NIST Cloud Standards Roadmap
The NST Cloud Computing Standards Roadmap Version 2 is a follow up activity of the first version of the Standard Roadmap, which has been published in August 2011. The Standards Roadmap is part of the NIST Cloud Computing Program that is one of the mechanisms in support of United States Government secure and effective adoption of the Cloud Computing model to reduce costs and improve services.
The NIST Cloud Computing Standards Roadmap has been elaborated by a Working Group, which has collected and analyzed the standards landscape, looking in particular at the areas of:
Similarly to the ETSI Cloud Standards Coordination report, the NIST’s work based the assessment of standards and identification of gaps on the analysis of uses cases.
The Roadmap identifies gaps and suggests possible candidate organizations to pursue the task of developing new standards and / or enhancing existing ones.
The conclusions identified in the roadmap are the following:
- Standards to support cloud interoperability and portability exist, but gaps remain in standardization, specifically in the PaaS area. Moreover, some of the current standards need to mature in order to describe how services interoperate and how data can be readily ported between cloud offerings.
- At the same time, according to NIST we’ll see an increase focus on standard to support cloud governance and orchestration. At this regards a definition of suitable standards to describe SLAs will be required.
- In the area of standards for Portability NIST suggests: “A future direction of workloads data and metadata standardization is to help improve the automation of inter-cloud system workload deployment. Concepts such as standardized SLAs, sophisticated inter-virtual machine network configuration and switching information, and software license information regarding all of the various components that make up the workload are possibilities.“ [NIST13, p. 42].
- In the area of standards for SaaS interoperability NIST’ cloud standard roadmap suggests that “[…] it is more likely that data formats and metadata-based interchange methods will be standardized in cloud system products rather than having SaaS interfaces themselves converge. Examples of such data format description standardization include the Data Format Description Language (DFDL) from OGF and the Cloud Data Management Interface (CDMI) data-container metadata model of the Storage Networking Industry Association (SNIA). As the cloud computing landscape is currently heavily populated by vendor-specific formats, such general-purpose standardization efforts may be crucial to achieving interoperability at the SaaS level” [NIST13, pp. 41-42].
- The NIST Roadmap suggests five areas of focus for cloud computing standards:
- Management APIs
- Data exchange formats
- Federated identity and security policy APIs
- Resource descriptions
- Data storage APIs
- In more detail, NIST highlights the need for standards in the areas of:
- Standard interfaces to metadata and data objects: results in this area can be reached by supporting the further development of CDMI from SNIA
- Common VM description format, common service and application description format to facilitate cloud migration, the development of hybrid clouds, disaster recovery capabilities and cloud-bursting: results in this area can be reached by supporting the further development of OVF from DMTF, TOSCA from OASIS, OpenID, Oauth
- Resource and performance requirements description languages to facilitate a cost-effective deployment: results in this area can be reached by supporting the further development of DMTF CIM and OGF GLUE. For Master Service Agreements and Service Level Agreements, WS-Agreement and WS-Agreement-Negotiation (WS-AG, WS-AN) from OGF; for cloud application and service level description of attributes, relationships, requirements, and capabilities, TOSCA from OASIS.
- Standard metadata/data formats for movement between cloud systems: standards to be considered for further development are AS4, OAGIS, NoSQL, GridFTP, DFDL, CDMI
- Federated identity, authorization, and virtual organizations: standards to be considered for further development are OpenID, OAuth, SAML, WS-Federation and WS-Trust, CSA outputs; Virtual Organization Management System (VOMS) from OGF.
- SLA description language to support selection of appropriate cloud service: possible standards to be considered are WS-Agreement (GFD.107) and WS-Agreement Negotiation (OGF).
- Auditing standards and verification check lists: results in this area can be reached by supporting the further development of CSA Cloud Audit.