CloudAudit A6 Working Group Call February 12, 2010
Nov 29, 2014
2. Agenda
Introducing CloudAudit & A6 Branding
Overview & Working Group Goals (5 Mins)
Introduction of the core team (5 Mins)
Specification/Requirements Discussion (35 Mins)
SafeMashups - Brokering Trust in Clouds (15 Mins)
3. Introducing CloudAudit
A6 The Automated Audit, Assertion, Assessment, & Assurance
API
4. Branding/Home/Coverage
Moving to the CloudAudit brand, keeping A6 as a byline Easier to
find and understand
Going to 99designs.com for logo development
Migrate Google Groups Members from A6WG to CloudAudit
Call http://www.CloudAudit.org home
Add Wiki/Blog/Code Repository
Plan for official launch shortly
5. Overview of CloudAudit
A Brief Review Of the Effort
6. CloudAudit (A6) Overview
A6 is the geeky byline for the working group of CloudAudit and
stands for:Automated Audit, Assertion, Assessment, and Assurance
API
The goal of CloudAudit is to provide a common interface that allows
Cloud providers to automate the Audit, Assertion, Assessment, and
Assurance of their environments and allow authorized consumers of
their services to do likewise via an open, extensible and secure
API.
7. CloudAudit Overview (Continued)
The goal is to utilize security automation capabilities with
existing tools/protocols/frameworks via a standard, open and
extensible set of interfaces
Keep it simple, lightweight and easy to implement; offer primitive
definitions & language structure using HTTP(S) first at a very
basic level (firewall=true or SAS70=false)
Allow for extension and elaboration by providers and choice of
trusted assertion validation sources, checklist definitions,
etc.
Encourage adoption by driving client usage; providers opt-in. Null
returns could be considered non-validated or non-asserted
Do not require adoption of other platform-specific APIs
Provide interfaces to Cloud naming and registry services
8. CloudAudit Core Team
Initial Core Team To Drive Development Of Specifications &
Requirements
9. Motivated Interested Parties* ;)
*Does not denote any contractual arrangement or corporate
commitment
10. Specifications & Requirements Discussion
Discussing the model and moving forward
11. Lets Revisit OCCI
A Practical Reference
12. 5,000-foot Look at OCCI
GET http://abc.com/uid123foobar/
*
Provider
Instance
*
HTTP LINK header
Compute
*
Storage
*
Links
Network
*
Operations
*
Attributes
OCCI
Atom-like categories
13. REQUEST
Eye-level Look at OCCI
> GET /us-east/webapp/vm01 HTTP/1.1
> User-Agent: occi-client/1.0 (linux) libcurl/7.19.4
OCCI/1.0
> Host: cloud.example.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 10 Oct 2009 12:56:51 GMT
< Content-Type: application/ovf
< Link: ;
< rel="http://purl.org/occi/action/start";
< title="Start"
< Link: ;
< rel="related";
< title="Documentation";
< type="application/pdf"
< Category: compute;
< label="Compute Resource;
< scheme="http://purl.org/occi/kind/"
< Server: occi-server/1.0 (linux) OCCI/1.0
< Connection: close
<
<