OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

tc-announce message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposed Charter for OASIS Public Administration Cloud Requirements (PACR) TC

To OASIS Members:

A draft TC charter has been submitted to establish the OASIS Public Administration Cloud Requirements (PACR) Technical Committee. In accordance with the OASIS TC Process Policy section 2.2: (https://www.oasis-open.org/policies-guidelines/tc-process#formation) the proposed charter is hereby submitted for comment. The comment period shall remain open until 11:45 pm ET on 09 October 2012.

OASIS maintains a mailing list for the purpose of submitting comments on proposed charters. Any OASIS member may post to this list by sending email to: oasis-charter-discuss@lists.oasis-open.org. All messages will be publicly archived at: http://lists.oasis-open.org/archives/oasis-charter-discuss/. Members who wish to receive emails must join the group by selecting "join group" on the group home page: http://www.oasis-open.org/apps/org/workgroup/oasis-charter-discuss/. Employees of organizational members do not require primary representative approval to subscribe to the oasis-charter-discuss e-mail.

A telephone conference will be held among the Convener, the OASIS TC Administrator, and those proposers who wish to attend within four days of the close of the comment period. The announcement and call-in information will be noted on the OASIS Charter Discuss Group Calendar.

We encourage member comment and ask that you note the name of the proposed TC (PACR) in the subject line of your email message


(1) Charter of the TC 

(1)(a) Name
OASIS Public Administration Cloud Requirements (PACR) Technical Committee 

(1)(b) Statement of Purpose

Governments are evaluating the use of, and increasingly converting many of their information and communication technology ("ICT") systems to cloud and other remote distributed computing services and installations. The nature of these relatively novel systems requires some re-examination of the public policy and government responsibility requirements generally applied to ICT functions on which public administrations rely, including their:

-  Safety, reliability, stability and minimal risk;
-  Legislative conformance;
-  Regulatory compliance;
-  Degree of control and auditability by or on behalf of the responsible public administration;
-  Reliance on and vulnerability to single sources, vendors, formats, applications or computing protocols;
-  Usability and extensibility of data and data functions by anticipatable stakeholders;
-  Portability of data;
-  Portability and composability of data functions across multiple systems and clouds operating in concert;
-  More agile enhancement and maintenance and multi-site resilience;
-  Cost effectiveness; and
-  Skills needs.

The increased speed, functionality, reach and efficiencies sought and availability from cloud computing methods in some cases puts unique stresses on the foregoing conventional ICT requirements, and may also give rise to special needs not encountered or well defined in segregated, stand-alone computing installations.

Some work has been done (as cited below) in creating typologies of cloud computing service function levels, and towards models of services; and several recently-formed coalitions have proposed requirements lists at one or another level of cloud activity. However, there is little help available to governments to integrate those lists into common, readily-understood rules that inform procurement,  auditable assurance and conformance testing and acquisition criteria; and little or no openly available, vendor-neutral information mapping such requirements to the rather large but loosely-organized body of existing ICT standards.

The foregoing state of affairs can lead to haphazard, constantly-changing criteria; serious difficulties in comparing or evaluating possible cloud services; accidental data architectures (or none at all); and a failure to take advantage of easily-used but hard-to-fine bodies of existing openly-available work. The Public Cloud (PACR) TC will draw together a common set of attributes and operational requirements that are relevant to public administrations, at each of the major service levels of cloud systems, and map them where possible to existing open standards and published governmental works that supply methods of measurement and definition.

(1)(c) Scope of the TC's work

The committee will develop a set of common required functional elements, and measurable criteria or qualities that should be present in cloud computing services or installations employed by public administration entities, whether purchased, hired or self-created and self-installed.

In this context, "should be present" refers to aspects of a cloud service or installation that are likely to be necessary to reflect public sector risk profiles in order to satisfy the public policy aspects, governmental reliability and stability requirements, responsibility to citizens and constituent stakeholders, and broad, platform-neutral accessibility that generally are expected and desirable from useful, long-term government ICT resources.

Out of Scope: The TC's deliverables will not recommend or require the use of specific tools, products, technologies, software systems or branded commercial or non-commercial services. However, the TC may demonstrate implementation by publishing profiles based on specific protocols, and may identify which tools are used in connection therewith where needed to permit replication of results.

(1)(d) Deliverables

Within 18 months of the TC's first meeting it will look to deliver:

1. A measurable and auditable implementation/conformance profile for government i.e. the features that governments want to see in cloud offerings to government.  The profile will include as a minimum the following: a base set of required attributes, expressed as architecture-neutral functional features, that generally should be sought in any cloud or remote computing infrastructure employed by or on behalf of governments (including computer networking, network management, data storage and shared repository, multi-site resilience, abstracted hosting environment, service or device management and virtualization management).

2. A base set of required attributes, expressed as architecture-neutral functional features, that generally should be sought in any cloud or remote computing platform services employed by or on behalf of governments (including common transactional, eventing, notification and messaging operations such as middleware and enterprise service buses, and interaction patterns and protocols among autonomous physical or virtual machines).

3. A base set of required attributes, expressed as architecture-neutral functional features, that generally should be sought in any cloud or remote computing data application services employed by or on behalf of governments (including application program interfaces (APIs) and end-user software applications).

Thereafter the TC will look to deliver:

4. If deemed useful and feasible, a similar requirements analysis for any other specific levels of cloud or remote computing services that the TC identifies and views as significant and requiring distinct treatment.

5. If deemed feasible, a synthesis of the foregoing requirements across levels of service and abstraction. Whether generalized statements of universally applicable common requirements, bridging across multiple architectural levels, can be made meaningfully and are useful will be a question for the TC.

6. In each of the foregoing, identification of existing ICT standards and openly-available, vendor-neutral specifications that are available to implement and measure the foregoing requirements.

7. If deemed useful and feasible, gap analysis identification of those requirements where additional openly-available methods are needed for implementation and measurement.

8. If deemed useful and feasible a government Cloud Reference Model that would include amongst other aspects a common taxonomy of government services and a shared information model.

The deliverables shall:

a. Be vendor-neutral and product-agnostic. (The TC may also elect to point to or provide proof-of-concept instances of specific protocol uses, but will strive for catholicity and multiple examples, and facilitate ease of implementation regardless of protocol choices.)

b. Wherever feasible, specify and explain methodologies for compatibility with legacy system integration and incremental adoption.

c. Indicate opportunities for the utilization of existing, stable open standards and openly-published governmental criteria, generally supporting re-use of existing artefacts where plausible. The foregoing does not preclude references to ongoing but incomplete specifications, nor statements about the need for future or alternative projects.

(1)(3) IPR Mode

The committee will operate under the Non-Assertion Mode of the OASIS IPR Policy.

(1)(f) Anticipated audience

-  Government units and other entities responsible for data and computing resources employed in public administration, particularly those who have migrated or are evaluating migrating to cloud computing architectures.
-  Market participants, who consume, rely on and transact with those resources.
-  Regulators and policymakers with an interest in the procurement, control, interoperability, auditability, certification and accreditation of cloud resources.
-  Providers of cloud computing services, devices and advisory assistance who support the evaluation, initialization, migration, maintenance and monitoring of cloud computing services and installations.
-  Data integrators for the products & services used by the foregoing.
-  Providers of certification and accreditation services.

(1)(g) Language

The TC will conduct its business in English but will strive to translate its deliverables in a number of non-English languages. The TC may elect to form subcommittees that produce localized documentation of the TC's work in additional languages.

(2) Additional Non-normative Information

(2)(a) Similar or applicable work

The proposers are unaware of any currently published work that covers the entire scope described here. Some elements of the PACR project may be informed by or related to the following:

- OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) Technical Committee
- OASIS Identity in the Cloud Technical Committee, and particularly its ID-Cloud Gap Analysis Data Collection (cataloguing distributed identity service use cases)
- OASIS Transformational Government Framework Technical Committee, and particularly its TGF Pattern Language Core Patterns (cataloguing, among other things, policy goals for ICT egov operations in a controlled vocabulary)
- ISO/IEC JTC1/SC38 (Distributed application platforms and services) Working Group 3 on Cloud Computing, and particularly its Use case Analysis Methodology and Principle of Cloud Service Delivery
- The European Interoperability Framework, v2, European Commission (2010)
- ODCA Open Data Center Usage Models v1 (June 2011):
  - Security Monitoring
  - Security Provider Assurance
  - IO Control (for QoS coordination across networks)
  - VM Interoperability
  - Common Management & Policy Regulatory Framework; Guide industry in requirements and compliance management best practices
  - Cloud Service Catalogue
  - Standard Units of Measurement for IaaS
- SOA Reference Model v1.0, OASIS Standard (2006)
- SOA Governance Framework v1, The Open Group (2009)
- OASIS Test Assertions Guidelines (TAG) Technical Committee
- Cloud Audit ("A6") Project, Cloud Security Alliance
- DMTF Common Information Model ("CIM") v2.30.0 (2011)
- DMTF Open Virtualization Format ("OVF") v1.1.0 (2010)
- OASIS Privacy Management Reference Model (PMRM) Technical Committee
- Kantara Initiative CloudIDsec WG

(2)(b) Date & time of first meeting

The first meeting of the PACR TC will be a teleconference to be held on Thursday 29th November 2012, 19.00 to 20.00 Central European Time. This teleconference will be sponsored by iFOSS.

(2)(c) Ongoing meeting schedule

It is anticipated that the PACR TC will meet via teleconference every month for 60 minutes at a time determined by the TC members during the TC's first meeting. It is anticipated that the PACR TC will meet face-to-face every 12 months at a time and location to be determined by the TC members.  TC members will determine the actual pace of face-to-face and teleconference meetings. One of the proposers, as listed below, will sponsor the teleconferences unless other TC members offer to donate their own facilities.

(2)(d) Proposers

The names, electronic mail addresses, and membership affiliations of at least Minimum Membership who support this proposal:

Adil Soussi Nachit, adil.soussinachit@minfin.fed.be, Belgian SPF Finances
John Borras, johnaborras@yahoo.co.uk, Individual
Peter Brown, peter@peterfbrown.com, Individual
Neil McEvoy, neil.mcevoy@iFOSSF.org, iFOSSF
Colin Wallis, Colin.Wallis@dia.govt.nz, New Zealand Government

(2)(e)Statements of Support

Arnaud Martens, arnaud.martens@minfin.fed.be, Belgian SPF Finances: "I support the charter of the proposed new "Public Administration Cloud Requirements" TC as an added-value initiative to deliver a map of requirements to help public organizations going into the cloud computing."

Neil McEvoy,  neil.mcevoy@ifossfoundation.org, iFOSSF: "I am pleased to support the work of this new TC which is looking to fill a very important gap in the standards for deploying Cloud services."

Colin Wallis, Colin.Wallis@dia.govt.nz, DIA, New Zealand Government: "The Department of Internal Affairs - New Zealand Government, participated in the Discussion Group leading up to this proposal. In consideration of those discussions, the Department concurs that governments' requirements are sufficiently differentiated from corporate enterprises to warrant the establishment of this Technical Committee."

(2)(f) Convener

The convener is John Borras.

(2)(g) Member Section Affiliation

The TC intends to request affiliation with the OASIS eGov Member Section.

Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]