We are working towards completing V3 of the Cloud Computing Use Cases White Paper on or about Jan. 31st (http://groups.google.com/group/cloud-computing-use-cases). In order to ensure we have all your comments, take a look at the first draft and I ask that you post to http://su.pr/1D4DrA on the Cloud Computing Use Cases Google Group.
Gang, I've just posted the first draft of Version 3 to the Files section. I've tried to distill the many thousands of words of discussion we've had over the last couple of months into a clear, concise description of security requirements and some use cases. A couple of questions:
* I put in a couple of cross-reference tables. I always confuse myself as to which boxes should be checked, so let me know what you think. I tried to think these through from the perspective of what a cloud consumer would need, as opposed to what a cloud provider would need to implement the requirements.
* I mention SLAs very briefly; I think that's the best way to keep this a manageable size. I think we'll have a lot more discussion on SLAs in the future, should we put more information in here?
* Is there another use case we could glean from the discussion? Do the use cases we have already cover all of the requirements and patterns?
As always, thanks for your ideas!
p.s. I'm posting just the Security section; nothing else has changed.
The Draft of the Security section can be found at http://su.pr/Af9z7y and begins as follows:
6 Security Scenarios
Security, in the cloud or elsewhere, is a critical topic that could fill any number of pages. Our purpose here is to highlight the security issues that architects and developers should consider as they move to the cloud.
An important point to keep in mind is that the cloud does not introduce any new security threats or issues. Security in cloud computing is more about the loss of control than any particular technical challenge. With an in-house application, controlling access to sensitive data and applications is crucial. With a cloud based application, access control is just as important, but some of the facilities and individuals involved are in another organization.
Any security requirements must be defined clearly and
completely in a Service Level Agreement. The