Hi! This was sent through the NIST
Security list originally (with the attachment) and then this additional
information was added in the note below (from David Bernstein) .I am sending it
to id-cloud merely due to the stated ‘special focus on Identity and Trust”
in David’s note.
Best regards,
Michele
Michele Drgon
www.dataprobity.com
+1 772 678 2777
@micheledrgon
Note: New LinkedIn: cloudjurisdiction
From:
cc_security@nist.gov [mailto:cc_security@nist.gov] On Behalf Of David Bernstein
Sent: Wednesday, April 27, 2011
11:28 AM
To: Multiple recipients of list
Subject: RE: Rebooting the NIST
Cloud Computing Security Working Group
Greetings Colleagues
I am one of the
authors of this paper. Actually we have published a series of papers on the
subject of Cloud to Cloud interoperability, along with special focus in the
Identity and Trust issues that go along with that problem. These take one
possible approach for addressing these challenges, perhaps the thoughts are
useful to the NIST discussions, we hope so.
Specific to
Intercloud and for further details, I might point the team to the series of
papers on this subject
·
D. Bernstein, S. Diamond, K, Shankar, E. Ludvigson, M.
Morrow, “Blueprint for the Intercloud – Protocols and Formats for
Cloud Computing Interoperability”, 4th
International Conference on Internet and Web Application Services –
IARIA/IEEE ICIW09, Venice, Italy; May 2009
·
D. Bernstein, D Vij, “Using Semantic Web
Ontology in Intercloud Directories and Exchanges”, ICOMP'10 - The 2010 International Conference on
Internet Computing,
·
D. Bernstein, D. Vij, “Intercloud Directory and
Exchange Protocol Detail using XMPP and RDF”, 1st Workshop on Cloud-based Services and Applications
(CBSA/IEEE 2010),
·
D. Bernstein, D. Vij, “Simple Storage
Replication Protocol (SSRP) for Intercloud”, The Second International Conference on Emerging Network Intelligence
– IEEE/IARIA EMERGING 2010,
·
D. Bernstein, D. Vij, “Intercloud Security
Considerations”, The Second
International Conference on Cloud Compouting Technology and Science –
IEEE CloudCom 2010, Indianapolis, Indiana, December 2010
·
D. Bernstein, D. Vij, S. Diamond, “An Intercloud
Cloud Computing Economy - Technology, Governance, and Market Blueprints”,
IEEE Service Research and Innovation Global
Conference – SRII 2011, San Jose, California, March 2010
There have been many
other good papers published on the subject and these are some specific
workshops in this area as well (see below). Those researchers have gotten
together in the whole area of cloud-to-cloud interoperability to work together
towards a formalization of a set of protocols (like those published above) in a
formalized standards working group in the “IEEE P2302™ Draft Standard for Intercloud
Interoperability and Federation”. The working group is just forming, it is open to
participation by all interested researchers, please see below where you can
register your interest in participating:
http://standards.ieee.org/news/2011/cloud.html
http://standards.ieee.org/develop/wg/ICWG-2302_WG.html
Respectfully,
David Bernstein
Chairman, IEEE P2301,
Guide for Cloud Portability and Interoperability Profiles
Chairman, IEEE P2302,
Standard for Intercloud Interoperability and Federation
Co-Chair, IEEE/ACM
First International Workshop on Intercloud Federation and Convergence, Cloud
and Grid (InterCloudGrid 2011),
Co-Chair, IEEE Second
International Workshop on Cloud Computing Interoperability and Services
(InterCloud 2011), Istanbul, July 2011
Technical Program
Committee, IARIA Sixth International Conference on Systems and Networks
Communications (ICSNC 2011),
Co-Chair, IEEE/ACM
Fourth International Conference on Utility and Cloud Computing (UCC 2011),
From:
cc_security@nist.gov [mailto:cc_security@nist.gov] On Behalf Of Ramanathan, Sundararajan
Sent: Wednesday, April 27, 2011
7:41 AM
To: Multiple recipients of list
Subject: RE: Rebooting the NIST
Cloud Computing Security Working Group
Hi
In terms of inter
cloud directory and exchange protocols , I hope the team has reviewed this
paper - http://www.cloudstrategypartners.com/resources/Intercloud+Directory+and+Exchange+Protocol+Detail+using+XMPP+and+RDF+-+Draft.pdf
Regards
______________________________________
Sundar
Ramanathan / Capgemini / NA
Integration
Architect - GM - GSSM-AIMD
Cell: 7342722040
People matter, results count
_________________________________
From:
cc_security@nist.gov [mailto:cc_security@nist.gov] On Behalf Of Chandramouli, Ramaswamy
Sent: Tuesday, April 19, 2011 4:15
PM
To: Multiple recipients of list
Subject: Rebooting the NIST Cloud
Computing Security Working Group
Dear Security Working Group Members
We are interested in providing a new direction to the Security Working
Group following the feedback we had from the recent workshop. At the outset, We
would like to have your thoughts on the most fundamental questions.
(1) What
do you think should be the Deliverables or the Set of Deliverables for the
Group?
(2) What
is the realistic timeline that we should commit for the Deliverable?
In terms of the kinds of activities, please provide your thoughts on
the following:
(a) Analyzing
Security Issues in each Cloud Layer
(b) Common
Security Operations and how they are unique and distinct in the cloud
environment?
(c) Analyze
security issues in standardized (or submitted for standardization) APIs –
OCCI, OVF, CDMI etc
(d) Analyze
Security issues in the context of Target Business Use Cases identified by NIST
working Group
We would like our working group members to take a proactive role by
volunteering to contribute materials to an area of their expertise and
interest. I invite you all to respond by sending an email either to our email
list (cc_security) or to me (mouli@nist.gov)
based on your preference.
Also please let us know your ideas for any other new activities (in
addition to (a) – (d) above) that you feel should be part of this
group’s focus.
Looking forward to hear from you all in tomorrow’s call.
Thanking you
Mouli
Dr. Ramaswamy
Chandramouli (Mouli)
Supervisory Computer
Scientist
Computer Security
Division, Information Technology Lab
NIST,
(301) 975-5013
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is
intended only for the person to whom it is addressed. If you are not the
intended recipient, you are not authorized to
read, print, retain, copy, disseminate, distribute, or use this message or any
part thereof. If you receive this message
in error, please notify the sender immediately and delete all copies of this
message.