workshops to gather requirements as needed.

   o  Provide a report of activities and recommendations to SC38.

   WG1: Cloud computing benefits & requirements

   o  Cloud Definition, Ecosystem & Taxonomy

   o  Uses cases Requirements & Architecture

   o  Cloud security

   o  Infrastructure & Network enabled Cloud

   o  Cloud Services & Resource Management, Platforms and Middleware

   o  Cloud computing benefits & first Requirements from ICT
      perspectives

   WG2: Gap Analysis and Roadmap on Cloud Computing Standards
   development in ITU-T

   o  Overview of cloud computing SDOs activities

   o  Gap analysis & Action plan for development of relevant ITU-T Cloud
      Standard

   Former chair: Mr. Vladimir Belenkovich (Federation Russia), current
   chair: Victor Kutukov (Stack Soft, Russia).

   Website:http://www.itu.int/ITU-T/focusgroups/cloud/




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 28]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Status: Initiating (first meeting on 14-16, June 2010).

   Partnership/Coordination: TBC.

   Language: English.

3.26.  KCSA (Korea Cloud Service Association)

   Main mission of KCSA:

   o  Create demand of Cloud service

   o  Create Cloud service activation framework and its environments

   o  Disseminate and promote Cloud service to public sectors

   Chair: Mr. Choi Do-Hwan

   Website:http://www.kcsa.or.kr/index.jsp

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.

3.27.  Liberty Alliance / Kantara Initiative

   As of June 2009, the work of the Liberty Alliance is transitioning to
   the Kantara Initiative.

   The vision of Liberty Alliance is to enable [a networked world] web
   services based on open standards where consumers, citizens,
   businesses and governments can more easily conduct online
   transactions while protecting the privacy and security of identity
   information.

   o  Build open standard-based specifications for federated identity
      and identity-based Web services.

   o  Drive global identity theft prevention solutions.

   o  Provide interoperability testing.

   o  Offer a formal certification program for products utilizing
      Liberty specifications.





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 29]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  Establish best practices, rules, liabilities, and business
      guidelines.

   o  Collaborate with other standards bodies, privacy advocates, and
      government policy groups.

   o  Address end user privacy and confidentiality issues.

   Kantara Initiative: Bridging and harmonizing the identity community
   with actions that will help ensure secure, identity-based, online
   interactions while preventing misuse of personal information so that
   networks will become privacy protecting and more natively trustworthy
   environments.

   Managing Director: Mr. Joni Brennan

   Website:http://www.projectliberty.org/, http://kantarainitiative.org/

   Status: New Initiative.

   Partnership/Coordination: Not known.

   Language: English.

3.28.  NCOIC (Network Centric Operations Industry Consortium)

   The Network Centric Operations Industry Consortium is a global, not-
   for-profit organization dedicated to advancing interoperability via
   network centric operations.  NCOIC has formed a Cloud Computing
   Working Group that will investigate ways to leverage clouds to
   support global interoperability.  NCOIC's 90 member organizations
   from 19 nations will advocate for open standards and, on reaching
   consensus, will make voice of industry recommendations about their
   applicability.  Further, NCOIC will develop operational and
   capability patterns that can enable our customers-in military,
   aviation, emergency response and cyber security-to achieve
   portability of information and services from cloud to cloud.

   Managing Director: TBD

   Website:https://www.ncoic.org/about/

   Status: Initiative.

   Partnership/Coordination: Not known.

   Language: English.




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 30]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


3.29.  NIST

   NIST's role in cloud computing is to promote the effective and secure
   use of the technology within government and industry by providing
   technical guidance and promoting standards.

   Cloud computing is a model for enabling convenient, on-demand network
   access to a shared pool of configurable computing resources (e.g.,
   networks, servers, storage, applications, and services) that can be
   rapidly provisioned and released with minimal management effort or
   service provider interaction.

   Essential Characteristics:

   o  On-demand self-service.  A consumer can unilaterally provision
      computing capabilities, such as server time and network storage,
      as needed automatically without requiring human interaction with
      each service!_s provider.

   o  Broad network access.  Capabilities are available over the network
      and accessed through standard mechanisms that promote use by
      heterogeneous thin or thick client platforms (e.g., mobile phones,
      laptops, and PDAs).

   o  Resource pooling.  The provider!_s computing resources are pooled
      to serve multiple consumers using a multi-tenant model, with
      different physical and virtual resources dynamically assigned and
      reassigned according to consumer demand.  There is a sense of
      location independence in that the customer generally has no
      control or knowledge over the exact location of the provided
      resources but may be able to specify location at a higher level of
      abstraction (e.g., country, state, or datacenter).  Examples of
      resources include storage, processing, memory, network bandwidth,
      and virtual machines.

   o  Rapid elasticity.  Capabilities can be rapidly and elastically
      provisioned, in some cases automatically, to quickly scale out and
      rapidly released to quickly scale in.  To the consumer, the
      capabilities available for provisioning often appear to be
      unlimited and can be purchased in any quantity at any time.

   o  Measured Service.  Cloud systems automatically control and
      optimize resource use by leveraging a metering capability at some
      level of abstraction appropriate to the type of service (e.g.,
      storage, processing, bandwidth, and active user accounts).
      Resource usage can be monitored, controlled, and reported
      providing transparency for both the provider and consumer of the
      utilized service.



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 31]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Working Group:

   o  Cryptographic Technology

   o  Systems & Emerging Technologies Security Research

   o  Security Management & Assurance

   o  CMVP & CAVP - (now part of Security Management & Assurance)

   Chair: Mr. Peter Mell(mell@nist.gov)

   Website:http://csrc.nist.gov/groups/SNS/cloud-computing/

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.

3.30.  OASIS

   OASIS is a not-for-profit consortium that drives the development,
   convergence and adoption of open standards for the global information
   society.  The consortium produces more Web services standards than
   any other organization along with standards for security, e-business,
   and standardization efforts in the public sector and for application-
   specific markets.  OASIS sees Cloud Computing as a natural extension
   of SOA and network management models.  Related standards are:

   o  Security, access and identity policy standards -- e.g., OASIS
      SAML, XACML, SPML, WS-Security Policy, WS-Trust.

   o  Content, format control and data import/export standards -- e.g.,
      OASIS ODF.

   o  Registry, repository and directory standards -- e.g., OASIS ebXML
      and UDDI.

   o  SOA methods and models, network management, service quality and
      interoperability -- e.g., OASIS SOA-RM, and BPEL.

   OASIS specifications are available here.
   http://www.oasis-open.org/specs/

   OASIS Committees by Category





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 32]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  Adoption Services

   o  Computing Management

   o  Document-Centric Applications

   o  e-Commerce

   o  Law & Government

   o  Localisation

   o  Security

   o  SOA

   o  Standards Adoption

   o  Supply Chain

   o  Web Services

   o  XML Processing

   Website:http://www.oasis-open.org

   Status: Active.

   Partnership/Coordination: Not known.

   Language: English.

3.31.  OCC

   The OCC is a member driven organization that supports the development
   of standards for cloud computing and frameworks for interoperating
   between clouds, develops benchmarks for cloud computing, and supports
   reference implementations for cloud computing.

   The OCC also manages testbeds for cloud computing, such as the Open
   Cloud Testbed, and operates clouds computing infrastructure to
   support scientific research, such as the Open Science Data Cloud.

   OCC Working Group.

   o  Working Group on Standards and Interoperability For Large Data
      Clouds




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 33]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  The Open Cloud Testbed Working Group

   o  The Open Science Data Cloud (OSDC) Working Group

   o  Intercloud Testbed Working Group

   Website:http://opencloudconsortium.org/

   Status: Active.

   Partnership/Coordination(Contributing Members and Partners):

   o  Calit2

   o  Johns Hopkins University

   o  National Lambda Rail

   o  University of Chicago

   Language: English.

3.32.  OGF / OCCI

   OGF is an open community committed to driving the rapid evolution and
   adoption of applied distributed computing.  Applied Distributed
   Computing is critical to developing new, innovative and scalable
   applications and infrastructures that are essential to productivity
   in the enterprise and within the science community.  OGF accomplishes
   its work through open forums that build the community, explore
   trends, share best practices and consolidate these best practices
   into standards.

   The purpose of the OCCI group is the creation of a practical solution
   to interface with Cloud infrastructures exposed as a service (IaaS).
   We will focus on a solution which covers the provisioning, monitoring
   and definition of Cloud Infrastructure services.  The group should
   create this API in an agile way as we can have advantages over other
   groups if we deliver fast.  Overlapping work and efforts will be
   contributed and synchronized with other groups.

   The OCC also manages testbeds for cloud computing, such as the Open
   Cloud Testbed, and operates clouds computing infrastructure to
   support scientific research, such as the Open Science Data Cloud.

   Areas of work of the OGF Standards Function.





Khasnabish & JunSheng     Expires July 4, 2011                 [Page 34]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  Applications

   o  Architecture

   o  Compute

   o  Data

   o  Infrastructure

   o  Liaison

   o  Management

   o  Security

   Open Cloud Computing Interface WG (occi-wg), Thijs Metsch Chair, Andy
   Edmonds Chair, Alexis Richardson Chair, Sam Johnston Secretary

   Website:http://www.ogf.org/, http://www.occi-wg.org/doku.php

   Status: Active.

   Partnership/Coordination:

   o  IETF

   o  W3C(World Wide Web Consortium)

   o  OASIS

   o  DMTF

   o  SNIA

   o  WS-I(Web Services Interoperability Organization)

   Language: English.

3.33.  OMG(Object Management Group)

   The Cloud Standards Coordination Group is committed to development of
   a joint resource on cloud computing strategies, standards and
   implementations.  Different SDOs are bringing together different but
   complementary abilities: storage, execution models, deployment
   models, service level agreements, security, authentication, privacy.
   Specific cloud-related specification efforts have only just begun in
   OMG, focusing on modeling deployment of applications & services on



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 35]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   clouds for portability, interoperability & reuse.  Relevant
   committees include Analysis & Design Task Force (ADTF) and SOA
   Special Interest Group (SOA SIG).

   Working Group:

   o  Architecture Board

   o  Platform Technology Committee

   o  Domain Technology Committee

   Website:http://www.omg.org/

   Status: Active.

   Partnership/Coordination:

   o  ASC X12

   o  ASC T1M1

   o  CEN/ISSS (Information Society Standardization System)

   o  DICOM (Digital Imaging and Communications in Medicine)

   o  DMTF (Distributed Management Task Force)

   o  ECMA (European Computer Manufacturers Association.)

   o  FIPA (Foundation for Intelligent Physical Agents)

   o  HL7 (Health Level Seven)

   o  ICT-SB (Information and Communications Technology Standards Board)

   o  IEEE 1226

   o  ISO

   o  ITU-T Standardization Sector

   o  NCPDP (National Council for Prescription Drug Programs)

   o  Parlay

   o  SDRF - Software Defined Radio Forum




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 36]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   o  SWIFT (The Society for Worldwide International Financial
      Telecommunication)

   o  TMForum (TeleManagement Forum)

   o  3GPP

   Language: English.

3.34.  OCM (Open Cloud Manifesto)

   The Open Cloud Manifesto establishes a core set of principles to
   ensure that organizations will have freedom of choice, flexibility,
   and openness as they take advantage of cloud computing.  While cloud
   computing has the potential to have a positive impact on
   organizations, there is also potential for lock-in and lost
   flexibility if appropriate open standards are not identified and
   adopted.

   To open the cloud computing, the rules specified by the OCM need be
   referenced.

   Website:http://www.opencloudmanifesto.org/

   Status: Active.

   Partnership/Coordination: CCIF(Inactive)

   Language: English.

3.35.  OGC WG (Open Group Cloud Work Group)

   The Open Group Cloud Work Group exists to create a common
   understanding among buyers and suppliers of how enterprises of all
   sizes and scales of operation can include Cloud Computing technology
   in a safe and secure way in their architectures to realize its
   significant cost, scalability and agility benefits.

   To open the cloud computing, the rules specified by the OCM need be
   referenced.

   Chair: Mr. David Lounsbury (VP Government Programs, The Open Group)

   Website:http://www.opengroup.org/cloudcomputing/

   Status: Active.

   Partnership/Coordination: Not known.



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 37]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Language: English.

3.36.  SNIA

   SNIA Mission:

   Lead the storage industry worldwide in developing and promoting
   standards, technologies, and educational services to empower
   organizations in the management of information.

   SNIA's Forums and Initiatives include:

   o  the Cloud Storage Initiative,

   o  the Data Management Forum,

   o  the Green Storage Initiative,

   o  the Ethernet Storage Forum,

   o  Storage Management Initiative,

   o  Solid State Storage Initiative,

   o  the Storage Security Industry Forum

   o  the XAM Initiative

   The Cloud Data Management Interface (CDMI) defines the functional
   interface that applications will use to create, retrieve, update and
   delete data elements from the Cloud.  As part of this interface the
   client will be able to discover the capabilities of the cloud storage
   offering and use this interface to manage containers and the data
   that is placed in them.  In addition, metadata can be set on
   containers and their contained data elements through this interface.

   This interface is also used by administrative and management
   applications to manage containers, accounts, security access and
   monitoring/billing information, even for storage that is accessible
   by other protocols.  The capabilities of the underlying storage and
   data services are exposed so that clients can understand the
   offering.

   Storage Management Initiative Specification (SMI-S) defines a method
   for the interoperable management of a heterogeneous Storage Area
   Network (SAN), and describes the information available to a WBEM
   Client from an SMI-S compliant CIM Server and an object-oriented,
   XML-based, messaging-based interface designed to support the specific



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 38]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   requirements of managing devices in and through SANs.

   The eXtensible Access Method (XAM) Interface specification defines a
   standard access method (API) between "Consumers" (application and
   management software) and "Providers" (storage systems) to manage
   fixed content reference information storage services.  XAM includes
   metadata definitions to accompany data to achieve application
   interoperability, storage transparency, and automation for ILM-based
   practices, long term records retention, and information security.
   XAM will be expanded over time to include other data types as well as
   support additional implementations based on the XAM API to XAM
   conformant storage systems.

   Website:http://www.SNIA.org

   Status: Active.

   Partnership/Coordination:

   o  ARMA (Association of Records Managers and Administrators)
      International

   o  DMTF

   o  Eclipse Aperi Storage Management Project

   o  FCIA (Fibre Channel Industry Association)

   o  OGF (Open Grid Forum)

   o  The Green Grid

   Language: English.

3.37.  Study group on Smart Cloud, Japan

   Ministry of Internal Affairs and Communications of Japan holds study
   group meetings on smart cloud collecting key people from the academia
   and the industry in Japan.  They surveyed the current status of cloud
   computing and identified important issues from the viewpoints of
   technologies, standardization and international cooperation.

   Professor Emeritus Hideo Miyahara, Osaka University

   Website: http://www.soumu.go.jp

   Status: Active.




Khasnabish & JunSheng     Expires July 4, 2011                 [Page 39]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Partnership/Coordination: Not known.

   Language: Japanese.

3.38.  TM Forum

   The primary objective of TM Forum's Cloud Services Initiative is to
   help the industry overcome the barriers and assist the growth of a
   vibrant commercial marketplace for cloud based services.  The
   centerpiece of this initiative is an ecosystem of major buyers and
   sellers who will collaborate to define a range of common approaches,
   processes, metrics and other key service enablers.

   TM Forum's vision is to ensure acceleration of service
   standardization and commoditization in an effective and efficient
   marketplace of cloud computing services in all global geographies,
   through alignment with the needs of the world's largest IT buyers.

   Enterprise Cloud Buyers Council Goals are:

   o  to foster an effective and efficient marketplace for cloud compute
      infrastructure and services across all industry verticals and
      global geographies;

   o  Accelerate standardization and commoditization of cloud services,
      and identifying common commodity processes best consumed as a
      service;

   o  Solicit definition for standardized core and industry-specific
      SKUs for cloud services;

   o  Achieve transparency of cost, service levels and reporting across
      the ecosystem;

   o  Enable benchmarking of services across service providers and
      geographies;

   o  Enable vendor measurement against normalized and agreed service
      level metrics;

   o  Radically reduce cost of acquisition and operations for commodity
      compute & services.

   James Warner, head of Cloud computing TM Forum.

   Website: http://www.tmforum.org/

   Status: Active.



Khasnabish & JunSheng     Expires July 4, 2011                 [Page 40]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


   Partnership/Coordination: Not known.

   Language: English.
















































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 41]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


4.  Summary and Analysis

   This survey shows that there are a variety of ways to support both
   client-side and server-side application layer programming interfaces
   (APIs) to support cloud services.  Many of these services tend to
   utilize resources across multiple administrative, technology, and
   geographical domains.  Since there is no unified and universally
   acceptable protocol and mechanism to define the mobility of resources
   across domains, the early implementers tend to utilize the features
   and functions of the existing IETF protocols along with their
   proprietary modifications or extensions in order to achieve their
   goals.  In addition to using a virtualization layer (VM layer), a
   thin Cloud operating system (OS) layer may be useful to hide the
   complexity, specificity, and regionality (locality) of the resources.
   We also observe that different SDOs are trying to develop many
   different methods for logging and reporting of resource usage for
   Cloud services.  This will create auditing transparency problems
   which may negatively impact the development of security and service
   level agreement features.  At the end, these may in fact result in an
   increase in the effective cost for services that utilize the cloud
   based systems and networks, violating the very foundation on which
   the concept of utilizing cloud is based on.





























Khasnabish & JunSheng     Expires July 4, 2011                 [Page 42]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


5.  Security Considerations

   --[Editor's note] Will be added in future.
















































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 43]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


6.  Conclusion

   We have presented a survey of the activities of Cloud SDOs along with
   a simple early analysis.  This survey has revealed that different
   SDOs are utilizing or expect to utilize a set of common IETF
   protocols for cloud services, and some time they modify or extend
   these protocols in order to satisfy their niche objectives.  These
   will not only cause interoperability problems, but may also
   negatively impact further development of protocols and services in
   this very important area of cloud computing and networking.  IETF is
   the best organization to address these issues.








































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 44]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


7.  Acknowledgement

   --[Editor's note] Will be added in future.
















































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 45]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


8.  Appendix A: Cloud Standards WiKi.

   http://cloud-standards.org/wiki/index.php?title=Main_Page

   This WiKi Website documents the coordination activities of the
   various SDOs working on Cloud standards.  You can find related Cloud
   SDOs the WiKi Website addressed here.

   o  CloudAudit

   o  Cloud Security Alliance

   o  Distributed Management Task Force (DMTF)

   o  ETSI(The European Telecommunications Standards Institute)

   o  NIST(National Institute of Standards and Technology)

   o  Open Grid Forum (OGF)

   o  Object Management Group (OMG)

   o  Open Cloud Consortium (OCC)

   o  OASIS(Organization for the Advancement of Structured Information
      Standards)

   o  SNIA(Storage Networking Industry Association)

   o  OG WG(The Open Group)

   o  ARTS(Association for Retail Technology Standards)



















Khasnabish & JunSheng     Expires July 4, 2011                 [Page 46]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


9.  IANA Considerations

   This document has no actions for IANA.
















































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 47]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


10.  Normative references


















































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 48]


Internet-Draft  Cloud SDO Activities Survey and Analysis   December 2010


Authors' Addresses

   Bhumip Khasnabish
   ZTE USA
   33 Wood Avenue South, 2nd Floor
   Iselin, NJ 08830
   USA

   Phone: +001-781-752-8003
   Email: vumip1@gmail.com


   Chu JunSheng
   ZTE
   No.68 Zijinghua Rd,Yuhuatai District
   Nanjing
   China

   Phone: +86-25-5287-1114
   Email: chujunsheng@zte.com.cn































Khasnabish & JunSheng     Expires July 4, 2011                 [Page 49]