Information technology — Cloud computing — Interoperability and portability

ISO/IEC 19941:2017 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services. ISO/IEC 19941:2017 is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086‑1, ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in ISO/IEC 17788 and ISO/IEC 17789 respectively. The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs, CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding of interoperability and portability for their specific needs. This common understanding helps to achieve interoperability and portability in cloud computing by establishing common terminology and concepts.

Technologies de l'information — Informatique en nuage — Interopérabilité et portabilité

General Information

Status
Published
Publication Date
29-Nov-2017
Current Stage
6060 - International Standard published
Start Date
30-Nov-2017
Completion Date
30-Nov-2017
Ref Project

Buy Standard

Standard
ISO/IEC 19941:2017 - Information technology -- Cloud computing -- Interoperability and portability
English language
65 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 19941
First edition
2017-12
Information technology — Cloud
computing — Interoperability and
portability
Technologies de l'information — Informatique en nuage —
Interopérabilité et portabilité
Reference number
ISO/IEC 19941:2017(E)
ISO/IEC 2017
---------------------- Page: 1 ----------------------
ISO/IEC 19941:2017(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2017, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 19941:2017(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

3.1 Interoperability terms ...................................................................................................................................................................... 1

3.2 Data portability terms ...................................................................................................................................................................... 2

3.3 Application portability terms ..................................................................................................................................................... 2

4 Abbreviated terms .............................................................................................................................................................................................. 3

5 Overview of cloud computing interoperability and portability .......................................................................... 4

5.1 Description of cloud computing interoperability and portability .............................................................. 4

5.1.1 General...................................................................................................................................................................................... 4

5.1.2 Considerations for cloud interoperability.................................................................................................. 5

5.1.3 Considerations for portability in a cloud computing environment ..................................... 6

5.1.4 Relationship between cloud interoperability and cloud portability ................................... 9

5.2 Cloud interoperability and portability facet models .............................................................................................. 9

5.2.1 Cloud interoperability facet model .................................................................................................................. 9

5.2.2 Cloud data portability facet model ................................................................................................................13

5.2.3 Cloud application portability facet model ..............................................................................................16

5.3 Key challenges related to interoperability and portability in cloud computing ..........................18

5.3.1 General...................................................................................................................................................................................18

5.3.2 Security .................................................................................................................................................................................18

5.3.3 Identity and Access Management (IdAM) ...............................................................................................20

5.3.4 Security during migration .....................................................................................................................................21

5.3.5 Dynamic migration .....................................................................................................................................................21

5.3.6 Interfaces, APIs and interoperability ..........................................................................................................21

5.3.7 Open source.......................................................................................................................................................................22

6 Interoperability and portability considerations related to cloud capabilities types ................22

6.1 General ........................................................................................................................................................................................................22

6.2 Functional components of interoperability ................................................................................................................27

6.3 Functional components of data portability .................................................................................................................28

6.4 Functional components of application portability ...............................................................................................28

6.4.1 General...................................................................................................................................................................................28

6.4.2 Functional views based on capabilities types .................. ....................................................................31

7 Cloud interoperability .................................................................................................................................................................................36

7.1 Cloud interoperability types ....................................................................................................................................................36

7.1.1 General...................................................................................................................................................................................36

7.1.2 Transport interoperability ...................................................................................................................................38

7.1.3 Syntactic interoperability ......................................................................................................................................39

7.1.4 Semantic data interoperability .........................................................................................................................39

7.1.5 Behavioural interoperability ..............................................................................................................................39

7.1.6 Policy interoperability .............................................................................................................................................40

7.1.7 Interoperability with connected devices consuming cloud services of

application capabilities type ...............................................................................................................................41

8 Cloud data portability ..................................................................................................................................................................................42

8.1 Cloud data portability types .....................................................................................................................................................42

8.2 Data syntactic portability............................................................................................................................................................42

8.2.1 General...................................................................................................................................................................................42

8.2.2 Data syntactic portability for infrastructure capabilities type cloud services ........43

8.2.3 Data syntactic portability for platform capabilities type cloud services .................. ....43

8.2.4 Data syntactic portability for application capabilities type cloud services ...............44

© ISO/IEC 2017 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 19941:2017(E)

8.3 Data semantic portability ...........................................................................................................................................................45

8.3.1 General...................................................................................................................................................................................45

8.3.2 Data semantic portability for infrastructure capabilities type cloud services ........45

8.3.3 Semantic data portability for platform capabilities type cloud services......................45

8.3.4 Data semantic portability for application capabilities type cloud services ...............45

8.4 Data policy portability ...................................................................................................................................................................47

8.5 Considerations for cloud data portability of “cloud service derived data” ......................................47

9 Cloud application portability ...............................................................................................................................................................49

9.1 Cloud application portability types ....................................................................................................................................49

9.2 Considerations for cloud application portability ...................................................................................................50

9.3 Application portability for infrastructure capabilities type cloud services ....................................53

9.3.1 Application portability from non-cloud to cloud service .................. .........................................53

9.3.2 Application portability from a cloud service to another cloud service .........................55

9.4 Application portability for platform capabilities type cloud services..................................................57

9.4.1 Application portability from non-cloud to cloud service deployments ........................57

9.4.2 Application portability from one cloud service to another cloud service ...................60

9.5 Application portability for application capabilities type cloud service ..............................................62

9.6 Application portability: Policy facet ..................................................................................................................................62

9.6.1 General...................................................................................................................................................................................62

9.6.2 Law and regulations ........................................................................................................................................... ........62

9.6.3 Contracts and licenses..............................................................................................................................................63

9.6.4 Organizational policies ............................................................................................................................................63

Bibliography .............................................................................................................................................................................................................................64

iv © ISO/IEC 2017 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 19941:2017(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work. In the field of information technology, ISO and IEC have established a joint technical committee,

ISO/IEC JTC 1.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 38, Cloud Computing and Distributed Platforms.
© ISO/IEC 2017 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 19941:2017(E)
Introduction

This document is intended to establish a common understanding of cloud computing interoperability

and portability. In particular, it is of interest to cloud stakeholders focusing on cloud service agreements

concerning interoperability or portability between cloud services.

Cloud computing is defined as a paradigm for enabling network access to a scalable and elastic pool of

shareable physical or virtual resources with self-service provisioning and administration on-demand.

ISO/IEC 17788 and ISO/IEC 17789 provide a starting point for understanding of different types of

interoperability and portability, relationships with activities and roles and cloud capabilities types.

Interoperability, data portability and application portability are essential to the use of cloud services.

The goal of interoperability is to enable the interaction between non-cloud and cloud services, as well

as between cloud services, in addition to enabling composition of new services from multiple services.

The goal of portability is to enable cloud service customers (CSCs) to move their data or applications

between non-cloud and one or more cloud services and between cloud services. The benefits of

interoperability include lower costs of integration and increasing the value of services through

enrichment or new functionality provided by composing cloud services. The benefits of portability

include greater efficiency by lowering the costs of migration. Both interoperability and portability offer

more choices to CSCs by limiting the effects of being locked in to any cloud service or cloud service

provider (CSP). While there is no disagreement that interoperability and portability are advantages

to cloud computing, there is no single way of handling either capability. Declaring interoperability

or portability without doing a detailed analysis of what specifically is to be ported or is to be made

interoperable is meaningless and does not lead to cloud solutions that meet the CSC’s and CSP’s business

goals, which has led to significant and on-going confusion in the industry and needs to be resolved.

Interoperability is the ability of two or more systems or applications to exchange information

and to mutually use the information that has been exchanged. In the context of cloud computing,

interoperability should be viewed as the capability of public cloud services, private cloud services and

other cloud service customer systems to understand each other’s interfaces, configuration, forms of

authentication and authorization, etc. in order to cooperate and work with each other.

Interoperability is a complex subject in the context of cloud computing because of the number of

interactions involved and the potential variations for each interaction. While interoperability and

standards add significant value and are advantageous to cloud computing, there are no comprehensive

solutions. Many existing IT standards contribute to enabling interoperability between CSC applications

and cloud services and between cloud services themselves. Using standards can be one way to build

interoperable cloud services. Other techniques such as well-documented API specifications can also help.

Cloud computing services that enable portability using defined policies, standards or documented

formats can ensure that CSCs are able to get their data into or out of cloud services in a reasonably easy

and cost-effective manner, as this allows CSCs to move to a cloud service of another CSP and also to

drive integration of heterogeneous cloud services.

As presented in ISO/IEC 17788, portability is the ability of a CSC to move their data or their applications

between two different cloud services at a low cost and with minimal disruption. Portability is significant

in cloud computing since CSCs are interested in avoiding lock-in when they choose to use cloud services.

Therefore, in the context of cloud computing, portability can have multiple aspects depending on what

is being ported (moved) and which cloud services are involved. For portability, there are no specific

requirements for the source and target systems to be directly connected.

Portability in a cloud computing environment is not a binary concept. It would be a mistake to think

of cloud services and the associated cloud applications and data as being either 100% portable or

not portable at all. Almost all applications running in a cloud service can be ported to another cloud

service offering equivalent capabilities if enough resources are invested. The critical considerations for

portability discussions are the porting cost, the risks associated with the porting and how to control

the costs and risks compared to the expected benefits.
vi © ISO/IEC 2017 – All rights reserved
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 19941:2017(E)
Information technology — Cloud computing —
Interoperability and portability
1 Scope

This document specifies cloud computing interoperability and portability types, the relationship and

interactions between these two cross-cutting aspects of cloud computing and common terminology

and concepts used to discuss interoperability and portability, particularly relating to cloud services.

This document is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086-1,

ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in

ISO/IEC 17788 and ISO/IEC 17789 respectively.

The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs,

CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding

of interoperability and portability for their specific needs. This common understanding helps to achieve

interoperability and portability in cloud computing by establishing common terminology and concepts.

2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1 Interoperability terms
3.1.1
interoperability

ability of two or more systems or applications to exchange information and to mutually use the

information that has been exchanged
[SOURCE: ISO/IEC 17788:2014, 3.1.5]
3.1.2
cloud interoperability

ability of a CSC’s system to interact with a cloud service or the ability for one cloud service to interact

with other cloud services by exchanging information according to a prescribed method to obtain

predictable results

Note 1 to entry: Cloud service to cloud service interactions occur through a CSP: inter-cloud provider relationship.

3.1.3
transport interoperability

interoperability (3.1.1) where information exchange uses an established communication infrastructure

between the participating systems
© ISO/IEC 2017 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC 19941:2017(E)
3.1.4
syntactic interoperability

interoperability (3.1.1) such that the formats of the exchanged information can be understood by the

participating systems
3.1.5
semantic data interoperability

interoperability (3.1.1) so that the meaning of the data model within the context of a subject area is

understood by the participating systems
3.1.6
behavioural interoperability

interoperability (3.1.1) so that the actual result of the exchange achieves the expected outcome

3.1.7
policy interoperability

interoperability (3.1.1) while complying with the legal, organizational and policy frameworks applicable

to the participating systems
3.2 Data portability terms
3.2.1
data portability

ability to easily transfer data from one system to another without being required to re-enter data

Note 1 to entry: It is the ease of moving the data that is the essence here. This might be achieved by the source

system supplying the data in exactly the format that is accepted by the target system. But even if the formats

do not match, the transformation between them may be simple and straightforward to achieve with commonly

available tools. On the other hand, a process of printing out the data and rekeying it for the target system could

not be described as "easy".
[SOURCE: ISO/IEC 17788:2014, 3.2.21]
3.2.2
cloud data portability

data portability (3.2.1) from one cloud service to another cloud service or between a CSC’s system and a

cloud service

[SOURCE: ISO/IEC 17788:2014, 3.2.6, modified — “or between a CSC’s system and a cloud service” has

been added.]
3.2.3
data syntactic portability
data portability (3.2.1) using data formats that can be decoded on the target
3.2.4
data semantic portability

data portability (3.2.1) such that the meaning of the data model is understood within the context of a

subject area by the target
3.2.5
data policy portability

data portability (3.2.1) while complying with the legal, organizational and policy frameworks applicable

to both the source and target
3.3 Application portability terms
3.3.1
application portability
ability to migrate an application from a source system to a target system
2 © ISO/IEC 2017 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC 19941:2017(E)
3.3.2
cloud application portability

ability to migrate an application from one cloud service to another cloud service or between a CSC’s

system and a cloud service

[SOURCE: ISO/IEC 17788:2014, 3.2.2, modified — “or between a CSC’s system and a cloud service” has

been added.]
3.3.3
application syntactic portability

application portability (3.3.1) where the format of the application artefacts can be decoded on the target

3.3.4
application instruction portability

application portability (3.3.1) so that the application's instruction set executes on the target

3.3.5
application metadata portability

application portability (3.3.1) so that the application's metadata is retained and understood on the target

3.3.6
application behaviour portability

application portability (3.3.1) so that execution on the target produces equivalent results to those

produced on the source
3.3.7
application policy portability

application portability (3.3.1) while complying with the legal, organizational and policy frameworks

applicable to the source and target
4 Abbreviated terms
API Application Programming Interface
ASCII American Standard Code for Information Interchange
ASN.1 Abstract Syntax Notation 1
BPEL Business Process Execution Language
BPML Business Process Management Language
CRM Customer Relationship Management
CSC Cloud Service Customer
CSN Cloud Service Partner
CSP Cloud Service Provider
CSV Comma-separated values
ERP Enterprise Resource Planning
ESB Enterprise Service Bus
HCM Human Capital Management
HTTP Hyper Text Transfer Protocol
© ISO/IEC 2017 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/IEC 19941:2017(E)
IaaS Infrastructure as a Service
ICT Information & Communication Technology
IdAM Identity and Access Management
JSON JavaScript Object Notation
MIME Multipurpose Internet Mail Extensions
MQTT Message Queuing Telemetry Transport
OVF Open Virtualization Format
OWL Web Ontology Language
PaaS Platform as a Service
PII Personally identifiable information
REST Representational State Transfer
SaaS Software as a Service
SDK Software Development Kit
SOAP Simple Object Access Protocol
UML Unified Modeling Language
VM Virtual Machine
VPN Virtual Private Network
XML eXtensible Markup Language
5 Overview of cloud computing interoperability and portability
5.1 Description of cloud computing interoperability and portability
5.1.1 General

This clause provides an overview and models (known as “facet models”; refer to 5.2.1, 5.2.2 and 5.2.3

for details) for cloud interoperability, cloud data portability and cloud application portability. There are

various perspectives of interoperability and portability that need to be considered. These perspectives

are called “facets”.

Interoperability and portability in cloud computing involve interactions affected by technological,

information and human aspects. Interoperability and portability related challenges are likely to

intensify and become more difficult to manage as systems grow more complex and interconnected.

In cloud computing environments with internationally interconnected systems, the complexities also

include matters of corporate policy, regulation and international law.
4 © ISO/IEC 2017 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC 19941:2017(E)
5.1.2 Considerations for cloud interoperability
Key
A application to/from cloud service
B cloud service to/from cloud service
Figure 1 — High-level view of cloud interoperability

ISO/IEC 17788 defines interoperability as “the ability for two or more systems or applications to exchange

information and mutually use the information that has been exchanged”. In the context of cloud computing,

interoperability is further described as a cross-cutting aspect providing the ability for a cloud service

customer system to interact with a cloud service and exchange information according to a prescribed

method and obtain predictable results (see ISO/IEC 17788:2014, 6.6). Interoperability also includes

the ability for one cloud service to interact with other cloud services (see ISO/IEC 17789:2014, 8.5.5).

Figure 1 indicates that cloud interoperability takes place both between a CSC's application and cloud

services and also takes place between cloud services. It is also notable that there are typically multiple

interfaces involved in both of these cases, as indicated by the multiple arrows.

Note that interoperability in cloud computing is rarely confined to a binary decision of possible or

impossible. More often, interoperability is possible subject to implementation costs. A cost/benefit

analysis is required to determine whether the resources needed to assure exchange of information in

the prescribed method while obtaining predictable results is worthwhile. The ability of systems of a

CSC and cloud service
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.