D9.5 Initial assessment of current cloud standardization efforts

Contributing Partners

UNIL, AIT, IRT, UNI PASSAU

Executive Summary 

In its European Cloud Computing Strategy, the European Commission has pointed out the importance of standardisation for promoting the rapid adoption of cloud computing. Cloud computing products shall be evaluated and certified against standards, in order to support their application in sensitive areas, thus leading to the desired results of boosting productivity and competitive-ness of European industries, as well as creating numerous jobs for European citizens.
For PRISMACLOUD, as an innovative Horizon 2020 research activity in the field of cloud computing security, it is clearly of major importance to align with the European Cloud Computing Strategy and its key action #1: “Cutting through the Jungle of Standards”. This wording already points out that there is currently a special situation in cloud standardisation, which can be characterised as a mass effort of different national and international standardisation organisations in support of their gov-ernments and administrations. In addition, there are many businesses and corporations, already fully involved in the huge cloud computing market, which drive standardisation processes in non-institutional standards setting organisations and standards developing organisations, pursuing their own strategies and goals.

The PRISMACLOUD project proposal therefore includes a specific activity to address the project’s relation to standardisation. Based on an analysis of the scope of standardisation for secure cloud systems, which are central to the project, as well as on the analysis of standardisation organisations that are already involved in cloud standardisation, and other research projects of relevance, the current deliverable presents an initial plan for transferring project results into standards. The plan shall be discussed, modified, and agreed upon by the project consortium during one of the upcom-ing project general assemblies.

Executive summary of the developed “Preliminary standards action plan”

From the several potential fields and aspects of the project to which standardisation may reason-ably be applied, (1) the functional description and definition of the capabilities of the proposed PRISMACLOUD cloud security primitives, together with (2) the definition of the interfaces seem to be most promising candidates to be subject to standardisation. The relative novelty of the pro-posed cloud security primitives makes also a contribution (3) to basic standards, like reference architectures, reasonable.

The “Preliminary standards action plan”, which is presented in detail in chapter 8, contains the proposal to establish contact to two international standardisation organisations with advanced engagement in cloud standardisation:

  • ISO JTC 1/SC 38 Cloud Computing and Distributed Platforms (mainly for basic standards), and the
  • ITU-T SG13 Future networks including cloud computing, mobile and next-generation networks with its unique focus on technical cloud standardisations

In consultations with them, we intend to seek opportunities to promote and contribute the devel-opments of the project, e.g. through joint activities of the project consortium within the framework of activities of the standardisation organisation (or organisations.

Another proposal to be discussed and decided by the project general assembly is the potential diffusion of project results (i.e. of source code) to the de-facto standard of an open source implementation. Contributing to an open source project will require additional deliberation, not only of the legal implications connected to the intellectual property of the single project partners versus the license models employed in a specific open source initiative, but also of the strategic determi-nation that would be the consequence of such a step.

We will report about our actual activities, following the adoption of a standards action plan by the project general assembly, in two upcoming deliverables D9.6 and D9.7 “Standards activity reports 1+2”, due moths 24 and 42, i.e. at the end of the second year and by the end of the project, after 3.5 years.

The detailed proposal of the “Preliminary standards action plan” is presented near the end of the document in chapter 8.