Open Clouds andOpen Standards IXHows it going?Pretty well. M RE
"The largeststandardsgroup forelectronic Over 5,000 participantscommerce on representing more thanthe Web" 600 organizations and individuals, since 1993 60+ technical committees producing royalty-free and RAND standards
OASIS: Standards for e-business and e-gov ... Service Oriented Architecture & Web Services: SOA Reference Model, WS-Transaction, WS-Reliable Messaging, BPEL, UDDI, ebXML, ID-Cloud ... Security & Identity: WS-Security, SAML, XACML, KMIP, WS-Federation, XSPA, SPML, PMRM, ORMS ... e-Government: Emergency/CAP, UBL, TGF, SmartGrid (EMIX, WS-DD, OBIX, WS-Calendar) … Documents: ODF (OpenDocument Format); DITA; CMIS; DocBook ... Semantics & KM: QUOMOS, UnitsML, SEE, SET, Search Web Services ...
Why Open Standards? Safety.Real open standards are: Publicly & persistently visible for review Developed fairly under transparent, published rules Open to comment: public comments, no NDAs Available to use under clear, irrevocable licensesAnything else is proprietary (vendor-centric).Nothing wrong with that; but it doesnt provide the same kind of interoperability and stability assurance.
Why Open Standards?Open Standards areReliable and Stable Open access from stakeholders The standard on which you build is less likely to disappear, be obsoleted or invisibly modified Stable rules & neutral management help assure against invisible lock-in to unilateral viewpoints: auditable sources, drafts and licensing This is why governments prefer open standards: WTO Technical Barriers to Trade Agreement, Annex 3 http://www.wto.org/english/ docs_e/ legal_e/final_e.htm
Why Open Standards?Real Standards, versusDrafts and Proposals Final open standards have the benefits of open process protection and licensing rules Drafts, notes & proposals may just be one companys idea - or property Publication of work in neutral, archival forms on which implementers can safely build
But maybe not as complexas it sounds software-as-a-service In the 1980s paradigm, your In the platform-as-a-service 1980s paradigm, your microcomputer was on your microcomputer was on your application-as-a-serviceandititwas your problem. your desk, and idea youryour data, desk, was Theidea that that problem. The my desk, youris my your andisdata, Mineis on my desk, resources, and your is on Mine computing resources, and your computing and my storage-as-a-service problem. problem.softwaremay be elsewhere, software may be elsewhere, They were connected. But by They were new. isnt new. isnt infrastructure-as-a-service connected. But by obvious, episodic connections. obvious, episodic connections. LikeSneakerNet. No-one sat up LikeSneakerNet.isNo-one sat up acronyms-as-a-service Neither is outsourcing. Neither outsourcing. nightsworrying about where nights worrying about where boring-slides-as-a-service was. the data the data was. Or who controls it. Or who controls it. oy-gevalt-as-a-service
Most of the challenges that"the cloud" brings, weve cloud wealready encountered. Your data is somewhere else. Your data and applications all must work with each other (and there are a lot of them). You don’t know who all your users or network nodes are (or will be later).
Your data is somewhereelse. Answers: Remote storage methods, Shared data repositories and registries We had standards for those by the early 2000s. (SNIA; OASIS’s UDDI, ebXML Registry, and more recent developments like S-RAMP.)
Your data and applicationsare owned by someone else. Answers: Application Service Provider duties & licensure expressed either in SLAs (Service Level Agreements), when the economics support a contractual solution; or reputational enforcement & incentive systems, when they dont. don Basic contract law can solve the first case Older market practices for reputational economy can address the second. (Some standards are being developed for the latter: ORMS.)
Your computationalplatform has to work withall the othercomputational platforms,and there are a lot ofthem. We have had a solution for that one for a while, too, called "the Internet ." Not much that’s new, in 2011, about getting diverse machines to talk to each other. It takes what it always did: standards.
Your computationalplatform is somewhereelse, owned by someoneelse. Answers: Virtualization … Evolving metadata standards. (DMTF’s OVF) Hypervisor commoditization? (Open source tools?) Evolution in server-counting for licensing fees … Managed Service Providers > Cloud providers; Traditional outsourcing With an underpinning of contract law
Lots of different dataapplications must workwith each other Answers: Standard APIs, Service Oriented Architecture Well-established methods in stable standards and web services work. (OASIS’s SOA Reference Model, WS-* standards; work from W3C, the Open Group, OMG, etc..) Some standards are being refactored for cloud optimization. (E.g, AS4 for WS-* adapted ebXML MSG: see http://www.oagi.org/oagi/Website/Case_Studies/ OAGIS_AS4Cisco-final-1.pdf.)
Service Oriented Architecture: SOA Services That Describe Themselves: devices and users can find, and consume, data and computation services across networks. Loose Coupling: Services have defined interfaces for shared data and signals, between “block boxes”, but they are not required to work the same way inside each “box.” Late binding: Activities and operations can occur (“run time”) without all pieces being specified in advance (at “design time”). Required: Open standards and open design Results: Extensibility; no lock-in
You don’t know who allyour users or networknodes are. Answers: Federation ... Formal functions for many-to-many cooperation. Well-established, stable standards. (OASIS’s SAML (used in OpenID & Kantara), WS-Federation.) … and Provisioning Account and access control management. Well-established, stable standards & methods. (OASIS’s XACML, PMRM, ID-Cloud, SPML, XSPA, KMIP.)
Open cloud standards empower usersIdentity in the Cloud TC SOA Reference Model TC• Standards profiles for open • Abstract model of the basic identity deployment, provisioning components, by function, of any & management in cloud working service architecture environments • Method-neutral• Use cases & gap analysis • See: http://www.oasis-• See: http://www.oasis- open.org/committees/soa-rm open.org/committees/id-cloudPrivacy Management SOA Repository ArtifactReference Model (PMRM) TC Model and Protocol (S-• Service & interaction patterns for RAMP) TC deploying and assessing formal, • Interaction protocol & common reusable representations of privacy data model for federatable, policies distributed data repositories• See: http://www.oasis- • See: http://www.oasis- open.org/committees/pmrm open.org/committees/s-ramp
Open access control standards empower usersSecurity Assertion ML XACML TC (SAML) TC • Access control and authorization• Reusable representations of user policy representation authentication, entitlement and • Role-based access and attribute data hierarchical resource profile• Widely used in Kantara, OpenID, • See: http://www.oasis- other frameworks open.org/committees/xacml• See: http://www.oasis- open.org/committees/security Provisioning ServicesWS-Federation TC / WS-Trust (SPML) TC• Message exchange and • Common XML language for provisioning and allocation of metadata/token policy control enterprise identity• Federation and brokered trust • Builds on LDAP, Active Directory, capabilities DSML• See: http://www.oasis- • See: http://www.oasis- open.org/committees/wsfed open.org/committees/provision
The Open Cloud Manifesto:from the mouths of buyersCIOs, governments, IT users and business leaders establish aset of core principles for cloud providers. Cloud architecture should be scalable on demand; enable cost savings by increasing opportunities via re-use and outsourcing; and support portability among vendors and systems. This can and should be achieved by using collaborative open standards, most of which already are available and in use, to fulfill cloud security, integration, data sharing, policy governance, network management and monitoring functions. Customers, vendors and standards bodies must work together to make good use of existing methods, and avoid excessive duplication, rather than “reinventing the wheel.”
Open Cloud meansOpen Standards.So far, so good.James Bryce Clarkjamie.firstname.lastname@example.org+1.978.667.5115