Common Standards in Cloud

Computing

1. Working Groups
2. Open Cloud Consortium
3. The Distributed Management Task Force
4. Standards for Application Developers
5. Standards for Messaging
6. Standards for Security
 Working Groups

1. A working group is an assembled, cooperative

collaboration of researchers working on new research
activities that would be difficult for any one member to
develop alone.
2. A working group can exist for anywhere between a
few months to many years.
3. Working groups generally strive to create an
informational document a standard, or find some
resolution for problems related to a system or network.
4. Working groups are sometimes also referred to as task
groups or technical advisory groups.
 Working Groups
● Working groups support the interest and activities of OCC
Members. The current working groups include:
● The Open Science Data Cloud (OSDC) Working Group
● Project Matsu
● The Open Cloud Testbed Working Group
● Biomedical Commons Cloud (BCC)
● Working Group on Standards and Interoperability for Clouds
● Working Group on Wide Area Clouds and the Impact of Network
Protocols on Clouds.
● Working Group on Information Sharing, Security, and Clouds has a
primary focus on standards and standards-based architectures for
sharing information between clouds.
 Open Cloud Consortium
● The Open Cloud Consortium (OCC) is
➢ A not for profit
➢ Manages and operates cloud computing

infrastructure to support scientific, medical, health

care and environmental research.

● OCC members span the globe and include over 10

universities, over 15 companies, and over 5 government
agencies and national laboratories.
● The OCC is organized into several different working
groups.
 The OCC Mission
● The purpose of the Open Cloud Consortium is to support the
development of standards for cloud computing and to develop a
framework for interoperability among various clouds.
● The OCC supports the development of benchmarks for cloud
computing.
● Manages cloud computing testbeds, such as the Open Cloud
Testbed, to improve cloud computing software and services.
● Develops reference implementations, benchmarks and standards,
such as the MalStone Benchmark, to improve the state of the art
of cloud computing.
● Sponsors workshops and other events related to cloud computing
to educate the community.
 The Distributed Management Task
Force (DMTF)
● DMTF enables more effective management of millions
of IT systems worldwide by bringing the IT industry
together to collaborate on the development, validation
and promotion of systems management standards.
● The group spans the industry with 160 member
companies and organizations, and more than 4,000
active participants crossing 43 countries.
● The DMTF board of directors is led by 16 innovative,
industry-leading technology companies.
 The Distributed Management Task
Force (DMTF)
DMTF management standards are critical to enabling
management interoperability among multi vendor systems, tools
and solutions within the enterprise.
The DMTF started the Virtualization Management Initiative
(VMAN).
The Open Virtualization Format (OVF) is a fairly new standard
that has emerged within the VMAN Initiative.
Benefits of VMAN are
* Lowering the IT learning curve, and
* Lowering complexity for vendors implementing their solutions
Standardized Approaches available to
Companies due to VMAN Initiative

1.Deploy virtual computer systems

2.Discover and take inventory of virtual
computer systems
3.Manage the life cycle of virtual computer
systems
4.Add/change/delete virtual resources
5.Monitor virtual systems for health and
performance
 Open Virtualization Format (OVF)
Features & Benefits
● The OVF simplifies interoperability, security, and virtual
machine life-cycle management by describing an open,
secure, portable, efficient, and extensible format for the
packaging and distribution of one or more virtual appliances.
● The OVF specifies procedures and technologies to permit
integrity checking of the virtual machines (VM).
● The OVF also provides mechanisms that support license
checking for the enclosed Vms.
● The OVF allows an installed VM to acquire information
about its host virtualization platform and runtime
environment.
 Open Virtualization Format (OVF)
Features & Benefits

● One key feature of the OVF is virtual machine

packaging portability.
● OVF is, by design, virtualization platform-neutral.
● The OVF streamlined & simplified installation
and deployment process using metadata.
● The OVF is designed to be extended as the
industry moves forward with virtual appliance
technology.
Standards for Application Developers

● The purpose of application development standards

is to ensure uniform, consistent, high-quality
software solutions.
● Programming standards help to improve the
readability of the software, allowing developers to
understand new code more quickly and thoroughly.
● Commonly used application standards are
available for the Internet in browsers, for
transferring data, sending messages, and securing
data.
 Standards for Browsers (Ajax)
● AJAX (Asynchronous JavaScript and XML), is a
group of interrelated web development techniques
used to create interactive web applications or rich
Internet applications.
● Using Ajax, web applications can retrieve data from
the server asynchronously, without interfering with
the display and behavior of the browser page
currently being displayed to the user.
● The use of Ajax has led to an increase in interactive
animation on web pages.
 Standards for Browsers (Ajax)
● Using Ajax, a web application can request only the
content that needs to be updated in the web pages. This
greatly reduces networking bandwidth usage and page
load times.
● Sections of pages can be reloaded individually.
● An Ajax framework helps developers to build dynamic
web pages on the client side. Data is sent to or from the
server using requests, usually written in JavaScript.
● ICEfaces is an open source Ajax framework developed
as Java product and maintained by http://icefaces.org.
ICEfaces Ajax Application Framework
1.ICEfaces is an integrated Ajax application framework that
enables Java EE application developers to easily create and
deploy thin-client rich Internet applications in pure Java.
2.To run ICEfaces applications, users need to download and
install the following products:
● Java 2 Platform, Standard Edition
● Ant
● Tomcat
● ICEfaces
● Web browser (if you don’t already have one installed)
 Security Features in ICEfaces Ajax
Application Framework
1.ICEfaces is the one of the most secure Ajax
solutions available.
2.It is Compatible with SSL (Secure Sockets Layer)
protocol.
3.It prevents cross-site scripting, malicious code
injection, and unauthorized data mining.
4.ICEfaces does not expose application logic or user
data.
5.It is effective in preventing fake form submits and
SQL (Structured Query Language) injection attacks.
 Data (XML, JSON)
1.Extensible Markup Language (XML) allows to
define markup elements.
2.Its purpose is to enable sharing of structured data.
3. XML is often used to describe structured data and
to serialize Objects.
4.XML provides a basic syntax that can be used to
share information among different kinds of
computers, different applications, and different
organizations without needing to be converted
from one to another.
 Data (XML, JSON)
JSON (JavaScript Object Notation ) is a
lightweight computer data interchange format. It
is a text-based, human-readable format for
representing simple data structures and associative
arrays (called objects).
1.The JSON format is often used for transmitting
structured data over a network connection in a
process called serialization. Its main application
is in Ajax web application programming, where
it serves as an alternative to the XML format.
 Solution Stacks (LAMP and LAPP)
1.LAMP is a popular open source solution
commonly used to run dynamic web sites and
servers. The acronym derives from the fact that it
includes Linux, Apache, MySQL, and PHP (or Perl
or Python) and is considered by many to be the
platform of choice for development and
deployment of high-performance web applications
which require a solid and reliable foundation.
2.When used in combination, they represent a
solution stack of technologies that support
application servers.
3.
 Linux, Apache, PostgreSQL, and
PHP(or Perl or Python) (LAPP)
1.The LAPP stack is an open source web
platform that can be used to run dynamic web
sites and servers. It is considered by many to
be a more powerful alternative to the more
popular LAMP stack.
2.LAPP offers SSL
3.Many consider the LAPP stack a more secure
out-of-the-box solution than the LAMP stack.
 Standards for Messaging

● A message is a unit of information that is moved

from one place to another.
● Most common messaging standards used in the cloud
are
1. Simple Message Transfer Protocol (SMTP)
2. Post Office Protocol (POP)
3. Internet Messaging Access Protocol (IMAP)
4. Syndication (Atom, Atom Publishing Protocol,
and RSS)
5. Communications (HTTP, SIMPLE, and XMPP)
 Simple Message Transfer Protocol
1.Simple Message Transfer Protocol is arguably the most
important protocol in use today for basic messaging. Before
SMTP was created, email messages were sent using File
Transfer Protocol (FTP).
2.The FTP protocol was designed to transmit files, not
messages, so it did not provide any means for recipients to
identify the sender or for the sender to designate an intended
recipient.
3.SMTP was designed so that sender and recipient information
could be transmitted with the message.
4.SMTP is a two-way protocol that usually operates using TCP
(Transmission Control Protocol) port 25.
 Post Office Protocol (POP)
1.SMTP can be used both to send and receive messages, but
the client must have a constant connection to the host to
receive SMTP messages.
2.The Post Office Protocol (POP) was introduced to
circumvent this situation.
3.POP is a lightweight protocol whose single purpose is to
download messages from a server. This allows a server to
store messages until a client connects and requests them.
4.Once the client connects, POP servers begin to download
the messages and subsequently delete them from the server
(a default setting) in order to make room for more messages.
 Internet Messaging Access Protocol
1.Once mail messages are downloaded with POP, they are
automatically deleted from the server when the download
process has finished.
2.Many businesses have compulsory compliance guidelines that
require saving messages. It also becomes a problem if users
move from computer to computer or use mobile networking,
since their messages do not automatically move where they
go.
3.To get around these problems, a standard called Internet
Messaging Access Protocol was created. IMAP allows
messages to be kept on the server but viewed and manipulated
(usually via a browser) as though they were stored locally.
Syndication (Atom, Atom Publishing
Protocol, and RSS)
● In general, syndication is the supply of material
for reuse and integration with other material,
often through a paid service subscription.
● The most common example of syndication is in
newspapers, where such content as wire-service
news, comics, columns, horoscopes, and
crossword puzzles are usually syndicated content.
● Newspapers receive the content from the content
providers, reformat it as required, integrate it with
other copy, print it, and publish it.
 Syndication (Atom, Atom Publishing
Protocol, and RSS)
● Atom is an XML-based document format that
describes lists of related information known as
"feeds".
● Feeds are composed of a number of items, known
as "entries", each with an extensible set of attached
meta-data. For example, each entry has a title.
● The primary use case that Atom addresses is the
syndication of Web content such as web logs and
news headlines to Web sites as well as directly to
user agents.
Syndication (Atom, Atom Publishing
Protocol, and RSS)
● The Atom Publishing Protocol (AtomPub) is an application-
level protocol for publishing and editing Web resources.
● The protocol is based on HTTP transfer of Atom-formatted
representations. The Atom format is documented in the Atom
Syndication Format.
● The protocol supports the creation of Web Resources and
provides facilities for:
1. Collections: Sets of Resources, which can be retrieved in
whole or in part.
2. Services: Discovery and description of Collections.
3. Editing: Creating, editing, and deleting Resources.
Syndication (Atom, Atom Publishing
Protocol, and RSS)
● RSS stands for Really Simple Syndication
● RSS allows you to syndicate your site content
● RSS defines an easy way to share and view
headlines and content
● RSS files can be automatically updated
● RSS allows personalized views for different sites
● RSS is written in XML
 Why use RSS?
● RSS was designed to show selected data.
● Without RSS, users will have to check your site daily for
new updates. This may be too time-consuming for many
users. With an RSS feed (RSS is often called a News
feed or RSS feed) they can check your site faster using
an RSS aggregator (a site or program that gathers and
sorts out RSS feeds).
● Since RSS data is small and fast-loading, it can easily be
used with services like cell phones or PDA's.
● Web-rings with similar information can easily share data
on their web sites to make them better and more useful.
 REST
REST stands for Representational State Transfer
It is an architectural pattern for developing web services as
opposed to a specification.
REST web services communicate over the HTTP specification,
using HTTP vocabulary:
Methods (GET, POST, etc.)
HTTP URI syntax (paths, parameters, etc.)
Media types (xml, json, html, plain text, etc)
HTTP Response codes.
 REST
Representational
● Clients possess the information necessary to identify, modify,
and/or delete a web resource.
State
● All resource state information is stored on the client.
Transfer
● Client state is passed from the client to the service through
HTTP.
 REST

The six characteristics of REST:

1. Uniform interface
2. Decoupled client-server interaction
3. Stateless
4. Cacheable
5. Layered
6. Extensible through code on demand (optional)
* Services that do not conform to the above required
contstraints are not strictly RESTful web services.
 HTTP-REST Request Basics

The HTTP request is sent from the client.

● Identifies the location of a resource.
● Specifies the verb, or HTTP method to use when accessing
the resource.
● Supplies optional request headers (name-value pairs) that
provide additional information the server may need when
processing the request.
● Supplies an optional request body that identifies additional
data to be uploaded to the server (e.g. form parameters,
attachments, etc.)
 HTTP-REST Response Basics

The HTTP response is sent from the server.

● Gives the status of the processed request.
● Supplies response headers (name-value pairs) that provide
additional information about the response.
● Supplies an optional response body that identifies
additional data to be downloaded to the client (html, xml,
binary data, etc.)
 HTTP-REST Vocabulary

HTTP Methods supported by REST:

● GET – Requests a resource at the request URL
1. Should not contain a request body, as it will be discarded.
2. May be cached locally or on the server.
3. May produce a resource, but should not modify on it.
● POST – Submits information to the service for processing
1. Should typically return the new or modified resource.
● PUT – Add a new resource at the request URL
● DELETE – Removes the resource at the request URL
● OPTIONS – Indicates which methods are supported
● HEAD – Returns meta information about the request URL
 Simple Object Access Protocol
SOAP is a lightweight protocol intended for exchanging structured
information in a decentralized, distributed environment. SOAP uses
XML technologies to define an extensible messaging framework,
which provides a message construct that can be exchanged over a
variety of underlying protocols. The framework has been designed to
be independent of any particular programming model and other
implementation-specific semantics.
It is a XML-based messaging framework that is
1) extensible
2) interoperable
3) independent
 Features of SOAP

Simplicity remains one of SOAP's primary design goals

SOAP defines a communication framework that allows for
features such as security, routing, and reliability to be added
later as layered extensions
SOAP can be used over any transport protocol such as TCP,
HTTP, SMTP
SOAP provides an explicit binding today for HTTP SOAP
allows for any programming model and is not tied to RPC
SOAP defines a model for processing individual, one-way
messages
SOAP also allows for any number of message exchange
patterns (MEPs)
 Basic SOAP Message Exchange

WSDL
describing
service

Service Service
Consumer DESCRIBE
Provider
http SOAP
SOAP Sender transport message SOAP Receiver

INVOKE
client service
SOAP http
SOAP Receiver message transport
SOAP Sender

find
registry
publish
Service Broker
Communications (HTTP, SIMPLE, and
XMPP)
● Hypertext Transfer Protocol (HTTP)
● Session Initiation Protocol for Instant
Messaging and Presence Leveraging Extensions
(SIMPLE) is an instant messaging (IM) and
presence protocol suite based on the Session
Initiation Protocol (SIP).
● Extensible Messaging and Presence Protocol
(XMPP) is an XML-based protocol used for
near-real-time, extensible instant messaging and
presence information.
 Standards for Security

● Security standards define the processes,

procedures, and practices necessary for
implementing a secure environment that provides
privacy and security of confidential information in
a cloud environment.
● Security protocols, used in the cloud are
1.Security Assertion Markup Language (SAML)
2.Open Authentication (Oauth)
3.OpenID
4.SSL/TLS
Security Assertion Markup Language
(SAML)
● SAML is an XML-based standard for communicating
authentication, authorization, and attribute information among online
partners. It allows businesses to securely send assertions between
partner organizations regarding the identity and entitlements of a
principal.
● SAML allows a user to log on once for affiliated but separate Web
sites. SAML is designed for business-to-business (B2B) and
business-to-consumer (B2C) transactions.
● SAML is built on a number of existing standards, namely, SOAP,
HTTP, and XML. SAML relies on HTTP as its communications
protocol and specifies the use of SOAP.
● Most SAML transactions are expressed in a standardized form of
XML. SAML assertions and protocols are specified using XML
schema.
 Open Authentication (Oauth)
● OAuth is an open protocol, initiated by Blaine
Cook and Chris Messina, to allow secure API
authorization in a simple, standardized method
for various types of web applications.
● OAuth is a method for publishing and
interacting with protected data.
● OAuth provides users access to their data while
protecting account credentials.
● OAuth by itself provides no privacy at all and
depends on other protocols such as SSL to
accomplish that.
 OpenID
● OpenID is an open, decentralized standard for user
authentication and access control that allows users to
log onto many services using the same digital
identity.
● It is a single-sign-on (SSO) method of access control.
● It replaces the common log-in process (i.e., a log-in
name and a password) by allowing users to log in
once and gain access to resources across participating
systems.
● An OpenID is in the form of a unique URL and is
authenticated by the entity hosting the OpenID URL.
 SSL/TLS
● Transport Layer Security (TLS) and its predecessor, Secure
Sockets Layer (SSL), are cryptographically secure protocols
designed to provide security and data integrity for
communications over TCP/IP
● TLS and SSL encrypt the segments of network connections
at the transport layer.
● TLS provides endpoint authentication and data
confidentiality by using cryptography.
● TLS involves three basic phases:
1.Peer negotiation for algorithm support
2.Key exchange and authentication
3.Symmetric cipher encryption and message authentication