ISO/IEC JTC 1/SC 38 - Cloud computing and distributed platforms
Standardization in the areas of Cloud Computing and Distributed Platforms including: Foundational concepts and technologies, Operational issues, and Interactions among Cloud Computing systems and with other distributed systems SC 38 serves as the focus, proponent, and systems integration entity on Cloud Computing, Distributed Platforms, and the application of these technologies. SC 38 provides guidance to JTC 1, IEC, ISO and other entities developing standards in these areas.
Plate-formes et services d'applications distribuées
Normalisation dans les domaines de l’informatique en nuage et des plates-formes distribuées, entre autres : Les technologies et concepts fondamentaux Les questions d’ordre opérationnel, et Les interactions entre des systèmes d’informatique en nuage et avec d’autres systèmes distribués Le SC 38 fait office d’entité de réflexion, de promotion et d’intégration des systèmes portant sur l’informatique en nuage, les plates-formes distribuées, ainsi que l’application de ces technologies. Le SC 38 fournit des recommandations au JTC 1, à l’IEC, à l’ISO et à d’autres entités chargées de l’élaboration des normes dans les domaines précités.
General Information
This document provides guidance on the application of the taxonomy and use statements from ISO/IEC 19944-1 in real world scenarios, and how to develop extensions to the data taxonomy, data processing and use categories and data use statements.
- Standard23 pagesEnglish languagesale 15% off
This document surveys aspects of the audit of cloud services including: 1) role and responsibilities of parties conducting audit and description of the interactions between the CSC, CSP, and CSN; 2) approaches for conducting audits of cloud services to facilitate confidence in delivering and using cloud services; 3) examples of available frameworks and standards which can be used for audit schemes, for certification, and for authorization. This document builds upon the cloud auditor role as defined in ISO/IEC 17789 and ISO/IEC 22123. This document is applicable to all types and sizes of organizations that need to plan and conduct internal or external audits, and that use, provide and support cloud services. This document is not intended to describe certification or to identify controls that are published elsewhere.
- Technical report50 pagesEnglish languagesale 15% off
This document establishes a set of building blocks, i.e. concepts, terms, and definitions, including Data Level Objectives (DLOs) and Data Qualitative Objectives (DQOs), that can be used to create Data Sharing Agreements (DSAs). This document is applicable to DSAs where the data is intended to be processed using one or more cloud services or other distributed platforms.
- Standard26 pagesEnglish languagesale 15% off
This document provides terms and definitions for vocabulary used in the field of cloud computing.
- Standard15 pagesEnglish languagesale 15% off
- Draft14 pagesEnglish languagesale 15% off
This document — extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services, — describes the various types of data flowing within the devices and cloud computing ecosystem, — describes the impact of connected devices on the data that flow within the cloud computing ecosystem, — describes flows of data between cloud services, cloud service customers and cloud service users, — provides foundational concepts, including a data taxonomy, and — identifies the categories of data that flow across the cloud service customer devices and cloud services. This document is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organisation involved in legal, policy, technical or other implications of data flows between devices and cloud services.
- Standard65 pagesEnglish languagesale 15% off
- Draft65 pagesEnglish languagesale 15% off
The scope of this document is to describe guidance for using the ISO/IEC 19086-2 metric model, illustrated with examples.
- Technical report34 pagesEnglish languagesale 15% off
- Draft34 pagesEnglish languagesale 15% off
This document provides an overview of and guidance on interactions between cloud service partners (CSNs), specifically cloud service brokers, cloud service developers and cloud auditors, and other cloud service roles. In addition, this document describes how cloud service agreements (CSAs) and cloud service level agreements (cloud SLAs) can be used to address those interactions, including the following: — definition of terms and concepts, and provision of an overview for interactions between CSNs and CSCs and CSPs; — description of types of CSN interactions; — description of interactions between CSNs and CSCs; — description of interactions between CSNs and CSPs; — description of elements of CSAs and Cloud SLAs for CSN interactions, both with CSPs and with CSCs.
- Technical report34 pagesEnglish languagesale 15% off
- Technical report34 pagesEnglish languagesale 15% off
This document describes a sample set of cloud service metering elements and billing modes.
- Technical report7 pagesEnglish languagesale 15% off
This document examines the concept of edge computing, its relationship to cloud computing and IoT, and the technologies that are key to the implementation of edge computing. This document explores the following topics with respect to edge computing: — concept of edge computing systems; — architectural foundation of edge computing; — edge computing terminology; — software classifications in edge computing, e.g. firmware, services, applications; — supporting technologies, e.g. containers, serverless computing, microservices; — networking for edge systems, including virtual networks; — data, e.g. data flow, data storage, data processing; — management, of software, of data and of networks, resources, quality of service; — virtual placement of software and data, and metadata; — security and privacy; — real time; — mobile edge computing, mobile devices.
- Technical report44 pagesEnglish languagesale 15% off
This document provides a description of a set of common technologies and techniques used in conjunction with cloud computing. These include: — virtual machines (VMs) and hypervisors; — containers and container management systems (CMSs); — serverless computing; — microservices architecture; — automation; — platform as a service systems and architecture; — storage services; — security, scalability and networking as applied to the above cloud computing technologies.
- Technical specification54 pagesEnglish languagesale 15% off
This document: — describes a framework for the structured expression of data-related policies and practices in the cloud computing environment, based on the data taxonomy in ISO/IEC 19944; — provides guidelines on application of the taxonomy for handling of data based on data subcategory and classification; — covers expression of data-related policies and practices including, but not limited to data geolocation, cross border flow of data, data access and data portability, data use, data management, and data governance; — describes how the framework can be used in codes of conduct for practices regarding data at rest and in transit, including cross border data transfer, as well as remote access to data; — provides use cases for data handling challenges, i.e. control, access and location of data according to ISO/IEC 19944 data categories. This document is applicable primarily to cloud service providers, cloud service customers (CSCs) and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of taxonomy-based data management in cloud services.
- Standard37 pagesEnglish languagesale 15% off
This document provides guidance on the use of international standards as a tool in the development of those policies that govern or regulate cloud service providers (CSPs) and cloud services, and those policies and practices that govern the use of cloud services in organisations. This includes material that explains cloud computing concepts and the role of cloud computing international standards in formulating policies and practices. The document makes references to various international standards. Where possible, these standards are ISO/IEC standards. Where a suitable ISO/IEC standard is not available, references are made to documents published by other WTO-registered standards bodies. As explained in the WTO Agreement on Technical Barriers to Trade (TBT), standards play a vital role in supporting technical regulations and conformity assessment, however this document does not cover matters of trade.
- Technical report34 pagesEnglish languagesale 15% off
This document describes a framework of trust for the processing of multi-sourced data that includes data use obligations and controls, data provenance, chain of custody, security and immutable proof of compliance as elements of the framework.
- Technical report15 pagesEnglish languagesale 15% off
This document establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples. This document establishes a common terminology and approach for specifying metrics. This document is for the benefit of and use for both cloud service providers (CSPs) and cloud service customers (CSCs). This document is intended to complement ISO/IEC 19086-1, ISO/IEC 19086-3 and ISO/IEC 19086-4. This document does not mandate the use of a specific set of metrics for cloud SLAs.
- Standard39 pagesEnglish languagesale 15% off
ISO/IEC 19941:2017 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services. ISO/IEC 19941:2017 is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086‑1, ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in ISO/IEC 17788 and ISO/IEC 17789 respectively. The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs, CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding of interoperability and portability for their specific needs. This common understanding helps to achieve interoperability and portability in cloud computing by establishing common terminology and concepts.
- Standard65 pagesEnglish languagesale 15% off
The Open Virtualization Format (OVF) Specification describes an open, secure, efficient and extensible format for the packaging and distribution of software to be run in virtual systems. The OVF package enables the authoring of portable virtual systems and the transport of virtual systems between virtualization platforms. This version of the specification (2.1) is intended to allow OVF 1.x tools to work with OVF 2.x descriptors in the following sense: Existing OVF 1.x tools should be able to parse OVF 2.x descriptors. Existing OVF 1.x tools should be able to give warnings/errors if dependencies to 2.x features are required for correct operation. If a conflict arises between the schema, text, or tables, the order of precedence to resolve the conflicts is schema; then text; then tables. Figures are for illustrative purposes only and are not a normative part of the standard. A table may constrain the text but it shall not conflict with it. The profile conforms to the cited CIM Schema classes where used. Any requirements contained in the cited CIM Schema classes shall be met. If a conflict arises the CIM Schema takes precedence. The profile conforms to the cited OVF XML Schema. It may constrain the schema but it shall not conflict with it. If a conflict arises the OVF XML Schema takes precedence.
- Standard61 pagesEnglish languagesale 15% off
ISO/IEC 19086-3:2017 specifies the core conformance requirements for service level agreements (SLAs) for cloud services based on ISO/IEC 19086‑1 and guidance on the core conformance requirements. This document is for the benefit of and use by both cloud service providers and cloud service customers. ISO/IEC 19086-3:2017 does not provide a standard structure that would be used for cloud SLAs.
- Standard15 pagesEnglish languagesale 15% off
ISO/IEC 19086-1:2016 seeks to establish a set of common cloud SLA building blocks (concepts, terms, definitions, contexts) that can be used to create cloud Service Level Agreements (SLAs). This document specifies a) an overview of cloud SLAs, b) identification of the relationship between the cloud service agreement and the cloud SLA, c) concepts that can be used to build cloud SLAs, and d) terms commonly used in cloud SLAs. ISO/IEC 19086-1:2016 is for the benefit and use of both cloud service providers and cloud service customers. The aim is to avoid confusion and facilitate a common understanding between cloud service providers and cloud service customers. Cloud service agreements and their associated cloud SLAs vary between cloud service providers, and in some cases different cloud service customers can negotiate different contract terms with the same cloud service provider for the same cloud service. This document aims to assist cloud service customers when they compare cloud services from different cloud service providers. ISO/IEC 19086-1:2016 does not provide a standard structure that can be used for a cloud SLA or a standard set of cloud service level objectives (SLOs) and cloud service qualitative objectives (SQOs) that will apply to all cloud services or all cloud service providers. This approach provides flexibility for cloud service providers in tailoring their cloud SLAs to the particular characteristics of the offered cloud services. ISO/IEC 19086-1:2016 does not supersede any legal requirement.
- Standard34 pagesEnglish languagesale 15% off
- Standard34 pagesEnglish languagesale 15% off
ISO/IEC 18384-3:2016 defines a formal ontology for service-oriented architecture (SOA), an architectural style that supports service orientation. The terms defined in this ontology are key terms from the vocabulary in ISO/IEC 18384-1.
- Standard74 pagesEnglish languagesale 15% off
- Standard74 pagesEnglish languagesale 15% off
ISO/IEC 18384-2:2016 describes a Reference Architecture for SOA Solutions which applies to functional design, performance, development, deployment and management of SOA Solutions. It includes a domain-independent framework, addressing functional requirements and non-functional requirements, as well as capabilities and best practices to support those requirements.
- Standard191 pagesEnglish languagesale 15% off
- Standard191 pagesEnglish languagesale 15% off
ISO/IEC 18384-1:2016 establishes vocabulary, guidelines, and general technical principles underlying service oriented architecture (SOA), including principles relating to functional design, performance, development, deployment, and management.
- Standard51 pagesEnglish languagesale 15% off
ISO/IEC 17789:2014 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships.
- Standard53 pagesEnglish languagesale 15% off
ISO/IEC 17788:2014 provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards. ISO/IEC 17788:2014 is applicable to all types of organizations (e.g., commercial enterprises, government agencies, not-for-profit organizations).
- Standard10 pagesEnglish languagesale 15% off
ISO/IEC 17963:2013 describes a Web services protocol based on SOAP for use in management‑specific domains. These domains include the management of entities such as PCs, servers, devices, Web services and other applications manageable entities. Services can expose only a WS-Management interface or compose the WS-Management service interface with some of the many other Web service specifications. A crucial application for these services is in the area of systems management. To promote interoperability between management applications and managed resources, ISO/IEC PAS 17963:2012 identifies a core set of Web service specifications and usage requirements that expose a common set of operations central to all systems management. This includes the ability to do the following: a) get, put (update), create, and delete individual resource instances, such as settings and dynamic values; b) enumerate the contents of containers and collections, such as large tables and logs; c) subscribe to events emitted by managed resources; d) execute specific management methods with strongly typed input and output parameters. In each of these areas of scope, ISO/IEC 17963:2013 defines minimal implementation requirements for conformant Web service implementations. An implementation is free to extend beyond this set of operations, and to choose not to support one or more of the preceding areas of functionality if that functionality is not appropriate to the target device or system. ISO/IEC 17963:2013 intends to meet the following requirements: a) constrain Web services protocols and formats so that Web services can be implemented with a small footprint in both hardware and software management services; b) define minimum requirements for compliance without constraining richer implementations; c) ensure backward compatibility and interoperability with WS-Management version 1.0; d) ensure composability with other Web services specifications.
- Standard208 pagesEnglish languagesale 15% off
ISO/IEC TR 30102:2012 describes the general technical principles underlying Service Oriented Architecture (SOA), including principles relating to functional design, performance, development, deployment and management. It provides a vocabulary containing definitions of terms relevant to SOA. It includes a domain-independent technical framework, addressing functional requirements and non-functional requirements.
- Technical report73 pagesEnglish languagesale 15% off
The concept of "type" is fundamental to ODP systems; the interaction model of ODP-RM involves strongly-typed interactions. This Recommendation | International Standard: ? defines a framework for describing types of interest in ODP systems by determining what entities need to be typed and what needs to be said about the identified types. The primary focus of this work is the computational interface type system; ? identifies and characterizes type languages sufficient to describe the types identified above in an informative annex; ? provides enterprise, information, and computational specifications of a generic type repository function within the type description framework which can be specialized to select a specific type system or type notation. The type repository function provides: ? storage and retrieval of type descriptions; ? management of type descriptions; ? management of the relationship between types including matching of types; ? naming of types (in a manner consistent with ODP Naming Framework); ? interworking and federation of different type repositories. This Recommendation | International Standard provides a standard method of accessing type descriptions used within open distributed processing systems, where the type descriptions can be in various concrete syntaxes and type languages used in these open distributed processing systems. This Recommendation | International Standard also facilitates the dynamic matching of types for interactions, binding and trading purposes.
- Standard28 pagesEnglish languagesale 15% off
- Standard28 pagesFrench languagesale 15% off
This Recommendation | International Standard is based on the framework of abstractions and concepts developed in the Reference Model for Open Distributed Processing (ITU-T Rec. X.902 | ISO/IEC 10746-2 and ITU-T Rec. X.903 | ISO/IEC 10746-3). This Recommendation | International Standard defines how interactions between computational objects in a computational specification of a system relate to protocol support for those interactions in an engineering specification of that system. In particular it: ? defines a General Interworking Framework (GIF); ? within the GIF, defines a set of facilities each comprising a set of functionally-related service primitives as abstract definitions of the interactions of basic engineering objects and channel objects; ? defines the parameters of the service primitives of the GIF; ? defines the permitted sequence of the service primitives by means of state tables; ? specifies, in annexes, the mapping of the GIF service primitives and their parameters to the messages and fields of particular protocols. As specified in this Recommendation | International Standard, the GIF defines protocol support for a pragmatic subset of the possible computational interactions defined in ITU-T Rec. X.903 | ISO/IEC 10746-3. It is also restricted in the features of the protocol support and the supported transparencies. The GIF, as specified here, defines: ? support for computational operations, but not for streams; ? support using stub, binder and protocol objects hierarchically, such that any interaction at the interworking reference point of the supporting protocol object supports liaisons of one of those objects or of the basic engineering object, and any interaction to support those liaisons is passed via that interworking reference point; and ? interactions at a single interworking reference point, from the perspective of one side; interceptors are not explicitly considered; NOTE 1 ? It is intended that the GIF could be extended, in a future amendment, to support streams and flows. The present specification is restricted to areas that are technically stable. The GIF supports at least some forms of: ? access transparency; and ? location transparency. The GIF as specified here also supports a limited equivalent of relocation transparency. Other transparencies are not addressed in this present specification. NOTE 2 ? It is intended that the GIF could be extended, in future amendments, to support additional transparencies. The GIF does not explicitly model Quality of Service requirements. The application of security-related issues to the GIF are not included in the current text and are for further study. The set of mappings to particular protocols specified in annexes to this Recommendation | International Standard is not exhaustive. The GIF could be mapped to other protocols. NOTE 3 ? In particular, a mapping to the DCOM protocol family would be a candidate for an additional annex.
- Standard29 pagesEnglish languagesale 15% off
- Standard30 pagesFrench languagesale 15% off
This Recommendation I International Standard: defines a general framework for context-relative naming, refining and elaborating on the naming concepts defined in Part 2 of the ODP-RM; identifies and characterizes functions necessary to handle names in the context of a federation of different naming systems; and clarifies the relationship between the concepts of name management (i.e. federation and naming) in distributed computing systems. It provides a general framework for the naming of entities of interest in ODP systems, which includes naming in the infrastructure of an ODP system, naming in the applications built on the infrastructure, and naming in the enterprise the system serves.
- Standard25 pagesEnglish languagesale 15% off
- Standard26 pagesFrench languagesale 15% off
Interface references are crucial to interworking between ODP systems and federation of groups of ODP systems. An interface reference embodies the information needed to establish bindings, including binding to objects at nodes that support several different communication protocols and binding to objects in different management domains. An interface reference further embodies the information required for the engineering mechanism to maintain bindings between computational objects in the presence of distribution transparencies such as migration transparency. They are the foundation of ODP location and relocation transparency. This Recommendation | International Standard includes: · a framework for binding interfaces and a generic binding protocol (for both stream and operational interfaces); · a specification of the generic information structure of interface references (for both stream and operational interfaces); · representation(s) for interface references when transferred using standardized protocols; · identification of procedures for the management and transfer of interface references with respect to individual transparencies; · identification of node management interfaces related to binding and federation which create or transform interface references; · identification of requirements for quality of service information and for invocation of QoS or related measurement procedures. This Recommendation | International Standard provides an engineering description of the functionality needed to support the computational binding of objects in ODP systems. Security and support for group communication are important issues, but not within the scope of this Recommendation | International Standard. 1.2 Field of Application This Recommendation | International Standard enables interworking between ODP systems.
- Standard31 pagesEnglish languagesale 15% off
- Standard33 pagesFrench languagesale 15% off
The scope of this Recommendation | International Standard is: ? an enterprise specification for the trading function; ? an information specification for the trading function; ? a computational specification for traders (i.e. objects providing the trading function); ? conformance requirements in terms of conformance points. It is not a goal of this Recommendation | International Standard to state how the trading function should be realized. Therefore this Recommendation | International Standard does not include an engineering specification. The field of application for this Recommendation | Intenational Standard is any ODP system in which it is required to introduce and discover services incrementally, dynamically and openly.
- Standard80 pagesEnglish languagesale 15% off
- Standard82 pagesFrench languagesale 15% off
This Specification describes how the ODP Trading Function can be realised using information entries and support mechanisms of the OSI Directory. This Specification is to be used in conjunction with the ODP Trading Function Standard (ITU-T Rec. X.950 | ISO/IEC 13235-1). If there are any discrepancies between the prescriptive statements in ITU-T Rec. X.950 | ISO/IEC 13235-1 and those in this Specification, the prescriptive statements in ITU-T Rec. X.950 | ISO/IEC 13235-1 take precedence. The scope of this Specification is: ? standardised templates for Trading Function information objects in the DIT; ? descriptions of mapping of Trading Function operations to appropriate Directory operations; ? description of use of other Directory features to provide the support mechanisms for implementing the ODP Trading Function. This Specification does not prescribe that a trader must be engineered by using OSI Directory. But if OSI Directory is used, this Specification defines standardised templates for information entries (e.g. service offer and link information objects) in the Directory DIT. This Specification does not put any restrictions on where these entries are placed in the Directory DIT. That is, this Specification does not standardise any structure rules. This Specification does describe a mechanism to provide the Trading Function using OSI Directory. The field of application of this Specification is for the construction of the ODP Trading Function using the OSI Directory, when required.
- Standard49 pagesEnglish languagesale 15% off
- Standard52 pagesFrench languagesale 15% off
ISO/IEC 19944:2017 - extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services, - describes the various types of data flowing within the devices and cloud computing ecosystem, - describes the impact of connected devices on the data that flow within the cloud computing ecosystem, - describes flows of data between cloud services, cloud service customers and cloud service users, - provides foundational concepts, including a data taxonomy, and - identifies the categories of data that flow across the cloud service customer devices and cloud services. ISO/IEC 19944:2017 is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of data flows between devices and cloud services.
- Standard42 pagesEnglish languagesale 15% off
ISO/IEC 20933:2016 specifies: 1) an ID triggered modular access system, the functions of the modules and the messages they exchange, and the sequence of messages, i.e. transitions of the transaction; 2) the system responsibility from receiving an access request until sending the result. i.e. a complete transaction; 3) the responsibilities of the modules, including time stamping and responding to the requests they received; and 4) the sequence and semantics of the messages and their elements.
- Standard14 pagesEnglish languagesale 15% off
- Standard14 pagesEnglish languagesale 15% off
ISO/IEC 17826:2012 specifies the interface to access cloud storage and to manage the data stored therein. It is applicable to developers who are implementing or using cloud storage.
- Standard224 pagesEnglish languagesale 15% off
ISO/IEC 17203:2011 specifies an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.
- Standard37 pagesEnglish languagesale 15% off