oasis: standards & the cloud june2011
DESCRIPTION
OASIS presentation on cloud computing standards and the landscape ahead. At the organizing meetings of OMG's CSCC cloud group in June 2011.TRANSCRIPT
![Page 1: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/1.jpg)
Cloud Computing and Cloud Computing and Open StandardsOpen Standards
![Page 2: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/2.jpg)
Open Clouds andOpen Clouds andOpen StandardsOpen Standards
How's it going? How's it going? Pretty well.Pretty well.
REMIX
![Page 3: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/3.jpg)
"The largest standards group for electronic commerce on the Web"
Over 5,000 participants Over 5,000 participants representing more than representing more than
600 organizations and 600 organizations and individuals, since 1993individuals, since 1993
60+ technical 60+ technical committees producing committees producing royalty-free and RAND royalty-free and RAND
standardsstandards
![Page 4: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/4.jpg)
OASIS:OASIS: Standards for Standards for e-business and e-gov ... e-business and e-gov ...
Service Oriented Architecture & Web Services: SOA Reference Model, WS-Transaction, WS-Reliable Messaging, BPEL, UDDI, ebXML, ID-Cloud ...
Security & Identity: WS-Security, SAML, XACML, KMIP, WS-Federation, XSPA, SPML, PMRM, ORMS ...
e-Government: Emergency/CAP, UBL, TGF, SmartGrid (EMIX, WS-DD, OBIX, WS-Calendar) …
Documents: ODF (OpenDocument Format); DITA; CMIS; DocBook ...
Semantics & KM: QUOMOS, UnitsML, SEE, SET, Search Web Services ...
![Page 5: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/5.jpg)
Why Open Standards? Why Open Standards? Safety.Safety.
Real open standards are: Publicly & persistently visible for review Developed fairly under transparent, published rules Open to comment: public comments, no NDAs Available to use under clear, irrevocable licenses
Anything else is proprietary (vendor-centric).Nothing wrong with that; but it doesn't provide the same
kind of interoperability and stability assurance.
![Page 6: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/6.jpg)
Why Open Standards?Why Open Standards? Open Standards are Open Standards are Reliable and StableReliable and Stable
Open access from stakeholders The standard on which you build is less likely to
disappear, be obsoleted or invisibly modified Stable rules & neutral management help assure against
invisible lock-in to unilateral viewpoints: auditable sources, drafts and licensing
This is why governments prefer open standards: WTO Technical Barriers to Trade Agreement, Annex 3 http://www.wto.org/english/ docs_e/ legal_e/final_e.htmhttp://www.wto.org/english/ docs_e/ legal_e/final_e.htm
![Page 7: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/7.jpg)
Why Open Standards?Why Open Standards?
Real Standards, versus Real Standards, versus Drafts and ProposalsDrafts and Proposals
Final open standards have the benefits of open process protection and licensing rules
Drafts, notes & proposals may just be one company's idea - or property
Publication of work in neutral, archival forms on which implementers can safely build
![Page 8: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/8.jpg)
So what about the Cloud?
![Page 9: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/9.jpg)
It’s a fairly loud, crowded topic right now
![Page 10: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/10.jpg)
But maybe not as complex But maybe not as complex as it soundsas it soundssoftware-as-a-servicesoftware-as-a-service
platform-as-a-serviceplatform-as-a-service
application-as-a-serviceapplication-as-a-service
storage-as-a-servicestorage-as-a-service
acronyms-as-a-serviceacronyms-as-a-service
infrastructure-as-a-serviceinfrastructure-as-a-service
boring-slides-as-a-serviceboring-slides-as-a-service
oy-gevalt-as-a-serviceoy-gevalt-as-a-service
In the 1980s paradigm, your microcomputer was on your desk, and it was your problem.
Mine is on my desk, and is my problem.
They were connected. But by obvious, episodic connections. Like SneakerNet. No-one sat up nights worrying about where the data was.
Or who controls it.
In the 1980s paradigm, your microcomputer was on your desk, and it was your problem.
Mine is on my desk, and is my problem.
They were connected. But by obvious, episodic connections. Like SneakerNet. No-one sat up nights worrying about where the data was.
Or who controls it.
The idea that your data, your computing resources, and your software may be elsewhere, isn't new.
Neither is outsourcing.
The idea that your data, your computing resources, and your software may be elsewhere, isn't new.
Neither is outsourcing.
![Page 11: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/11.jpg)
Most of the challenges that Most of the challenges that "the cloudthe cloud" brings, brings, wewe've ve already encounteredalready encountered..
Your data is somewhere else. Your data and applications all must work
with each other (and there are a lot of them).
You don’t know who all your users or network nodes are (or will be later).
![Page 12: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/12.jpg)
Your data is somewhere Your data is somewhere else.else.
We had standards for those by the early 2000s. (SNIA; OASIS’s UDDI, (SNIA; OASIS’s UDDI, ebXML Registry, and more recent ebXML Registry, and more recent developments like S-RAMP.)developments like S-RAMP.)
Answers: Remote storage methods,Answers: Remote storage methods,Shared data repositories and registriesShared data repositories and registries
![Page 13: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/13.jpg)
Your data and applications Your data and applications are owned by someone else.are owned by someone else.
Answers: Application Service Provider duties Answers: Application Service Provider duties & licensure expressed either in SLAs (Service & licensure expressed either in SLAs (Service Level Agreements), when the economics Level Agreements), when the economics support a contractual solution; or support a contractual solution; or reputational enforcement & incentive reputational enforcement & incentive systems, when they donsystems, when they don't. t.
Basic contract law can solve the first case Older market practices for reputational economy
can address the second. (Some standards are (Some standards are being developed for the latter: ORMS.)being developed for the latter: ORMS.)
![Page 14: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/14.jpg)
Your computational Your computational platform has to work with platform has to work with all the other all the other computational platforms, computational platforms, and there are a lot of and there are a lot of them.them.
We have had a solution for that one for a We have had a solution for that one for a while, too, called while, too, called ""the Internet .the Internet .""
Not much that’s new, in 2011, about getting diverse machines to talk to each other.
It takes what it always did: standards.
![Page 15: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/15.jpg)
Your computational Your computational platform is somewhere platform is somewhere else, owned by someone else, owned by someone else.else.
Evolving metadata standards. (DMTF’s OVF)(DMTF’s OVF) Hypervisor commoditization?Hypervisor commoditization? (Open source tools?) (Open source tools?) Evolution in server-counting for licensing feesEvolution in server-counting for licensing fees
Answers: Virtualization … Answers: Virtualization …
With an underpinning of contract law
… … Managed Service Providers > Cloud Managed Service Providers > Cloud providers; Traditional outsourcingproviders; Traditional outsourcing
![Page 16: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/16.jpg)
Lots of different data Lots of different data applications must work applications must work with each otherwith each other
Well-established methods in stable standards and web services work. (OASIS’s SOA (OASIS’s SOA Reference Model, WS-* standards; work from Reference Model, WS-* standards; work from W3C, the Open Group, OMG, etc..)W3C, the Open Group, OMG, etc..)
Some standards are being refactored for cloud optimization. (E.g, AS4 for WS-* adapted ebXML (E.g, AS4 for WS-* adapted ebXML MSG: MSG: see http://www.oagi.org/oagi/Website/Case_Studies/ OAGIS_AS4Cisco-final-1.pdf.) )
Answers: Standard APIs, Service Answers: Standard APIs, Service Oriented ArchitectureOriented Architecture
![Page 17: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/17.jpg)
Service Oriented Architecture:Service Oriented Architecture: SOA SOA Services That Describe Themselves: devices
and users can find, and consume, data and computation services across networks.
Loose Coupling: Services have defined interfaces for shared data and signals, between “block boxes”, but they are not required to work the same way inside each “box.”
Late binding: Activities and operations can occur (“run time”) without all pieces being specified in advance (at “design time”).
Required:Required: Open standards and open designOpen standards and open designResults:Results: Extensibility; no lock-inExtensibility; no lock-in
![Page 18: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/18.jpg)
You don’t know who all You don’t know who all your users or network your users or network nodes are.nodes are.
Formal functions for many-to-many cooperation. Well-established, stable standards. (OASIS’s SAML (OASIS’s SAML
(used in OpenID & Kantara), WS-Federation.) (used in OpenID & Kantara), WS-Federation.)
Answers: Federation ...Answers: Federation ...
Account and access control management. Well-established, stable standards & methods.
(OASIS’s XACML, PMRM, ID-Cloud, SPML, XSPA, (OASIS’s XACML, PMRM, ID-Cloud, SPML, XSPA, KMIP.)KMIP.)
… … and Provisioningand Provisioning
![Page 19: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/19.jpg)
Identity in the Cloud TC• Standards profiles for open
identity deployment, provisioning & management in cloud environments• Use cases & gap analysis• See: http://www.oasis-http://www.oasis-open.org/committees/id-cloudopen.org/committees/id-cloud
SOA Repository Artifact Model and Protocol (S-RAMP) TC• Interaction protocol & common
data model for federatable, distributed data repositories• See: http://www.oasis-http://www.oasis-open.org/committees/s-rampopen.org/committees/s-ramp
Open cloud standards empower users
SOA Reference Model TC• Abstract model of the basic
components, by function, of any working service architecture• Method-neutral• See: http://www.oasis-http://www.oasis-open.org/committees/soa-rmopen.org/committees/soa-rm
Privacy Management Reference Model (PMRM) TC• Service & interaction patterns for
deploying and assessing formal, reusable representations of privacy policies• See: http://www.oasis-http://www.oasis-open.org/committees/pmrmopen.org/committees/pmrm
![Page 20: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/20.jpg)
WS-Federation TC / WS-Trust• Message exchange and
metadata/token policy control• Federation and brokered trust
capabilities• See: http://www.oasis-http://www.oasis-open.org/committees/wsfedopen.org/committees/wsfed
Open access control standards empower users
Security Assertion ML (SAML) TC• Reusable representations of user
authentication, entitlement and attribute data• Widely used in Kantara, OpenID,
other frameworks• See: http://www.oasis-http://www.oasis-open.org/committees/securityopen.org/committees/security
XACML TC• Access control and authorization
policy representation• Role-based access and
hierarchical resource profile• See: http://www.oasis-http://www.oasis-open.org/committees/xacmlopen.org/committees/xacml
Provisioning Services (SPML) TC• Common XML language for
provisioning and allocation of enterprise identity• Builds on LDAP, Active Directory,
DSML• See: http://www.oasis-http://www.oasis-open.org/committees/provisionopen.org/committees/provision
![Page 21: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/21.jpg)
The Open Cloud Manifesto:The Open Cloud Manifesto: from the mouths of buyersfrom the mouths of buyers
CIOs, governments, IT users and business leaders establish a set of core principles for cloud providers. Cloud architecture should be scalable on demand; enable cost
savings by increasing opportunities via re-use and outsourcing; and support portability among vendors and systems.
This can and should be achieved by using collaborative open standards, most of which already are available and in use, to fulfill cloud security, integration, data sharing, policy governance, network management and monitoring functions.
Customers, vendors and standards bodies must work together to make good use of existing methods, and avoid excessive duplication, rather than “reinventing the wheel.”
![Page 22: Oasis: Standards & the Cloud June2011](https://reader035.vdocuments.net/reader035/viewer/2022081403/55627440d8b42aab1a8b56fe/html5/thumbnails/22.jpg)
Open Cloud means Open Cloud means Open Standards. Open Standards. So far, so good. So far, so good.
James Bryce [email protected]@oasis-open.org +1.978.667.5115