Re: [clouds] Clouds SDO gap analysis template (a Table)

Gene Golovinsky <> Thu, 27 May 2010 13:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D4F453A68C3 for <>; Thu, 27 May 2010 06:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.264
X-Spam-Status: No, score=-2.264 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vq0bpHKBUsyi for <>; Thu, 27 May 2010 06:27:34 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B10A23A6851 for <>; Thu, 27 May 2010 06:27:34 -0700 (PDT)
Received: from (localhost []) by (SMTP Server) with ESMTP id 61F5F360D56; Thu, 27 May 2010 09:27:25 -0400 (EDT)
Received: from ( []) by (SMTP Server) with ESMTPS id 4BC14360CA5; Thu, 27 May 2010 09:27:25 -0400 (EDT)
Received: from ([]) by ([]) with mapi; Thu, 27 May 2010 08:27:18 -0500
From: Gene Golovinsky <>
To: Mark Webb <>, Linda Dunbar <>
Date: Thu, 27 May 2010 08:27:13 -0500
Thread-Topic: [clouds] Clouds SDO gap analysis template (a Table)
Thread-Index: Acr9nu+HVeCyKWrLRGy9Q2cCEVEoPQAACl7g
Message-ID: <>
References: <><><><><> <008001cafd61$a05069c0$> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C6A1D07CACFDBD4D9422C7D7ED288D41041C266CF834093MBXC01me_"
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [clouds] Clouds SDO gap analysis template (a Table)
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Clouds pre-BOF discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 May 2010 13:27:50 -0000

Mark and all.

One of the areas where I am convinced Cloud can benefit from IETF efforts is logging.
As I mentioned a few months ago "Auditability" for any Cloud infrastructure and applications either does not exist at all or in its enfancy.
CloudAudit is making very good progress towards some aspects of "Auditability", but it is mostly geared towards identifying and locating appropriate compliance documents in the defined namespace.
I have in mind logging Syslog style. The content of the logs for the Cloud should be different from your traditional server, router, switch log since the managed entity itself is obfuscated in the cloud.
This leads to almost impossible forensics and compliance objectives unless Cloud participating entity logs information consistently and in interoperable manner.

I'll be sending high level proposal soon. I believe it will be specific enough and complimentary to CloudAudit efforts.


From: [] On Behalf Of Mark Webb
Sent: Thursday, May 27, 2010 8:17 AM
To: Linda Dunbar
Subject: Re: [clouds] Clouds SDO gap analysis template (a Table)


In principle I think you have a good point that I agree with in the longer term.  I think if the IETF community wants to be relevant to whatever cloud computing is, then the group needs to find something within the scope of IETF _and_ not already being worked by some other SDO or forum where a significant contribution, (job to be done, problem to be solved) needs to be made.

I see the "gap analysis" as only a means to that end, (identify a real concrete problem & potential solution in need of standardization at this point in time for cloud).

Keeping all possible outcomes in play also means to me that IETF may have no _significant_ new cloud value at this snapshot in time, (as unpopular as that may be).

Mark Webb

PS: with the understanding that individuals, groups, organizations will shop SDOs for path of least resistance for their own benefit.

On May 27, 2010, at 1:58 AM, Linda Dunbar wrote:

I don't think it is realistic for IETF to keep up with all the Cloud work done by other SDO. "Cloud" is just too big a scope for one IETF working group. We should focus on one concrete problem. Other SDO's work will be background and justify why this problem has to be solved by IETF instead of other SDO.

Linda Dunbar
From:<> [] On Behalf Of Sam Johnston
Sent: Tuesday, May 25, 2010 1:18 PM
To: Mark Carlson
Subject: Re: [clouds] Clouds SDO gap analysis template (a Table)


In terms of gap analysis, I'd be more interested in seeing other groups feeding into IETF than having it picking up the scraps. I certainly intend to submit CloudAudit, and ideally [parts of] OCCI to the I-D/RFC process for a start. IETF is well known for having clean, interoperable specifications which is something specialist groups are not so good at.


On 25 May 2010 19:49, Mark Carlson <<>> wrote:
That's great. When the IETF decides what it wants to do, you should
also create and maintain an entry up there.


-- mark

On 5/25/10 11:15 AM, Bhumip Khasnabish wrote:
Dear Mark,

Thanks for your inputs and suggestions.

Yes, we'll utilize all of the relevant existing information from the sites that you mention and a few others.

As you know our objective is to determine the gaps (existing and emerging) and focus on where IETF can contribute in terms of standardization (protocol development, protocol extension recommendation, etc.) and profile development for Cloud-based services.

Hope these help clarify matters.

Thanks again.



On Tue, May 25, 2010 at 12:45 PM, Mark Carlson <<>> wrote:

Not sure why you are doing this. The information you need is largely already
available on<> wiki. Each SDO has already created
an entry describing their cloud work, and they use a standard template already
to describe each standard.

For example, here is one for an already finalized standard:
Cloud Standard

1. The name of the specification

SNIA Cloud Data Management Interface

2. A short statement (<100 words) of the purpose and function of the specification The SNIA Cloud Data Management Interface (CDMI) is the functional interface that applications will use to create, retrieve, update and delete data elements from the cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface.

3. The version number (or other distinct identifier) and date of the most recently approved version of the specification.

SNIA Architecture - 1.0 standard

4. If the specification is part of a group of explicitly related specifications from the same source, the name of the group of specifications. Not applicable

5. URI for the normative text of the specification


6. The name of the SDO that generated/authored/hosted the specification. Storage Networking Industry Association

7. URI for the SDO<>

8. The level of approval that the SDO has conferred on the specification as described by the SDO's process. SNIA Architecture (Final Standard)

9. The language or languages in which the specification is available. US English


10. Which of the categories of Cloud services does the standard address? (Infrastructure as a Service - IaaS, Data Storage as a Service - DaaS, Platform as a Service - PaaS, Software as a Service - SaaS) DaaS (Cloud Storage)

11. Does the standard address both functional and management aspects of the service? Yes. Management is done by setting metadata on containers of data and individual data elements. The functional interface allows CRUD semantics for storage of data via HTTP.


12. The level of approval of the specification in this generic lifecycle taxonomy:

Final standard

13. URI for the applicable SDO's patent and copyright rules, if any, applicable to development and use of the specification. SNIA IP Policy<>

14. URI for the SDO's posting location, (if any) for notices from participants or individuals regarding claims under the rules stated under number 15. SNIA IP Policy<>

15. Interoperability, conformance, or certification test activity for the specification (by owner name or URI).


16. Known implementations of the specification (by owner name or URI).

The SNIA Cloud Storage TWG is producing an open source reference implementation.

17. A list (or URI pointer to same) of the other specifications* that are normatively referenced in the specification.

[ISO-8601] International Standards Organization, "Data elements and interchange formats -- Information interchange -- Representation of dates and times", ISO 8601:20044 -

[ITU-T509] International Telecommunications Union Telecommunication Standardization Sector (ITU-T), Recommendation X.509: Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks, May 2000. Specification and technical corrigenda -

[RFC2119] IETF RFC 2119<>19>. Key words for use in RFCs to Indicate Requirement Levels -

[RFC2045] IETF RFC 2045<>45>. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies -

[RFC2578] IETF RFC 2578<>78>. Structure of Management Information Version 2 (SMIv2) -

[RFC2616] IETF RFC 2616<>16>. Hypertext Transfer Protocol -- HTTP/1.1 -

[RFC3280] IETF RFC 3280<>80>. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile -

[RFC3530] IETF RFC 3530<>30>. Network File System (NFS) version 4 Protocol -

[RFC3986] IETF RFC 3986<>86>. Uniform Resource Identifier (URI): Generic Syntax - http://www.ietf/org/rfc/rfc3986.txt

[RFC4346] IETF RFC 4346<>46>. The Transport Layer Security (TLS) Protocol Version 1.1 -

[RFC4627] IETF RFC 4627<>27>. The application/json Media Type for JavaScript Object Notation (JSON) -

[RFC5246] IETF RFC 5246<>46>. The Transport Layer Security (TLS) Protocol Version 1.2 -

18. A list (or URI pointer to same) of the other specifications* that are referenced in the specification (except the ones listed under number 17).

[CRC] Williams, Ross, "A Painless Guide to CRC Error Detection Algorithms", Chapter 16, August 1993,

[PKS12] RSA Laboratories, PKCS #12: Personal Information Exchange Syntax, Version 1.0, June 1999. Specification and Technical Corrigendum -<>

[REST] "Representational State Transfer" -<>

[RESTful Web] Richardson, Leonard and Sam Ruby, RESTful Web Services, O'Reilly, 2007.

[SIRDM] Storage Industry Resource Domain Model -

19. A list (or URI pointer to same) of other specifications* with which the specification may (speculatively) interoperate or act in complementary, compatible fashion.

OCCI - see OGF entry.

20. A list (or URI pointer to same) of other specifications* similar to this specification. (Whether or not substitutable.)


The template can be found here:

-- mark

On 5/25/10 10:33 AM, Bhumip Khasnabish wrote:
Dear All,

Attached please find a template (a Table) that can be utilized for Clouds SDO gap analysis.

Very much appreciate your comments, inputs, suggestions for updating it.

The plan is to populate this template with SDOs' information,
once this template is finalized through email discussion.

Thanks a lot for your support and contributions

Best Regards.

Bhumip Khasnabish (Mobile:+001-781-752-8003,<>)

© 2010 Bhumip Khasnabish. Do not view, print, forward, and save the content of this email if you are not the intended recipient of the communiqué.


clouds mailing list<>

clouds mailing list<>

Best Regards.

Bhumip Khasnabish (Mobile:+001-781-752-8003,<>)

© 2010 Bhumip Khasnabish. Do not view, print, forward, and save the content of this email if you are not the intended recipient of the communiqué.

clouds mailing list<>

clouds mailing list<>