OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [id-cloud] ANNOUNCEMENT: DMTF Cloud Audit, Data Federation (CADF) WorkingGroup Formed

pardon my typos, but wanted to get this out quickly...

From:        Matt Rutkowski/Austin/IBM@IBMUS
To:        id-cloud@lists.oasis-open.org
Date:        03/22/2011 02:51 PM
Subject:        [id-cloud] ANNOUNCEMENT: DMTF Cloud Audit, Data Federation (CADF) Working Group Formed

Dear ID Cloud TC Members,

Given our recent discussion of Cloud Auditing use cases and its relationship to identity management in the cloud, I am pleased to announce that

The Distributed Management Task Force (DMTF), has approved a Cloud Audit, Data Federation (CADF) Working Group

This technical wok of this WG will enable cloud ecosystems to share audit event data in the form of reports and logs and to tie them to meaningful, normative audit event data.

Here is an overview of the scope of the CADF's charter:

Data Model – that defines a normative, prescriptive audit event record and is composable into compatible log and record formats.
Extensible Event Taxonomies – normative, prescriptive taxonomies used to categorize event resources, actions and outcomes.
Exemplary Interface Model – that defines service methods for management and federation of the audit data model.
Interfaces would include consideration for event Submission, Import and Export, Query and Subscription.
Exemplary Component and Interaction Model  - that demonstrates  how the data and interfaces could be used by cloud providers and consumers to support general cloud auditing use cases.
Profiles - that extends the core data and interface specifications developed to accommodate particular methods of consumption.  
Including references to specific data models (e.g. DMTF Common Information Model or CIM) and "tagging" to security compliance controls/frameworks (e.g. ISO 27000, PCI-DSS, HIPAA, etc.)

The following DMTF Board and Leadership level companies actively participated in the chartering process since January and have indicated ongoing commitment to the work of the CADF to the DMTF Board:

The list of DMTF General Member companies that are joining is growing daily now that it has been approved and announced to the general membership. The CADF WG will coordinate its work, specifically Audit APIs, with the existing DMTF Cloud Mgmt. Working Group (CMWG) and reference the protocols and data objects they develop over time.  Additionally, we have liaisons already planned with The Open Group (TOG) Security Forum and the Cloud Security Alliance (CSA).  

This CADF WG is a body under the DMTF Technical Committee and the Platform Mgmt. SC:


It's approved charter is accessible here:


Once the DMTF publishes the announcement on their website I will sent out another email.

Kind regards,


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]