Cloud computing

This document establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples. This document establishes a common terminology and approach for specifying metrics.
This document is for the benefit of and use for both cloud service providers (CSPs) and cloud service customers (CSCs). This document is intended to complement ISO/IEC 19086-1, ISO/IEC 19086-3 and ISO/IEC 19086-4.
This document does not mandate the use of a specific set of metrics for cloud SLAs

ISO/IEC 19086-3 specifies the core conformance requirements for service level agreements (SLAs) for cloud services based on ISO/IEC 19086‑1 and guidance on the core conformance requirements. This document is for the benefit of and use by both cloud service providers and cloud service customers.
ISO/IEC 19086-3 does not provide a standard structure that would be used for cloud SLAs.
 
The standard can be bought here: https://www.iso.org/standard/67547.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:19086:-3:ed-1:v1:en

ISO/IEC 19941 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services.
ISO/IEC 19941 is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086‑1, ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in ISO/IEC 17788 and ISO/IEC 17789 respectively.
The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs, CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding of interoperability and portability for their specific needs. This common understanding helps to achieve interoperability and portability in cloud computing by establishing common terminology and concepts.

ISO/IEC 19944
- extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services,
- describes the various types of data flowing within the devices and cloud computing ecosystem,
- describes the impact of connected devices on the data that flow within the cloud computing ecosystem,
- describes flows of data between cloud services, cloud service customers and cloud service users,
- provides foundational concepts, including a data taxonomy, and
- identifies the categories of data that flow across the cloud service customer devices and cloud services.
ISO/IEC 19944 is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of data flows between devices and cloud services.

This document provides guidance on the use of international standards as a tool in the development of those policies that govern or regulate cloud service providers (CSPs) and cloud services, and those policies and practices that govern the use of cloud services in organisations.
This includes material that explains cloud computing concepts and the role of cloud computing international standards in formulating policies and practices.
The document makes references to various international standards. Where possible, these standards are ISO/IEC standards. Where a suitable ISO/IEC standard is not available, references are made to documents published by other WTO-registered standards bodies.
As explained in the WTO Agreement on Technical Barriers to Trade (TBT), standards play a vital role in supporting technical regulations and conformity assessment, however this document does not cover matters of trade.

This document describes a framework of trust for the processing of multi-sourced data that includes data use obligations and controls, data provenance, chain of custody, security and immutable proof of compliance as elements of the framework.
 
The standard can be bought here: https://www.iso.org/standard/74844.html
The informative sections of the standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:tr:23186:ed-1:v1:en

ISO/IEC TR 30102 describes the general technical principles underlying Service Oriented Architecture (SOA), including principles relating to functional design, performance, development, deployment and management. It provides a vocabulary containing definitions of terms relevant to SOA.
It includes a domain-independent technical framework, addressing functional requirements and non-functional requirements.
 
The standard can be bought here: https://www.iso.org/standard/53222.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:tr:30102:ed-1:v1:en

This document
- extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services,
- describes the various types of data flowing within the devices and cloud computing ecosystem,
- describes the impact of connected devices on the data that flow within the cloud computing ecosystem,
- describes flows of data between cloud services, cloud service customers and cloud service users,
- provides foundational concepts, including a data taxonomy, and
- identifies the categories of data that flow across the cloud service customer devices and cloud services.
This document is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of data flows between devices and cloud services.
 
Under development

ISO/IEC 18384-2 describes a Reference Architecture for SOA Solutions which applies to functional design, performance, development, deployment and management of SOA Solutions. It includes a domain-independent framework, addressing functional requirements and non-functional requirements, as well as capabilities and best practices to support those requirements.

ISO/IEC 18384-1 establishes vocabulary, guidelines, and general technical principles underlying service oriented architecture (SOA), including principles relating to functional design, performance, development, deployment, and management.

ISO/IEC 17963 describes a Web services protocol based on SOAP for use in management‑specific domains. These domains include the management of entities such as PCs, servers, devices, Web services and other applications manageable entities. Services can expose only a WS-Management interface or compose the WS-Management service interface with some of the many other Web service specifications.
A crucial application for these services is in the area of systems management. To promote interoperability between management applications and managed resources, ISO/IEC PAS 17963 identifies a core set of Web service specifications and usage requirements that expose a common set of operations central to all systems management. This includes the ability to do the following:
a) get, put (update), create, and delete individual resource instances, such as settings and dynamic values;
b) enumerate the contents of containers and collections, such as large tables and logs;
c) subscribe to events emitted by managed resources;
d) execute specific management methods with strongly typed input and output parameters.
In each of these areas of scope, ISO/IEC 17963 defines minimal implementation requirements for conformant Web service implementations. An implementation is free to extend beyond this set of operations, and to choose not to support one or more of the preceding areas of functionality if that functionality is not appropriate to the target device or system.
ISO/IEC 17963 intends to meet the following requirements:
a) constrain Web services protocols and formats so that Web services can be implemented with a small footprint in both hardware and software management services;
b) define minimum requirements for compliance without constraining richer implementations;
c) ensure backward compatibility and interoperability with WS-Management version 1.0;
d) ensure composability with other Web services specifications.
This standard has been developed by the DMTF (see also the DMTF WS-Management Standards Watch link).
 
The standard can be bought here: https://www.iso.org/standard/61138.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:17963:ed-1:v1:en

In addition to interoperability and security that are two recognized key enablers to the development of large IoT systems, a new one is emerging as another key condition of success: virtualization. The deployment of IoT systems will occur not just within closed and secure administrative domains but also over architectures that support the dynamic usage of resources that are provided by virtualization techniques over cloud back-ends.

This new challenge for IoT requires that the elements of an IoT system can work in a fully interoperable, secure and dynamically configurable manner with other elements (devices, gateways, storage, etc.) that are deployed in different operational and contractual conditions. To this extent, the current architectures of IoT will have to be aligned with those that support the deployment of cloud-based systems (private, public, etc.). Moreover, these architectures will have to support very diverse and often stringent non-functional requirements such as scalability, reliability, fault tolerance, massive data, security.

This will require very flexible architectures for the elements (e.g. the application servers) that will support the virtualized IoT services, as well as very efficient and highly modular implementations that will make a massive usage of Open Source components. These architectures and these implementations form a new approach to IoT systems and the solutions that the present document investigates also should be validated: to this extent, a Proof-of-Concept implementation involving a massive number of virtualized elements has been made.