US federal government: cloud first, but 'cloud' needs to be defined

Federal working group preparing cloud roadmap for US agencies, to provide guidance with protocols and definitions.
Written by Joe McKendrick, Contributing Writer on

What is 'cloud computing'?  That's what the federal government needs to determine as it aggressively pursues this strategy to cut costs and improve the flexibility of its agencies.

The National Institute of Standards and Technology (NIST) plans to issue a first draft of a “Cloud Computing Technology Roadmap” by the end of fiscal 2011, intended to provide agencies with a single, standardized process for cloud adoption and management, Fierce Government IT reports.

The US federal government now has an active policy to put cloud-based options before on-site software and systems options in new IT purchasing. But moving to cloud options could potentially be even more chaotic than the existing huge $80-billion annual patchwork of federal IT purchases.

The NIST Cloud Computing Standards Roadmap Working Group is spearheading this effort. The goal of the working group and roadmap is to “survey the existing standards landscape for security, portability, and interoperability standards/models/studies/etc. relevant to cloud computing, determine standards gaps, and identify standardization priorities.”

Standards and definitions the working group will likely include in the roadmap include the following:

  • Basic Definitions & Standards: TCP/IP, HTTP, HTML, XML, SOAP, REST, WSDL, SSL/TLS, XML/XMLD, JSON, TRP, DNS, SMTP
  • High Level Standards & Definition for Cloud and Web Services: OVF, OCCI, CDMI, SPML, Web services, GridFTP, OAuth, OpenID, WS, WSS, SAML, Frameworx, XACML
  • Categorization of Cloud Computing Related Standards: Cloud Taxonomy – output from Reference Architecture Working Group

Functional areas to be addressed in the roadmap include the following:

  • SaaS Self-service management
  • Application specific data formats
  • Application functional interfaces
  • Resource description and discovery
  • QoS specification, monitoring, reporting
  • SLA specification and negotiation
  • Billing and metering
  • Identity and access management
  • Provisioning, management, replication, federation
  • Single sign-on plus strong authentication
  • Security auditing and compliance

In addition, the US General Services Administration, the purchasing arm of the federal government, says it intends to release, by summer, the first version of FedRAMP — which provides common security and monitoring services for cloud services to help agencies avoid guesswork.

Editorial standards