US federal government: cloud first, but 'cloud' needs to be defined

US federal government: cloud first, but 'cloud' needs to be defined

Summary: Federal working group preparing cloud roadmap for US agencies, to provide guidance with protocols and definitions.


What is 'cloud computing'?  That's what the federal government needs to determine as it aggressively pursues this strategy to cut costs and improve the flexibility of its agencies.

The National Institute of Standards and Technology (NIST) plans to issue a first draft of a “Cloud Computing Technology Roadmap” by the end of fiscal 2011, intended to provide agencies with a single, standardized process for cloud adoption and management, Fierce Government IT reports.

The US federal government now has an active policy to put cloud-based options before on-site software and systems options in new IT purchasing. But moving to cloud options could potentially be even more chaotic than the existing huge $80-billion annual patchwork of federal IT purchases.

The NIST Cloud Computing Standards Roadmap Working Group is spearheading this effort. The goal of the working group and roadmap is to “survey the existing standards landscape for security, portability, and interoperability standards/models/studies/etc. relevant to cloud computing, determine standards gaps, and identify standardization priorities.”

Standards and definitions the working group will likely include in the roadmap include the following:

  • Basic Definitions & Standards: TCP/IP, HTTP, HTML, XML, SOAP, REST, WSDL, SSL/TLS, XML/XMLD, JSON, TRP, DNS, SMTP
  • High Level Standards & Definition for Cloud and Web Services: OVF, OCCI, CDMI, SPML, Web services, GridFTP, OAuth, OpenID, WS, WSS, SAML, Frameworx, XACML
  • Categorization of Cloud Computing Related Standards: Cloud Taxonomy – output from Reference Architecture Working Group

Functional areas to be addressed in the roadmap include the following:

  • SaaS Self-service management
  • Application specific data formats
  • Application functional interfaces
  • Resource description and discovery
  • QoS specification, monitoring, reporting
  • SLA specification and negotiation
  • Billing and metering
  • Identity and access management
  • Provisioning, management, replication, federation
  • Single sign-on plus strong authentication
  • Security auditing and compliance

In addition, the US General Services Administration, the purchasing arm of the federal government, says it intends to release, by summer, the first version of FedRAMP — which provides common security and monitoring services for cloud services to help agencies avoid guesswork.

Topics: Government US, Government, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: US federal government: cloud first, but 'cloud' needs to be defined

    As long as the standards are open (not beholden to any one company), then it is okay. While I personally want to limit what information is hosted online, others are free to include every it of information they want out there.
    • RE: US federal government: cloud first, but 'cloud' needs to be defined

      I totally agree.
      Ram U
  • RE: US federal government: cloud first, but 'cloud' needs to be defined

  • RE: US federal government: cloud first, but 'cloud' needs to be defined

    nice article Mr McKendrick.

    re above comments: whether is a standard is open; closed; made-standard-by-popularity; made standard-by-committee is perhaps irrelevant.

    why? cloud computing is an architectural discipline and why do we need a committee to define a meaning of a word. particularly when cloud computing incorporates SaaS which Progress Sonic and Tivoli have perhaps been doing for some time before cloud became the topic of the month.

    sometimes committees do nothing but damage or take so long establishing standards that the world just moves on without.

    take HL7 for example. this is a classic example of designed-by-committee that has historically been rejected by nearly all facilityies outside of hospitals.