ANNOUNCEMENT: DMTF Cloud Audit, Data Federation (CADF) Working Group Formed

[Matt Rutkowski <mrutkows@us.ibm.com>]

Dear ID Cloud TC Members,

Given our recent discussion of Cloud
Auditing use cases and its relationship to identity management in the cloud,
I am pleased to announce that 

The Distributed Management
Task Force (DMTF),
has approved a Cloud
Audit, Data Federation (CADF) Working Group 

This technical wok of this WG will enable
cloud ecosystems to share audit event data in the form of reports and logs
and to tie them to meaningful, normative audit event data. 

Here is an overview of the scope of
the CADF's charter:
·
Data Model – that defines a normative, prescriptive audit event record
and is composable into compatible log and record formats.
o Extensible
Event Taxonomies – normative, prescriptive taxonomies used to categorize
event resources, actions and outcomes.
· Exemplary
Interface Model – that defines service methods for management and
federation of the audit data model.
o Interfaces
would include consideration for event Submission, Import and Export, Query
and Subscription.
· Exemplary
Component and Interaction Model  - that demonstrates  how
the data and interfaces could be used by cloud providers and consumers
to support general cloud auditing use cases.
· Profiles
- that extends the core data and interface specifications developed to
accommodate particular methods of consumption.  
o Including
references to specific data models (e.g. DMTF Common Information Model
or CIM) and "tagging" to security compliance controls/frameworks
(e.g. ISO 27000, PCI-DSS, HIPAA, etc.)

The following DMTF Board and Leadership
level companies actively participated in the chartering process since
January and have indicated ongoing commitment to the work of the CADF to
the DMTF Board:

• IBM, Novell, VMWare, EMC, HP, Oracle, Cisco, Fujitsu, CA Technologies, Hitachi, Juniper, Red Hat, Citrix, Huawei

The list of DMTF General Member companies
that are joining is growing daily now that it has been approved and announced
to the general membership. The CADF WG will coordinate its work, specifically
Audit APIs, with the existing DMTF Cloud Mgmt. Working Group (CMWG) and
reference the protocols and data objects they develop over time.  Additionally,
we have liaisons already planned with The Open Group (TOG) Security
Forum and the Cloud Security Alliance (CSA).  

This CADF WG is a body under the DMTF
Technical Committee and the Platform Mgmt. SC:
http://dmtf.org/about/working-groups

It's approved charter is accessible
here:
http://dmtf.org/sites/default/files/CADF_Charter_03-10-11.pdf

Once the DMTF publishes the announcement
on their website I will sent out another email.

Kind regards,
Matt