1. CloudAuditA6 Working Group Call
February 12, 2010

2. Agenda
Introducing CloudAudit & A6 Branding
Overview & Working Group Goals (5 Mins)
Introduction of the core team (5 Mins)
Specification/Requirements Discussion (35 Mins)
SafeMashups - Brokering Trust in Clouds (15 Mins)
3. Introducing CloudAudit
A6 The Automated Audit, Assertion, Assessment, & Assurance API
4. Branding/Home/Coverage
Moving to the CloudAudit brand, keeping A6 as a byline Easier to find and understand
Going to 99designs.com for logo development
Migrate Google Groups Members from A6WG to CloudAudit
Call http://www.CloudAudit.org home
Add Wiki/Blog/Code Repository
Plan for official launch shortly
5. Overview of CloudAudit
A Brief Review Of the Effort
6. CloudAudit (A6) Overview
A6 is the geeky byline for the working group of CloudAudit and stands for:Automated Audit, Assertion, Assessment, and Assurance API
The goal of CloudAudit is to provide a common interface that allows Cloud providers to automate the Audit, Assertion, Assessment, and Assurance of their environments and allow authorized consumers of their services to do likewise via an open, extensible and secure API.
7. CloudAudit Overview (Continued)
The goal is to utilize security automation capabilities with existing tools/protocols/frameworks via a standard, open and extensible set of interfaces
Keep it simple, lightweight and easy to implement; offer primitive definitions & language structure using HTTP(S) first at a very basic level (firewall=true or SAS70=false)
Allow for extension and elaboration by providers and choice of trusted assertion validation sources, checklist definitions, etc.
Encourage adoption by driving client usage; providers opt-in. Null returns could be considered non-validated or non-asserted
Do not require adoption of other platform-specific APIs
Provide interfaces to Cloud naming and registry services
8. CloudAudit Core Team
Initial Core Team To Drive Development Of Specifications & Requirements
9. Motivated Interested Parties* ;)
*Does not denote any contractual arrangement or corporate commitment
10. Specifications & Requirements Discussion
Discussing the model and moving forward
11. Lets Revisit OCCI
A Practical Reference
12. 5,000-foot Look at OCCI
GET http://abc.com/uid123foobar/
*
Provider
Instance
*
HTTP LINK header
Compute
*
Storage
*
Links
Network
*
Operations
*
Attributes
OCCI
Atom-like categories
13. REQUEST
Eye-level Look at OCCI
> GET /us-east/webapp/vm01 HTTP/1.1
> User-Agent: occi-client/1.0 (linux) libcurl/7.19.4 OCCI/1.0
> Host: cloud.example.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 10 Oct 2009 12:56:51 GMT
< Content-Type: application/ovf
< Link: ;
< rel="http://purl.org/occi/action/start";
< title="Start"
< Link: ;
< rel="related";
< title="Documentation";
< type="application/pdf"
< Category: compute;
< label="Compute Resource;
< scheme="http://purl.org/occi/kind/"
< Server: occi-server/1.0 (linux) OCCI/1.0
< Connection: close
<
<