New ITU standards on cloud computing security and digital object architecture
ITU members have agreed new international standards (ITU-T Recommendations) outlining security considerations essential to cloud computing and, crucial to the long-term preservation and utility of IP-based resources, a ‘framework for the discovery of identity management information’ to enable interoperability across heterogenous information systems.
Recommendation ITU-T X.1600 “Security framework for cloud computing”, having reached first-stage approval (‘determined’) and now undergoing a final review, describes security threats in the cloud computing environment and, through a framework methodology, matches threats with the security capabilities advised to be specified in mitigating them. ITU-T X.1600 will act as a ‘handbook’ guiding the future standardization of identified threat-mitigation techniques; in addition providing an implementation reference for systems-level cloud security.
Recommendation ITU-T X.1255 “Framework for the discovery of identity management information”, approved and soon to be freely available on ITU’s website, details an open architecture framework in which identity management (IdM) information – identifying ‘digital objects’ and enabling information sharing among entities including subscribers, users, networks, network elements, software applications, services and devices – can be discovered, accessed and represented by heterogenous IdM systems representing IdM information in different ways, supported by a variety of trust frameworks and employing different metadata schemas.
ITU-T X.1255 lays out a framework that enables discovery of identity-related information and its provenance; identity-related information attributes, including but not limited to visual logos and human-readable site names; and attributes and functionality of applications. The framework, in addition, describes a data model and protocol to enable meta-level interoperability in the management of this information across heterogeneous IdM environments.
The Recommendation is a first step towards the Digital Object Architecture (DOA) advocated by the Corporation for National Research Initiatives (CNRI), which is intended to achieve the “universal information access” possible with uniquely identifiable digital objects structured so as to ensure their machine and platform independence.
For a succinct description of the history, motivation and promise of the DOA, see Peter J. Denning & Robert E. Kahn, “The Long Quest for Universal Information Access”, Communications of the ACM, Vol. 53 No. 12, Pages 34-36.
The new Recommendations were agreed at a meeting of ITU-T Study Group 17 (Security) in Geneva, 26 August to 04 September, which also saw the establishment of three new work items, on:
- high-speed Abstract Syntax Notation (ASN.1) Octet Encoding Rules (OER) needed by the financial services sector to gain milliseconds on the trading floor;
- updating the Cryptographic Message Syntax (CMS) to eliminate all obsolete ASN.1 features in the interests of making the CMS usable with all ASN.1 standardized encoding rules; and,
- new challenges for Public-Key Infrastructure (PKI) standardization presented by mobile networks, machine-to-machine (M2M) communication, cloud computing and smart grid.
More information on the work of ITU-T Study Group 17 can be found here.