InfoCloud

Welcome to InfoCloud
|
Change Text Size: A A A
繁體
简体
|

Welcome to InfoCloud
|
Change Text Size: A A A
繁體
简体
|

Change Text Size: A A A
繁體
简体

Latest News

15 Dec 2017
Speech by Ms. Joyce Mok, Acting Deputy Government Chief Information Officer, at the "第六屆粵港雲計算大會暨第一屆粵港澳大灣區ICT大會" (Chinese only)
28 Sep 2017
Opening Keynote Address by Ir Allen Yeung, JP, Government Chief Information Officer, at the “CAHK Business Luncheon Series 2017 - FinTech Forum - Topic: Secured Cloud Unified Communications Enabled Financial Services On The Go
24 May 2017
Speech by Ir. Allen Yeung, JP, Government Chief Information Officer, at “Cloud Expo Asia 2017– Information Security Summit
24 May 2017
Speech by Ir. Allen Yeung, JP, Government Chief Information Officer, at “Cloud Expo Asia 2017”
16 Dec 2016
Speech by Ir. Allen Yeung, JP, Government Chief Information Officer, at the “5th Guangdong-Hong Kong Cloud Computing Conference” (Chinese only)
16 Dec 2016
Keynote Speech by Mr. Boer Chan, Chief Systems Manager at the "5th Guangdong-Hong Kong Cloud Computing Conference" (Chinese only)
18 May 2016
Speech by Mr Victor Lam, JP, Acting Government Chief Information Officer at "Cloud Expo Asia"
18 Dec 2015
Opening Speech by Mr. Gary Lai, Assistant Government Chief Information Officer (Industry Facilitation) at “The CCSIG Executive Cloud Forum 2015”
03 Dec 2015
An Overview of ISO/IEC 27000 family of Information Security Management System Standards (PDF) (Updated)
17 Oct 2015
Speech by Ir. Allen Yeung, Government Chief Information Officer, at the "Hong Kong/Mainland Internet Industry Exchange Dinner" (Chinese only)
21 Aug 2015
Speech by Mr. Gary Lai, Assistant Government Chief Information Officer (Industry Facilitation) at the Seminar of "Cloud Computing for SMEs" (Chinese only)
23 Jul 2015
Speech by Ir. Allen Yeung, Government Chief Information Officer, at the "DatacenterDynamics Conference Hong Kong 2015"
10 Jul 2015
Speech by Ir. Allen Yeung, Government Chief Information Officer, at the "Cloud Tech Forum"

Related Sites

YueGang portal of cloud computing and information resource

Home > Cloud Service Providers > Related Technical Standards

Technical Standards Relevant to Cloud Computing

Standard	Description	Standard Status
Cloud Application Management for Platforms (CAMP), developed by Organisation for the Advancement of Structured Information Standards (OASIS)	CAMP will leverage similarities between commercial and open-source PaaS products to produce a simple API that is language-, framework-, and platform-agnostic. Using CAMP, companies will be able to migrate their cloud applications from one PaaS vendor to another by mapping the requirements of applications to the specific capabilities of the underlying platform.	Cloud Application Management for Platforms Version 1.1
Cloud computing framework for end to end resource management (ITU-T Y.3520), developed by International Telegraph Union -Telecommunication Standardization Sector (ITU-T)	Recommendation ITU-T Y.3520 presents general concepts of end-to-end resource management in cloud computing; a vision for adoption of cloud resource management in a telecommunication-rich environment; and multi-cloud, end-to-end resource management for cloud services, i.e., management of any hardware and software used in support of the delivery of cloud services.	ITU-T Y.3520 Recommendation
Cloud computing infrastructure requirements (ITU-T Y.3510), developed by International Telegraph Union -Telecommunication Standardization Sector (ITU-T)	Recommendation ITU-T Y.3510 provides requirements for cloud computing infrastructure; these include the essential capabilities for computing, storage and network resources, as well as the capabilities of resource abstraction and control.	ITU-T Y.3510 Recommendation
Cloud Data Management Interface (CDMI), developed by Storage Networking Industry Association (SNIA)	CDMI defines the functional interface that applications will use to create, retrieve, update and delete data elements from the Cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface.	Cloud Data Management Interface, v1.1.1 (SNIA Technical Position, ISO/IEC 17826:2016)
Cloud Infrastructure Management Interface (CIMI), developed by Distributed Management Task Force (DMTF)	CIMI (ISO/IEC 19831:2015) describes the model and protocol for management interactions between a cloud Infrastructure as a Service (IaaS) Provider and the Consumers of an IaaS service. The basic resources of IaaS (machines, storage, and networks) are modeled with the goal of providing Consumer management access to an implementation of IaaS and facilitating portability between cloud implementations that support the specification.	Cloud Infrastructure Management Interface, v2.0.0, Cloud Infrastructure Management Interface, v1.1.0 (ISO/IEC 19831:2015)
IEEE P2301 — Guide for Cloud Portability and Interoperability Profiles (CPIP), developed by Institute of Electrical and Electronic Engineers Standards Association (IEEE-SA)	The purpose of this guide is to assist cloud computing vendors and users in developing, building, and using standards-based cloud computing products and services, which should lead to increased portability, commonality, and interoperability.	Active Project
IEEE P2302 — Standard for Intercloud Interoperability and Federation (SIIF), developed by Institute of Electrical and Electronic Engineers Standards Association (IEEE-SA)	This standard provides for a dynamic infrastructure that can support evolving business models amongst cloud providers to ensure interoperability between cloud services.	Active Project
ISO/IEC 17788 Cloud computing — Overview and Vocabulary, developed by International Organization for Standardization (ISO)	ISO/IEC 17788 provides an overview of Cloud Computing along with a set of terms and definitions. It is a terminology foundation for the cloud computing standardisation work.	ISO/IEC 17788:2014 (ISO Standard)
ISO/IEC 17789 Cloud Computing — Reference Architecture, developed by International Organization for Standardization (ISO)	ISO/IEC 17789 provides an overview of the general concepts and characteristics of Cloud Computing, Cloud Computing types, the components of Cloud Computing, and Cloud Computing actors and the relationships between these elements.	ISO/IEC 17789:2014 (ISO Standard)
ISO/IEC 19086 Cloud Computing — Service level agreement (SLA) framework and terminology, developed by International Organization for Standardization (ISO)	ISO/IEC 19086 provides an overview of SLAs for cloud services, identifies the relationship between the master service agreement and the SLA, addresses SLA concepts and requirements that can be used to build SLAs, and specifies terms and conditions as well as metrics commonly used in SLAs for cloud services.	ISO/IEC 19086-1:2016 (ISO Standard)
ISO 19770-1 IT Asset Management (SAM) — Processes, developed by International Organization for Standardization (ISO)	ISO/IEC 19770-1 specifies requirements for an IT asset management system within the context of the organization. It can be applied to all types of IT assets and by all types and sizes of organizations.	ISO/IEC 19770-1:2017 (ISO Standard)
ISO/IEC 19941 Cloud Computing -- Interoperability and Portability, developed by International Organization for Standardization (ISO)	ISO/IEC 19941 specifies cloud computing interoperability and portability types, the relationship and interactions between these two aspects, and common terminology and concepts used to discussing interoperability and portability and particularly relating to cloud services.	ISO/IEC 19941:2017 (ISO Standard)
ISO/IEC 19944 Cloud Computing -- Cloud Services and Devices: Data Flow, Data Categories and Data Use, developed by International Organization for Standardization (ISO)	ISO/IEC 19944 provides vocabulary and reference to describe and ecosystem involving devices using cloud services and, describes the various types of data flowing within the devices and cloud computing ecosystem.	ISO/IEC 19944:2017 (ISO Standard)
ISO 20000-1 Service management - Part 1: Service management system requirements, developed by International Organization for Standardization (ISO)	ISO/IEC 20000-1 includes the design, transition, delivery and improvement of services that fulfill service requirements and provide value for both the customer and the service provider. This part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, review, maintains and improves a service management system (SMS).	ISO/IEC 20000-1:2011 (ISO Standard)
ISO 31000 Risk management - Principles and guidelines, developed by International Organization for Standardization (ISO)	The purpose of ISO 31000 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.	ISO 31000:2009 (ISO Standard)
ISO 9001 Quality management systems — Requirements, developed by International Organization for Standardization (ISO)	ISO 9001 is the internationally recognised standard for the quality management of businesses. It applies to the processes that create and control the products and services an organisation supplies It prescribes systematic control of activities to ensure that the needs and expectations of customers are met It is designed and intended to apply to virtually any product or service, made by any process anywhere in the world.	ISO 9001:2015 (ISO Standard)
Job Submission Definition Language (JSDL) , developed by Open Grid Forum	JSDL defines an extensible XML schema relevant to computational data processing and job submission, including provisioning of input data and retrieval of results. The basic specification is often supplemented in actual use with specific profiles and extensions provided for by the standard.	JSDL v1.0 (OGF Full Recommendation / final standard)
Open Cloud Computing Interface (OCCI) , developed by Open Grid Forum	The Open Cloud Computing Interface is a RESTful boundary protocol and API that acts as a service front-end to a provider's internal management framework. OCCI describes APIs that enable cloud service providers to expose their services. It allows the deployment, monitoring and management of virtual workloads (like virtual machines), but is applicable to any interaction with a virtual cloud resource through defined http(s) header fields and extensions. OCCI endpoints can function either as service providers or service consumers, or both.	GFD.221: Open Cloud Computing Interface – Core GFD.222: OCCI Compute Resource Templates Profile GFD.223: Open Cloud Computing Interface – HTTP Protocol GFD.224: Open Cloud Computing Interface – Infrastructure GFD.226: Open Cloud Computing Interface – JSON Rendering GFD.227: Open Cloud Computing Interface – Platform GFD.228: Open Cloud Computing Interface – Service Level Agreements GFD.229: Open Cloud Computing Interface – Text Rendering
Server Management Command Line Protocol (SM CLP), developed by Distributed Management Task Force (DMTF)	DMTF's Systems Management Architecture for Server Hardware (SMASH) standard is a suite of specifications that deliver architectural semantics, industry standard protocols and profiles to unify the management of the data centre. The SMASH Server Management (SM) Command Line Protocol (CLP) specification enables simple and intuitive management of heterogeneous servers in the data centre. SMASH takes full advantage of the DMTF's Web Services for Management (WS-Management) specification - delivering standards-based Web services management for server environments. Both provide server management independent of machine state, operating system state, server system topology or access method, facilitating local and remote management of server hardware. SMASH also includes the SM Managed Element Addressing Specification, SM CLP-to-CIM Mapping Specification, SM CLP Discovery Specification, SM Profiles, as well as a SM CLP Architecture White Paper.	DSP0214 (DMTF Standard) ISO/IEC 13187:2011 (ISO Standard)
Service-oriented Cloud Computing Infrastructure (SOCCI) Framework, developed by The Open Group	Developed by The Open Group SOA and Cloud Work Groups, SOCCI is the realisation of an enabling framework of service-oriented components for infrastructure to be provided as a service in SOA solutions and the cloud. Using SOCCI, organisations can incorporate Cloud-based resources and services into their infrastructure for increased agility and scale, and lower maintenance costs.	Open Group SOCCI
Service Provisioning Markup Language (SPML) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	SPML is an XML-based framework for exchanging user, resource and service provisioning information between cooperating organisations. The goal of SPML is to allow organisations to securely and quickly set up user interfaces for Web services and applications, by letting enterprise platforms such as Web portals, application servers, and service centres generate provisioning requests within and across organisations.	SPML v2.0 (OASIS Standard)
Symptoms Automation Framework (SAF) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	The Symptoms Automation Framework (SAF) is architecture for enabling interoperable diagnosis and treatment of complex systems. The architecture is implementation agnostic yet it supports both stateful or real-time processing and postmortem diagnostics.	SAF v1.0 (OASIS Standard)
Topology and Orchestration Specification for Cloud Applications (TOSCA), developed by Organisation for the Advancement of Structured Information Standards (OASIS)	TOSCA will enable the interoperable description of application and infrastructure cloud services, the relationships between parts of the service, and the operational behavior of these services (e.g., deploy, patch, shutdown)--independent of the supplier creating the service, and any particular cloud provider or hosting technology.	TOSCA v1.0 (OASIS Standard)
Usage Record (UR) , developed by Open Grid Forum	The Usage Record standard establishes an XML format for exchange of accounting and service usage data in cloud and grid transactions. The format is intended for exchange of data across arbitrary systems at a level of granularity sufficient to merit reporting of computational time, network transactions, or storage. It is oriented toward use in contexts that can aggregate the usage results separately.	Usage Record (UR): GFD.98 (OGF Proposed Recommendation)
Web Services Agreement Negotiation Specification (WS-Agreement Negotiation) , developed by Open Grid Forum	Defines an offer/counter offer model for dynamic exchange of information between a negotiation initiator and responder. Rounds of negotiation are modeled as a rooted tree with defined states: Advisory, Solicited, Acceptable, and Rejected. Extends WS-Agreement, which provides the XML-formatted machine readable agreement format, to enable negotiation of parameters of existing agreements.	GFD.193: WS-Agreement Negotiation (OGF Proposed Recommendation)
Web Services Agreement Specification (WS-Agreement) , developed by Open Grid Forum	WS-Agreement standardises the terminology, concepts, overall structure and a set of port types and operations for creation, expiration and monitoring of agreements, including WSDL needed to express the message exchanges and resources needed to express the state. Both SOAP-based implementations using WSDL and REST-based implementations exist. Applicable to general machine-readable expression of service agreements, including Service Level Agreements (SLAs).	GFD.192: WS-Agreement (OGF Full Recommendation)

Standard	Description	Standard Status
Web Services Addressing (WS-Addressing) , developed by World Wide Web Consortium (W3C)	WS-Addressing provides transport-neutral mechanisms to address Web services and messages.	WS-Addressing 1.0 Core WS-Addressing 1.0 SoapBinding WS-Addressing 1.0 Metadata (W3C Recommendation)
Web Services Description Language (WSDL) , developed by The World Wide Web Consortium (W3C)	WSDL is an XML language for describing Web services. WSDL defines the core language which can be used to describe Web services based on an abstract model of what the service offers. It also defines the conformance criteria for documents in this language. Bindings are used to attach a specific protocol or data format or structure to an abstract message, operation, or endpoint. In practical use, attention must be paid to the differences between versions. Although WSDL 1.1 never achieved full W3C Recommendation status, it achieved wide deployment and was incorporated into many web-services-related toolkits and profiles. For further information on practical use, see the information in the WS-Interoperability Basic Profile component descriptions.	WSDL 2.0: W3C recommendation
Web Services Interoperability Basic Profile 2.0, 1.2 and 1.1, developed by The Web Services Interoperability Organisation (WS-I)	It provides a profile to resolve intentional ambiguities and alternatives among implementation guidelines for underlying standards including SOAP, WSDL and UDDI and their related namespaces and transport levels. This profile provides a foundation for use of these standards in web services environments. The differences between underlying standard versions (for example, between SOAP 1.1 and SOAP 1.2) necessitate unique requirements and/or restrictions that are explained in the profile reference. WS-I BP profiles are matched to their corresponding underlying standards versions and care should be taken to use the appropriate profile. The Web Services Interoperability Organization (WS-I) has transitioned its assets, operations, and mission into a Member Section of OASIS (Organization for the Advancement of Structured Information Standards)	WS-I Basic Profile 2.0 WS-I Basic Profile 1.2 WS-I Basic Profile 1.1 (WS-I Final Material)
Web Services Policy (WS-Policy) , developed by World Wide Web Consortium (W3C)	WS-Policy defines a framework for allowing web services to express their constraints and requirements. Such constraints and requirements are expressed as policy assertions.	Web Services Policy 1.5 - Framework (W3C Recommendation)
Web Services Reliable Exchange (WS-RX) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	The WS-RX TC defines a protocol for reliable message exchanges between two web services	ws-ReliableMessaging-V1.2 ws-ReliableMessagingPolicy-v1.2 ws-MakeConnection-v1.1 (OASIS Standards)
Web Services Resource Access (WS-RA) , developed by World Wide Web Consortium (W3C)	WS-RA defines SOAP-based mechanisms for interacting with the XML representation behind a resource-oriented Web Service, accessing metadata related to that service, as well as a mechanism to subscribe to events related to that resource.	WS-Transfer WS-Fragment WS-Metadata Exchange WS-Eventing WS-Event Descriptions WS-Enumeration WS-SOAP Assertions (W3C Candidate Recommendation)
Web Services Resource Framework, developed by Organisation for the Advancement of Structured Information Standards (OASIS)	WSRF provides a family of web-services related specifications that define a framework for modeling and accessing stateful resources. It contains and comprises the WS-Resource, WS-ResourceProperties. WS-ResourceLifetime, WS-ServiceGroup and WS-BaseFaults specifications.	WSRF 1.2,(OASIS Standard)
Web Services Secure Exchange (WS-SX) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	The WS-SX TC defines extensions to OASIS Web Services Security to enable trusted SOAP message exchanges involving multiple message exchanges and to define security policies that govern the formats and tokens of such messages.	ws-secureconversation-1.4 ws-securitypolicy-1.3 ws-trust-1.4 (OASIS Standards)
Web Services Security (WSS) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	The work of the WSS TC forms the necessary technical foundation for higher-level security services which are to be defined in other specifications.	WS-Security Core Specification 1.1 Username Token Profile 1.1 SAML Token Profile 1.1 X.509 Token Profile 1.1 Kerberos Token Profile 1.1 Rights Expression Language (REL) Token Profile 1.1 SOAP with Attachments (SWA) Profile 1.1 (OASIS Standards)
Web Services Transaction (WS-TX) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	The WS-TX TC defines a set of protocols to coordinate the outcomes of distributed application actions.	WS-Coordination v1.2 WS-AtomicTransaction v1.2 WS-BusinessActivity v1.2 (OASIS Standards)

Standard	Description	Standard Status
Cloud Controls Matrix (CCM) , developed by Cloud Security Alliance (CSA)	The CSA CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.	CCM v3.0.1
Common vulnerabilities and exposures, developed by ITU-T Q4/17	It identifies high level requirements for enumerating common vulnerabilities that can be used to exchange continuous monitoring cybersecurity information.	X.1520 (Recommendation)
Common vulnerability scoring system, developed by ITU-T Q4/17	It is a vulnerability scoring system designed to provide a method for rating IT vulnerabilities in a manner that helps organisations prioritize and coordinate a joint response to security cloud computing vulnerabilities by communicating the properties of the vulnerability.	X.1521 (Recommendation)
eXtensible Access Control Markup Language (XACML) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	XACML is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies. XACML offers a vocabulary for expressing the rules needed to define an organisation's security policies and make authorization decisions. XACML has two basic components: (1) an access-control policy language that lets developers specify the rules about who can do what and when; (2) a request/response language that presents requests for access and describes the answers to those queries.	XACML v3.0 (OASIS Standard)
Identity in the Cloud Use Cases, developed by Organisation for the Advancement of Structured Information Standards (OASIS)	Use cases that examine the requirements on identity management functions as they are applied to cloud based interactions using commonly defined cloud deployment and service models.	Identity in the Cloud Use Cases Version 1.0
Information security management systems — Requirements (ISO/IEC 27001) , developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)	ISO/IEC 27001 is an information security management system (ISMS) standard with the latest version published in September 2013. ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organisations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard.	ISO/IEC 27001:2013 (ISO Standard)
ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services, developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)	ISO/IEC 27017 provides guidance on the information security elements/aspects of cloud computing, recommending cloud-specific information security controls supplementing those recommended by ISO/IEC 27002.	ISO/IEC 27017:2015 (ISO Standard)
ISO/IEC 27018 — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)	ISO/IEC 27018 provides guidance aimed at ensuring that cloud computing services incorporate suitable information security controls to protect the privacy of PII (Personally Identifiable Information) entrusted to them by customers.	ISO/IEC 27018:2014 (ISO Standard)
ISO/IEC WD 27036-4 — Guidelines for security of Cloud services, developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)	ISO/IEC WD 27036-4 provides guidance to cloud service acquirers and suppliers in order to improve the security of cloud services by increasing acquirers’ understanding of the information security risks associated with cloud services, and enabling cloud service providers to assure acquirers that they have identified and managed information security risks in the services.	ISO/IEC 27036-4:2016 (ISO Standard)
ISO/IEC 27040 — Storage security, developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)	ISO/IEC 27040 seeks to provide detailed technical guidance on the protection of information where it is stored, and guidance to the security of the information being transferred across the communication links.	ISO/IEC 27040:2015 (ISO Standard)
Key Management Interoperability Protocol (KMIP) , developed by OASIS Key Management Interoperability Protocol (KMIP) TC	OASIS KMIP defines a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. By removing redundant, incompatible key management processes, KMIP will provide better data security while at the same time reducing expenditures on multiple products. The KMIP specification covers both the syntax for encoding key data and the protocols/APIs of how client interacts with server to perform key management related tasks using these encoded messages.	KMIP 1.4 (OASIS Committee Note)
OAuth (Open Authorization Framework) , developed by OAuth working group within the IETF	OAuth is an open framework for authorization. It allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically username and password.	OAuth 2.0 (Standard/RFC 6749)
Open Certification Framework , developed by Cloud Security Alliance (CSA)	The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.	Open Certification Framework
OpenID Authentication, developed by Open ID community of developers	OpenID is an open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.	OpenID Authentication 2.0 (Final Specification)
PCI Data Security Standard (PCI DSS) , developed by PCI Security Standards Council	PCI Data Security Standard (PCI DSS) provides an actionable framework for developing a robust payment card data security process - including prevention, detection and appropriate reaction to security incidents.	PCI DSS v3.2 (Standard)
Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) , TLS is developed by IETF, SSL specifications are developed by Netscape Corporation	Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that "provide communications security over the Internet". TLS and SSL encrypt the segments of network connections above the Transport Layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.	SSL v3.0, TLS v1.2 (Standard/RFC 6176)
Security Assertion Markup Language (SAML) , developed by OASIS Security Services TC	SAML specification defines the syntax and semantics for XML-encoded assertions about authentication, attributes, and authorization, and for the protocols that convey this information. The SAML specification covers both the syntax for encoding security assertions (for attribute, authentication and authorization) and the protocols/APIs of how these assertion messages can be exchanged.	SAML 2.0 (OASIS Standard)
Security Content Automation Protocol (SCAP) , developed by National Institute of Standards and Technology (NIST)	Provides guidelines for the development of a continuous monitoring program that provides visibility into organisational assets, awareness of threats and vulnerabilities as well as the effectiveness of security controls.	SCAP Version 1.2
Security framework for cloud computing (X.1601), developed by International Telegraph Union, developed by Telecommunication Standardization Sector (ITU-T)	Recommendation ITU-T X.1601 describes the security framework for cloud computing. The Recommendation analyses security threats and challenges in the cloud computing environment, and describes security capabilities that could mitigate these threats and address security challenges.	ITU-T X.1601-2015 (Recommendation)
Trusted Cloud Initiative (TCI) Reference Architecture, developed by Cloud Security Alliance (CSA)	The Trusted Cloud Initiative Reference Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.	TCI Reference Architecture v1.0
Trusted Multi-Tenant Infrastructure (TMI) Use Cases, developed byTrusted Computing Group (TCG)	The TMI use case document describes the foundational relationships between various components within a shared infrastructure environment and how they interact.	Trusted Multi-Tenant Infrastructure (TMI) Use Cases V1.1
Trusted Multi-Tenant Infrastructure (TMI) Reference Framework, developed byTrusted Computing Group (TCG)	The TMI Reference Framework describes a broad set of foundational principles and requirements as well as a library of re-usable patterns where TCG technology may be applied between components in an enterprise context.	Trusted Multi-Tenant Infrastructure (TMI) Reference Framework
Web Services Interoperability Basic Security Profile 1.1 and 1.0, developed by The Web Services Interoperability Organisation (WS-I)	It defines an interoperability specification related to transport-level security, integrity and confidentiality of SOAP-based message-level communication. The primary focus is on routing of messages without requiring decryption for secure communication at the message level. Additional recommendations for transport-level security using http over TLS or SSL are also included, but are not stated as requirements.	WS-I Basic Security Profile 1.1 WS-I Basic Security Profile 1.0 (WS-I Final Material)
X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile (RFC3820) , developed by Internet Engineering Task Force (IETF)	It defines a standard method of production for proxy certificates, including the ability to support extended attribute certificates conforming to an external profile. Such certificates can be used to convey delegation information and policy restrictions for use of PKI-based credentials in remote settings.	RFC 3820 (Standard/RFC)
XML Encryption Syntax and Processing, developed by World Wide Web Consortium (W3C)	The mission is to develop a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it.	XML Encryption Syntax and Processing v1.1(W3C Recommendation)
XML signature (XMLDSig) , developed by World Wide Web Consortium (W3C)	XML signatures can be used to sign data–a resource–of any type, typically XML documents, but anything that is accessible via a URL can be signed. An XML signature used to sign a resource outside its containing XML document is called a detached signature; if it is used to sign some part of its containing document, it is called an enveloped signature; if it contains the signed data within itself it is called an enveloping signature.	XML signature v2 (W3C Recommendation)

Standard	Description	Standard Status
Directory Services Markup Language (DSML) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	DSML is a markup language for representing directory services in XML. DSML helps XML-based applications make better use of directories. With a recognized standard, applications can be written to make use of DSML and capture the scalability, replication, security and management strengths of directory services. With a DSML standard, any XML-based application will be able to leverage directory information expressed as XML.	Directory Services Markup Language v2.0
Electronic Business using eXtensible Markup Language (ebXML) , developed by Organisation for the Advancement of Structured Information Standards (OASIS) and UN/CEFACT	ebXML is a family of XML based standards to provide an open, XML-based infrastructure that enables the global use of electronic business information in an interoperable, secure, and consistent manner by all trading partners.	ISO 15000-1, ISO 15000-2, ISO 15000-3, ISO 15000-4, ISO 15000-5 (ISO Standard)
Extensible Markup Language (XML) , developed by World Wide Web Consortium (W3C)	XML is a set of rules for encoding documents in machine-readable form. XML's design goals emphasize simplicity, generality, and usability over the Internet. It is a textual data format with strong support via Unicode for the languages of the world. Although the design of XML focuses on documents, it is widely used for the representation of arbitrary data structures, for example in web services.	XML v1.1 2nd ed (W3C Recommendation)
HyperText Markup Language (HTML) , developed by World Wide Web Consortium (W3C)	HTML is the predominant markup language for web pages. A markup language is a set of markup tags, and HTML uses markup tags to describe web pages.	HTML5.2 (W3C Recommendation)
JavaScript Object Notation (JSON) , developed by Developed By State Software	JSON is a lightweight text-based open standard designed for human-readable data interchange. It is derived from the JavaScript programming language for representing simple data structures and associative arrays, called objects. Despite its relationship to JavaScript, it is language-independent, with parsers available for virtually every programming language.	JSON RFC4627 (Standard/RFC 4627)
Open Virtualisation Format (OVF) , developed by Distributed Management Task Force (DMTF)	OVF is a packaging standard designed to address the portability and deployment of virtual appliances. OVF enables simplified and error-free deployment of virtual appliances across multiple virtualisation platforms. OVF is a common packaging format for independent software vendors (ISVs) to package and securely distribute virtual appliances, enabling cross-platform portability. By packaging virtual appliances in OVF, ISVs can create a single, pre-packaged appliance that can run on customers’ virtualisation platforms of choice.	OVF v1.1.0 (DMTF Standard, ISO/IEC 17203:2011); OVF v2.1.0 (DMTF Standard)
Simple Object Access Protocol (SOAP) , developed by The XML Protocol Working Group of the World Wide Web Consortium (W3C)	SOAP is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. SOAP can form the foundation layer of a web services protocol stack, providing a basic messaging framework upon which web services can be built. SOAP is a strongly-typed variant of XML-based communication that provides a full description of the required actions taken by a SOAP node on receiving a SOAP message. To resolve ambiguities inherent in the specification, this protocol is generally used according to specific restrictions and clarifications encoded into externally documented profiles. (The use of SOAP in web services settings, for example, is carried out in the context of the WS-Interoperability Basic Profile.)	SOAP v1.1, SOAP v1.2 (W3C Recommendation)
XML Path Language (XPath) v1.0, 2.0 and v3.1, developed by World Wide Web Consortium (W3C)	XPath is a language for addressing parts of an XML document. It is based on a tree representation and provides methods to navigate, select nodes from, and perform manipulations on the tree elements.	XPath v1.0, XPath v2.0, XPath v3.1 (W3C Recommendations)

Standard	Description	Standard Status
Domain Name System (DNS) , developed by Internet Engineering Task Force (IETF)	DNS is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.	RFC 1034, RFC 1035 (Standard/RFC)
Extensible Messaging and Presence Protocol (XMPP) , developed by Internet Engineering Task Force (IETF)	XMPP is an open-standard communications protocol for message-oriented middleware based on XML (Extensible Markup Language). The protocol was originally named Jabber, and was developed by the Jabber open-source community in 1999 for near-real-time, extensible instant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has also been used for publish-subscribe systems; signaling for VoIP, video, and file transfer; gaming; Internet of things applications such as the smart grid; and social networking services.	RFC 6120, RFC 6121, RFC 3922, RFC 3923, RFC 4622, RFC 4854, RFC 4979 (Standard/RFC)
File Transfer Protocol (FTP) , developed by Internet Engineering Task Force (IETF)	FTP is a standard network protocol used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it.	FTP, RFC 959 (Standard/RFC)
GridFTP: Protocol Extensions to FTP for the Grid, developed by Open Grid Forum	Extends the FTP-related IETF RFC 959, RFC 2228 and RFC 2389 standards to include strong authentication protocols, third-party control of data transfer, multiple TCP streams between 2 network endpoints, (including cases in which the number of sending and receiving nodes are different), partial file transfer, manual or automatic control of TCP buffer/window sizes, support for reliable and restartable data transfer, and integrated instrumentation.	GridFTP: GFD.20 (OGF Full Recommendation / final standard)
Hypertext Transfer Protocol (HTTP) , developed by Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C)	The Hypertext Transfer Protocol (HTTP) is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web	HTTP v1.1, RFC 2616 (Standard/RFC)
Open Data Protocol (OData) , developed by Organisation for the Advancement of Structured Information Standards (OASIS)	The Open Data Protocol (OData) enables the creation of REST-based data services, which allow resources, identified using Uniform Resource Locators (URLs) and defined in an Entity Data Model (EDM), to be published and edited by Web clients using simple HTTP messages.	OData 4.0 (OASIS Standard)
Session Initiation Protocol (SIP) , developed by Internet Engineering Task Force (IETF)	The Session Initiation Protocol (SIP) is a signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol (IP). The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions. Sessions may consist of one or several media streams. Other SIP applications include video conferencing, streaming multimedia distribution, instant messaging, presence information, file transfer and online games.	RFC 3261 (Standard/RFC)
Simple Mail Transfer Protocol (SMTP) , developed by Internet Engineering Task Force (IETF)	Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks.	RFC 5321 (Standard/RFC)
The Internet Protocol Suite (TCP/IP) , developed by Internet Engineering Task Force (IETF)	The Internet Protocol Suite is the set of communications protocols used for the Internet and other similar networks. It is commonly also known as TCP/IP, named from two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were the first two networking protocols defined in this standard.	RFC 675, RFC 1180 (Standard/RFC)