Cloud Computing and Cloud Computing and Open StandardsOpen Standards

Open Clouds andOpen Clouds andOpen StandardsOpen Standards

How's it going? How's it going? Pretty well.Pretty well.

REMIX

"The largest standards group for electronic commerce on the Web"

Over 5,000 participants Over 5,000 participants representing more than representing more than

600 organizations and 600 organizations and individuals, since 1993individuals, since 1993

60+ technical 60+ technical committees producing committees producing royalty-free and RAND royalty-free and RAND

standardsstandards

OASIS:OASIS: Standards for Standards for e-business and e-gov ... e-business and e-gov ...

Service Oriented Architecture & Web Services: SOA Reference Model, WS-Transaction, WS-Reliable Messaging, BPEL, UDDI, ebXML, ID-Cloud ...

Security & Identity: WS-Security, SAML, XACML, KMIP, WS-Federation, XSPA, SPML, PMRM, ORMS ...

e-Government: Emergency/CAP, UBL, TGF, SmartGrid (EMIX, WS-DD, OBIX, WS-Calendar) …

Documents: ODF (OpenDocument Format); DITA; CMIS; DocBook ...

Semantics & KM: QUOMOS, UnitsML, SEE, SET, Search Web Services ...

Why Open Standards? Why Open Standards? Safety.Safety.

Real open standards are: Publicly & persistently visible for review Developed fairly under transparent, published rules Open to comment: public comments, no NDAs Available to use under clear, irrevocable licenses

Anything else is proprietary (vendor-centric).Nothing wrong with that; but it doesn't provide the same

kind of interoperability and stability assurance.

Why Open Standards?Why Open Standards? Open Standards are Open Standards are Reliable and StableReliable and Stable

Open access from stakeholders The standard on which you build is less likely to

disappear, be obsoleted or invisibly modified Stable rules & neutral management help assure against

invisible lock-in to unilateral viewpoints: auditable sources, drafts and licensing

This is why governments prefer open standards: WTO Technical Barriers to Trade Agreement, Annex 3 http://www.wto.org/english/ docs_e/ legal_e/final_e.htmhttp://www.wto.org/english/ docs_e/ legal_e/final_e.htm

Why Open Standards?Why Open Standards?

Real Standards, versus Real Standards, versus Drafts and ProposalsDrafts and Proposals

Final open standards have the benefits of open process protection and licensing rules

Drafts, notes & proposals may just be one company's idea - or property

Publication of work in neutral, archival forms on which implementers can safely build

So what about the Cloud?

It’s a fairly loud, crowded topic right now

But maybe not as complex But maybe not as complex as it soundsas it soundssoftware-as-a-servicesoftware-as-a-service

platform-as-a-serviceplatform-as-a-service

application-as-a-serviceapplication-as-a-service

storage-as-a-servicestorage-as-a-service

acronyms-as-a-serviceacronyms-as-a-service

infrastructure-as-a-serviceinfrastructure-as-a-service

boring-slides-as-a-serviceboring-slides-as-a-service

oy-gevalt-as-a-serviceoy-gevalt-as-a-service

In the 1980s paradigm, your microcomputer was on your desk, and it was your problem.

Mine is on my desk, and is my problem.

They were connected. But by obvious, episodic connections. Like SneakerNet. No-one sat up nights worrying about where the data was.

Or who controls it.

In the 1980s paradigm, your microcomputer was on your desk, and it was your problem.

Mine is on my desk, and is my problem.

They were connected. But by obvious, episodic connections. Like SneakerNet. No-one sat up nights worrying about where the data was.

Or who controls it.

The idea that your data, your computing resources, and your software may be elsewhere, isn't new.

Neither is outsourcing.

The idea that your data, your computing resources, and your software may be elsewhere, isn't new.

Neither is outsourcing.

Most of the challenges that Most of the challenges that "the cloudthe cloud" brings, brings, wewe've ve already encounteredalready encountered..

Your data is somewhere else. Your data and applications all must work

with each other (and there are a lot of them).

You don’t know who all your users or network nodes are (or will be later).

Your data is somewhere Your data is somewhere else.else.

We had standards for those by the early 2000s. (SNIA; OASIS’s UDDI, (SNIA; OASIS’s UDDI, ebXML Registry, and more recent ebXML Registry, and more recent developments like S-RAMP.)developments like S-RAMP.)

Answers: Remote storage methods,Answers: Remote storage methods,Shared data repositories and registriesShared data repositories and registries

Your data and applications Your data and applications are owned by someone else.are owned by someone else.

Answers: Application Service Provider duties Answers: Application Service Provider duties & licensure expressed either in SLAs (Service & licensure expressed either in SLAs (Service Level Agreements), when the economics Level Agreements), when the economics support a contractual solution; or support a contractual solution; or reputational enforcement & incentive reputational enforcement & incentive systems, when they donsystems, when they don't. t.

Basic contract law can solve the first case Older market practices for reputational economy

can address the second. (Some standards are (Some standards are being developed for the latter: ORMS.)being developed for the latter: ORMS.)

Your computational Your computational platform has to work with platform has to work with all the other all the other computational platforms, computational platforms, and there are a lot of and there are a lot of them.them.

We have had a solution for that one for a We have had a solution for that one for a while, too, called while, too, called ""the Internet .the Internet .""

Not much that’s new, in 2011, about getting diverse machines to talk to each other.

It takes what it always did: standards.

Your computational Your computational platform is somewhere platform is somewhere else, owned by someone else, owned by someone else.else.

Evolving metadata standards. (DMTF’s OVF)(DMTF’s OVF) Hypervisor commoditization?Hypervisor commoditization? (Open source tools?) (Open source tools?) Evolution in server-counting for licensing feesEvolution in server-counting for licensing fees

Answers: Virtualization … Answers: Virtualization …

With an underpinning of contract law

… … Managed Service Providers > Cloud Managed Service Providers > Cloud providers; Traditional outsourcingproviders; Traditional outsourcing

Lots of different data Lots of different data applications must work applications must work with each otherwith each other

Well-established methods in stable standards and web services work. (OASIS’s SOA (OASIS’s SOA Reference Model, WS-* standards; work from Reference Model, WS-* standards; work from W3C, the Open Group, OMG, etc..)W3C, the Open Group, OMG, etc..)

Some standards are being refactored for cloud optimization. (E.g, AS4 for WS-* adapted ebXML (E.g, AS4 for WS-* adapted ebXML MSG: MSG: see http://www.oagi.org/oagi/Website/Case_Studies/ OAGIS_AS4Cisco-final-1.pdf.) )

Answers: Standard APIs, Service Answers: Standard APIs, Service Oriented ArchitectureOriented Architecture

Service Oriented Architecture:Service Oriented Architecture: SOA SOA Services That Describe Themselves: devices

and users can find, and consume, data and computation services across networks.

Loose Coupling: Services have defined interfaces for shared data and signals, between “block boxes”, but they are not required to work the same way inside each “box.”

Late binding: Activities and operations can occur (“run time”) without all pieces being specified in advance (at “design time”).

Required:Required: Open standards and open designOpen standards and open designResults:Results: Extensibility; no lock-inExtensibility; no lock-in

You don’t know who all You don’t know who all your users or network your users or network nodes are.nodes are.

Formal functions for many-to-many cooperation. Well-established, stable standards. (OASIS’s SAML (OASIS’s SAML

(used in OpenID & Kantara), WS-Federation.) (used in OpenID & Kantara), WS-Federation.)

Answers: Federation ...Answers: Federation ...

Account and access control management. Well-established, stable standards & methods.

(OASIS’s XACML, PMRM, ID-Cloud, SPML, XSPA, (OASIS’s XACML, PMRM, ID-Cloud, SPML, XSPA, KMIP.)KMIP.)

… … and Provisioningand Provisioning

Identity in the Cloud TC• Standards profiles for open

identity deployment, provisioning & management in cloud environments• Use cases & gap analysis• See: http://www.oasis-http://www.oasis-open.org/committees/id-cloudopen.org/committees/id-cloud

SOA Repository Artifact Model and Protocol (S-RAMP) TC• Interaction protocol & common

data model for federatable, distributed data repositories• See: http://www.oasis-http://www.oasis-open.org/committees/s-rampopen.org/committees/s-ramp

Open cloud standards empower users

SOA Reference Model TC• Abstract model of the basic

components, by function, of any working service architecture• Method-neutral• See: http://www.oasis-http://www.oasis-open.org/committees/soa-rmopen.org/committees/soa-rm

Privacy Management Reference Model (PMRM) TC• Service & interaction patterns for

deploying and assessing formal, reusable representations of privacy policies• See: http://www.oasis-http://www.oasis-open.org/committees/pmrmopen.org/committees/pmrm

WS-Federation TC / WS-Trust• Message exchange and

metadata/token policy control• Federation and brokered trust

capabilities• See: http://www.oasis-http://www.oasis-open.org/committees/wsfedopen.org/committees/wsfed

Open access control standards empower users

Security Assertion ML (SAML) TC• Reusable representations of user

authentication, entitlement and attribute data• Widely used in Kantara, OpenID,

other frameworks• See: http://www.oasis-http://www.oasis-open.org/committees/securityopen.org/committees/security

XACML TC• Access control and authorization

policy representation• Role-based access and

hierarchical resource profile• See: http://www.oasis-http://www.oasis-open.org/committees/xacmlopen.org/committees/xacml

Provisioning Services (SPML) TC• Common XML language for

provisioning and allocation of enterprise identity• Builds on LDAP, Active Directory,

DSML• See: http://www.oasis-http://www.oasis-open.org/committees/provisionopen.org/committees/provision

The Open Cloud Manifesto:The Open Cloud Manifesto: from the mouths of buyersfrom the mouths of buyers

CIOs, governments, IT users and business leaders establish a set of core principles for cloud providers. Cloud architecture should be scalable on demand; enable cost

savings by increasing opportunities via re-use and outsourcing; and support portability among vendors and systems.

This can and should be achieved by using collaborative open standards, most of which already are available and in use, to fulfill cloud security, integration, data sharing, policy governance, network management and monitoring functions.

Customers, vendors and standards bodies must work together to make good use of existing methods, and avoid excessive duplication, rather than “reinventing the wheel.”

Open Cloud means Open Cloud means Open Standards. Open Standards. So far, so good. So far, so good.

James Bryce Clarkjamie.clark@oasis-open.orgjamie.clark@oasis-open.org +1.978.667.5115