ISO/IEC 19941:2017

INTERNATIONAL ISO/IEC
STANDARD 19941
First edition
2017-12
Information technology — Cloud
computing — Interoperability and
portability
Technologies de l'information — Informatique en nuage —
Interopérabilité et portabilité
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Interoperability terms . 1
3.2 Data portability terms . 2
3.3 Application portability terms . 2
4 Abbreviated terms . 3
5 Overview of cloud computing interoperability and portability . 4
5.1 Description of cloud computing interoperability and portability . 4
5.1.1 General. 4
5.1.2 Considerations for cloud interoperability. 5
5.1.3 Considerations for portability in a cloud computing environment . 6
5.1.4 Relationship between cloud interoperability and cloud portability . 9
5.2 Cloud interoperability and portability facet models . 9
5.2.1 Cloud interoperability facet model . 9
5.2.2 Cloud data portability facet model .13
5.2.3 Cloud application portability facet model .16
5.3 Key challenges related to interoperability and portability in cloud computing .18
5.3.1 General.18
5.3.2 Security .18
5.3.3 Identity and Access Management (IdAM) .20
5.3.4 Security during migration .21
5.3.5 Dynamic migration .21
5.3.6 Interfaces, APIs and interoperability .21
5.3.7 Open source.22
6 Interoperability and portability considerations related to cloud capabilities types .22
6.1 General .22
6.2 Functional components of interoperability .27
6.3 Functional components of data portability .28
6.4 Functional components of application portability .28
6.4.1 General.28
6.4.2 Functional views based on capabilities types . .31
7 Cloud interoperability .36
7.1 Cloud interoperability types .36
7.1.1 General.36
7.1.2 Transport interoperability .38
7.1.3 Syntactic interoperability .39
7.1.4 Semantic data interoperability .39
7.1.5 Behavioural interoperability .39
7.1.6 Policy interoperability .40
7.1.7 Interoperability with connected devices consuming cloud services of
application capabilities type .41
8 Cloud data portability .42
8.1 Cloud data portability types .42
8.2 Data syntactic portability.42
8.2.1 General.42
8.2.2 Data syntactic portability for infrastructure capabilities type cloud services .43
8.2.3 Data syntactic portability for platform capabilities type cloud services . .43
8.2.4 Data syntactic portability for application capabilities type cloud services .44
© ISO/IEC 2017 – All rights reserved iii

8.3 Data semantic portability .45
8.3.1 General.45
8.3.2 Data semantic portability for infrastructure capabilities type cloud services .45
8.3.3 Semantic data portability for platform capabilities type cloud services.45
8.3.4 Data semantic portability for application capabilities type cloud services .45
8.4 Data policy portability .47
8.5 Considerations for cloud data portability of “cloud service derived data” .47
9 Cloud application portability .49
9.1 Cloud application portability types .49
9.2 Considerations for cloud application portability .50
9.3 Application portability for infrastructure capabilities type cloud services .53
9.3.1 Application portability from non-cloud to cloud service . .53
9.3.2 Application portability from a cloud service to another cloud service .55
9.4 Application portability for platform capabilities type cloud services.57
9.4.1 Application portability from non-cloud to cloud service deployments .57
9.4.2 Application portability from one cloud service to another cloud service .60
9.5 Application portability for application capabilities type cloud service .62
9.6 Application portability: Policy facet .62
9.6.1 General.62
9.6.2 Law and regulations . .62
9.6.3 Contracts and licenses.63
9.6.4 Organizational policies .63
Bibliography .64
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 38, Cloud Computing and Distributed Platforms.
© ISO/IEC 2017 – All rights reserved v

Introduction
This document is intended to establish a common understanding of cloud computing interoperability
and portability. In particular, it is of interest to cloud stakeholders focusing on cloud service agreements
concerning interoperability or portability between cloud services.
Cloud computing is defined as a paradigm for enabling network access to a scalable and elastic pool of
shareable physical or virtual resources with self-service provisioning and administration on-demand.
ISO/IEC 17788 and ISO/IEC 17789 provide a starting point for understanding of different types of
interoperability and portability, relationships with activities and roles and cloud capabilities types.
Interoperability, data portability and application portability are essential to the use of cloud services.
The goal of interoperability is to enable the interaction between non-cloud and cloud services, as well
as between cloud services, in addition to enabling composition of new services from multiple services.
The goal of portability is to enable cloud service customers (CSCs) to move their data or applications
between non-cloud and one or more cloud services and between cloud services. The benefits of
interoperability include lower costs of integration and increasing the value of services through
enrichment or new functionality provided by composing cloud services. The benefits of portability
include greater efficiency by lowering the costs of migration. Both interoperability and portability offer
more choices to CSCs by limiting the effects of being locked in to any cloud service or cloud service
provider (CSP). While there is no disagreement that interoperability and portability are advantages
to cloud computing, there is no single way of handling either capability. Declaring interoperability
or portability without doing a detailed analysis of what specifically is to be ported or is to be made
interoperable is meaningless and does not lead to cloud solutions that meet the CSC’s and CSP’s business
goals, which has led to significant and on-going confusion in the industry and needs to be resolved.
Interoperability is the ability of two or more systems or applications to exchange information
and to mutually use the information that has been exchanged. In the context of cloud computing,
interoperability should be viewed as the capability of public cloud services, private cloud services and
other cloud service customer systems to understand each other’s interfaces, configuration, forms of
authentication and authorization, etc. in order to cooperate and work with each other.
Interoperability is a complex subject in the context of cloud computing because of the number of
interactions involved and the potential variations for each interaction. While interoperability and
standards add significant value and are advantageous to cloud computing, there are no comprehensive
solutions. Many existing IT standards contribute to enabling interoperability between CSC applications
and cloud services and between cloud services themselves. Using standards can be one way to build
interoperable cloud services. Other techniques such as well-documented API specifications can also help.
Cloud computing services that enable portability using defined policies, standards or documented
formats can ensure that CSCs are able to get their data into or out of cloud services in a reasonably easy
and cost-effective manner, as this allows CSCs to move to a cloud service of another CSP and also to
drive integration of heterogeneous cloud services.
As presented in ISO/IEC 17788, portability is the ability of a CSC to move their data or their applications
between two different cloud services at a low cost and with minimal disruption. Portability is significant
in cloud computing since CSCs are interested in avoiding lock-in when they choose to use cloud services.
Therefore, in the context of cloud computing, portability can have multiple aspects depending on what
is being ported (moved) and which cloud services are involved. For portability, there are no specific
requirements for the source and target systems to be directly connected.
Portability in a cloud computing environment is not a binary concept. It would be a mistake to think
of cloud services and the associated cloud applications and data as being either 100% portable or
not portable at all. Almost all applications running in a cloud service can be ported to another cloud
service offering equivalent capabilities if enough resources are invested. The critical considerations for
portability discussions are the porting cost, the risks associated with the porting and how to control
the costs and risks compared to the expected benefits.
vi © ISO/IEC 2017 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 19941:2017(E)
Information technology — Cloud computing —
Interoperability and portability
1 Scope
This document specifies cloud computing interoperability and portability types, the relationship and
interactions between these two cross-cutting aspects of cloud computing and common terminology
and concepts used to discuss interoperability and portability, particularly relating to cloud services.
This document is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086-1,
ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in
ISO/IEC 17788 and ISO/IEC 17789 respectively.
The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs,
CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding
of interoperability and portability for their specific needs. This common understanding helps to achieve
interoperability and portability in cloud computing by establishing common terminology and concepts.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1 Interoperability terms
3.1.1
interoperability
ability of two or more systems or applications to exchange information and to mutually use the
information that has been exchanged
[SOURCE: ISO/IEC 17788:2014, 3.1.5]
3.1.2
cloud interoperability
ability of a CSC’s system to interact with a cloud service or the ability for one cloud service to interact
with other cloud services by exchanging information according to a prescribed method to obtain
predictable results
Note 1 to entry: Cloud service to cloud service interactions occur through a CSP: inter-cloud provider relationship.
3.1.3
transport interoperability
interoperability (3.1.1) where information exchange uses an established communication infrastructure
between the participating systems
© ISO/IEC 2017 – All rights reserved 1

3.1.4
syntactic interoperability
interoperability (3.1.1) such that the formats of the exchanged information can be understood by the
participating systems
3.1.5
semantic data interoperability
interoperability (3.1.1) so that the meaning of the data model within the context of a subject area is
understood by the participating systems
3.1.6
behavioural interoperability
interoperability (3.1.1) so that the actual result of the exchange achieves the expected outcome
3.1.7
policy interoperability
interoperability (3.1.1) while complying with the legal, organizational and policy frameworks applicable
to the participating systems
3.2 Data portability terms
3.2.1
data portability
ability to easily transfer data from one system to another without being required to re-enter data
Note 1 to entry: It is the ease of moving the data that is the essence here. This might be achieved by the source
system supplying the data in exactly the format that is accepted by the target system. But even if the formats
do not match, the transformation between them may be simple and straightforward to achieve with commonly
available tools. On the other hand, a process of printing out the data and rekeying it for the target system could
not be described as "easy".
[SOURCE: ISO/IEC 17788:2014, 3.2.21]
3.2.2
cloud data portability
data portability (3.2.1) from one cloud service to another cloud service or between a CSC’s system and a
cloud service
[SOURCE: ISO/IEC 17788:2014, 3.2.6, modified — “or between a CSC’s system and a cloud service” has
been added.]
3.2.3
data syntactic portability
data portability (3.2.1) using data formats that can be decoded on the target
3.2.4
data semantic portability
data portability (3.2.1) such that the meaning of the data model is understood within the context of a
subject area by the target
3.2.5
data policy portability
data portability (3.2.1) while complying with the legal, organizational and policy frameworks applicable
to both the source and target
3.3 Application portability terms
3.3.1
application portability
ability to migrate an application from a source system to a target system
2 © ISO/IEC 2017 – All rights reserved

3.3.2
cloud application portability
ability to migrate an application from one cloud service to another cloud service or between a CSC’s
system and a cloud service
[SOURCE: ISO/IEC 17788:2014, 3.2.2, modified — “or between a CSC’s system and a cloud service” has
been added.]
3.3.3
application syntactic portability
application portability (3.3.1) where the format of the application artefacts can be decoded on the target
3.3.4
application instruction portability
application portability (3.3.1) so that the application's instruction set executes on the target
3.3.5
application metadata portability
application portability (3.3.1) so that the application's metadata is retained and understood on the target
3.3.6
application behaviour portability
application portability (3.3.1) so that execution on the target produces equivalent results to those
produced on the source
3.3.7
application policy portability
application portability (3.3.1) while complying with the legal, organizational and policy frameworks
applicable to the source and target
4 Abbreviated terms
API Application Programming Interface
ASCII American Standard Code for Information Interchange
ASN.1 Abstract Syntax Notation 1
BPEL Business Process Execution Language
BPML Business Process Management Language
CRM Customer Relationship Management
CSC Cloud Service Customer
CSN Cloud Service Partner
CSP Cloud Service Provider
CSV Comma-separated values
ERP Enterprise Resource Planning
ESB Enterprise Service Bus
HCM Human Capital Management
HTTP Hyper Text Transfer Protocol
© ISO/IEC 2017 – All rights reserved 3

IaaS Infrastructure as a Service
ICT Information & Communication Technology
IdAM Identity and Access Management
JSON JavaScript Object Notation
MIME Multipurpose Internet Mail Extensions
MQTT Message Queuing Telemetry Transport
OVF Open Virtualization Format
OWL Web Ontology Language
PaaS Platform as a Service
PII Personally identifiable information
REST Representational State Transfer
SaaS Software as a Service
SDK Software Development Kit
SOAP Simple Object Access Protocol
UML Unified Modeling Language
VM Virtual Machine
VPN Virtual Private Network
XML eXtensible Markup Language
5 Overview of cloud computing interoperability and portability
5.1 Description of cloud computing interoperability and portability
5.1.1 General
This clause provides an overview and models (known as “facet models”; refer to 5.2.1, 5.2.2 and 5.2.3
for details) for cloud interoperability, cloud data portability and cloud application portability. There are
various perspectives of interoperability and portability that need to be considered. These perspectives
are called “facets”.
Interoperability and portability in cloud computing involve interactions affected by technological,
information and human aspects. Interoperability and portability related challenges are likely to
intensify and become more difficult to manage as systems grow more complex and interconnected.
In cloud computing environments with internationally interconnected systems, the complexities also
include matters of corporate policy, regulation and international law.
4 © ISO/IEC 2017 – All rights reserved

5.1.2 Considerations for cloud interoperability
Key
A application to/from cloud service
B cloud service to/from cloud service
Figure 1 — High-level view of cloud interoperability
ISO/IEC 17788 defines interoperability as “the ability for two or more systems or applications to exchange
information and mutually use the information that has been exchanged”. In the context of cloud computing,
interoperability is further described as a cross-cutting aspect providing the ability for a cloud service
customer system to interact with a cloud service and exchange information according to a prescribed
method and obtain predictable results (see ISO/IEC 17788:2014, 6.6). Interoperability also includes
the ability for one cloud service to interact with other cloud services (see ISO/IEC 17789:2014, 8.5.5).
Figure 1 indicates that cloud interoperability takes place both between a CSC's application and cloud
services and also takes place between cloud services. It is also notable that there are typically multiple
interfaces involved in both of these cases, as indicated by the multiple arrows.
Note that interoperability in cloud computing is rarely confined to a binary decision of possible or
impossible. More often, interoperability is possible subject to implementation costs. A cost/benefit
analysis is required to determine whether the resources needed to assure exchange of information in
the prescribed method while obtaining predictable results is worthwhile. The ability of systems of a
CSC and cloud services as well as multiple cloud services to interoperate with respect to the facets
discussed below is more than a matter of investing the resources to assure the exchange of information
between the interfaces at either end, since interoperability also requires validation that behavioural
and policy facets are respectively compatible. In addition, any changes caused by interoperation
requirements may entail additional training for end users, management and operations staff.
There are many considerations when addressing cloud interoperability. These include:
— the ability of a CSC to interact with a cloud service by exchanging information according to a
prescribed method obtaining predictable results;
— the ability for a cloud service to work with other cloud services;
— properties needed to facilitate successful interactions between an organization’s ICT facilities and
a cloud service;
— roles and activities as defined in ISO/IEC 17789;
— cloud capabilities types as defined in ISO/IEC 17788;
© ISO/IEC 2017 – All rights reserved 5

— interfaces between different functional components as defined in ISO/IEC 17789:2014, 9.2.
By taking these considerations into account, this document promotes better understanding of the
requisites for interoperable cloud services.
5.1.3 Considerations for portability in a cloud computing environment
5.1.3.1 General
This document distinguishes between cloud application portability and cloud data portability. In
the context of cloud computing, portability refers to the ability of a CSC to move and suitably adapt
their applications and data between the CSC’s systems and cloud services, between different cloud
deployment models, and between cloud services of different CSPs.
Note that portability in cloud computing is rarely confined to a binary decision of possible or impossible.
More often, portability is “possibly subject to switching costs”. A cost/benefit analysis is required to
determine whether porting applications and/or data is worthwhile. The similarity of the CSC and CSP’s
systems with respect to the facets described in 5.2.2 and 5.2.3 is therefore more of a matter of lowering
the switching cost than of “enabling” portability to take place, since almost any portability is possible if
the customer is willing and able to pay for it. Switching concerns are not limited to costs; it also usually
involves some risks and usually entail the CSC spending effort and time and perhaps a period of service
interruption.
There are many considerations when addressing portability in cloud computing. These include:
— allowing CSCs to migrate applications and data in response to business needs such as faster service,
lower cost, greater reliability or disaster recovery needs;
— wider availability of application and data allowing access to a broader market;
— time and effort required for porting both applications and data, however, such overhead may be
reduced using common programming languages, standards, tools, frameworks, models, run times
and APIs;
— limiting of lock-in situations where the CSC is tied to the cloud services of one CSP.
Portability is an aspect of the more general topic of migration. Other issues related to migration are not
considered further in this document.
6 © ISO/IEC 2017 – All rights reserved

5.1.3.2 Cloud data portability
Key
A CSC system to/from cloud service
B cloud service to/from cloud service
Figure 2 — High-level view of cloud data portability
Cloud data portability is the ability to transfer data from one cloud service to another cloud service or
between a cloud service customer’s system and a cloud service. Figure 2 indicates the porting of data
between a CSC's system and a cloud service and porting of data from one cloud service to another. The
arrows in both directions indicate the potential to port data to and from any of those places.
Considerations relating to cloud data portability include:
— retrieval of cloud service customer data. A capability to retrieve cloud service customer data from
the source cloud service is needed and a capability to import cloud service customer data into the
target cloud service. Cloud data is frequently large enough to tax available bandwidth between
systems and data might therefore be moved by the physical movement of physical storage media. In
some cases, data is moved electronically;
— syntax of the data. The syntax of the data is ideally the same for the source service and the target
service. However, if the syntax does not match, e.g. the source uses JSON syntax but the target uses
XML, it may be possible to map the data using commonly available tools;
— semantics of the data. The semantics of data are commonly expressed by an ontology. Compatible
ontologies simplify the porting of data between source and target services. If the ontologies are
incompatible, additional resources may be applied to detect inconsistences. These inconsistencies
may be resolved or fidelity of the data may be reduced to enable the data to be ported.
© ISO/IEC 2017 – All rights reserved 7

5.1.3.3 Cloud application portability
Key
A CSC system to/from cloud service
B cloud service to/from cloud service
Figure 3 — High level view of cloud application portability
Cloud application portability is the ability to migrate applications from a CSC’s system to a cloud service
or from one cloud service to another including migration between instances of cloud deployment models
(private, public, community and hybrid). Figure 3 shows the porting of an application between a CSC's
system and a cloud service and porting of an application between two cloud services. The arrows in
both directions indicate the potential to port applications to and from any of those places.
Considerations relating to cloud application portability include the following.
— Cloud application portability can require the movement of one or more application components
that form part of a larger, multi-cloud application. For instance, in addition to application logic, it
may be necessary to port and/or reconfigure the cloud application and/or the components upon
which it depends, e.g. libraries, databases and web servers. The sequence of virtual machine and/or
component start-up may also be important. Portability of complex applications may also require
CSPs to share application metadata. This metadata might be acquired by capturing expert knowledge
and best practices related to that application’s deployment and subsequent management throughout
its lifecycle, by automated inspection or discovery or by other means. Common examples of this
metadata are details regarding the relationships and dependencies between various application
components, requirements such as the acceptable range of component versions, start-up sequence,
network and firewall configuration, processing capacity, co-location rules and load balancing
requirements.
— Cloud application portability requires that interfaces needed by the application in the source
environment are also available in the target environment. These interfaces, for example, might
enable the application to use service discovery and communication protocols implemented by
the environment, as well as providing access to the environment capabilities that support the
application. In some environments, the interfaces may also enable applications to manage the
underlying resources. In cases where an application is being ported between two cloud services,
the ability of a target cloud service to replicate the environment that the source cloud service has for
the application/service or at least create an environment that similarly satisfies the dependencies of
the application, is a major consideration.
8 © ISO/IEC 2017 – All rights reserved

— The reduced disruption and increased choice enabled by cloud application portability provide CSCs
with the capability to mitigate risks. Cloud application portability can facilitate greater business
agility by enabling more rapid redeployment of cloud applications and services to alternative or
complementary CSPs in response to changing business conditions and technical trends.
— Cloud application portability requires that the identified activities of CSC and CSN and their sub-
roles that are supported in the source system are also supported, with acceptable fidelity, by the
target system and its components. In practice, different cloud services rarely provide identical
capabilities to support all of the activities for all sub-roles. The effort necessary to adjust for these
differences and the potential benefits need to be considered. For example, a cloud application
implemented on a infrastructure capabilities type cloud service (ISO/IEC 17788:2014, 3.2.25)
moved to a different cloud service of the same type might provide identical capabilities to support
the activities of the CSC:Cloud service user sub-role deploying and operating the application, but
very different capabilities for the CSC:Cloud service administrator sub-role managing the use of the
cloud service.
5.1.4 Relationship between cloud interoperability and cloud portability
It is important to understand that portability and interoperability are not synonymous. While
interoperability and portability are often discussed in parallel and are related concepts, they are in fact
separate concepts without direct dependencies.
The focus of interoperability is the ability to exchange information between a CSC's system and a cloud
service or between a cloud service and another cloud service, resulting in the ability to mutually use
the information that has been exchanged. A cloud service that is interoperable does not necessarily
support portability of applications and/or data.
Portability is the ability to migrate data or applications from one cloud service to another or between
a CSC's system and a cloud service. The degree of effectiveness and efficiency of the migration is
considered as the ability to execute the application or use the data with as few or no manual changes in
the migration process as described in ISO/IEC 17788. The focus of portability is the ease of migration
of the data and application. A cloud service that supports portability is not necessarily interoperable.
5.2 Cloud interoperability and portability facet models
5.2.1 Cloud interoperability facet model
5.2.1.1 General
Interoperability is not a simple "yes/no" concept. Interoperability involves a number of elements,
starting at the simple exchange of data bytes, facilitating an understanding of the semantics of the
exchanged information and also an alignment of the business processes, behaviour and policies on either
side of the exchange. It can be that semantic, behavioural and policy interoperability is a significantly
bigger challenge than the bits and bytes.
The interoperability facet model described in this document defines five facets within the context
of cloud interoperability. These five facets, shown in Figure 4, are transport, syntactic, semantic
data, behavioural and policy. This model is derived by combining and abstracting the European
[13] [14]
Interoperability Framework and the Levels of Conceptual Interoperability Model (LCIM) .
© ISO/IEC 2017 – All rights reserved 9

Figure 4 — Facets of cloud interoperability
5.2.1.2 Transport interoperability
Transport interoperability means the commonality of the communication infrastructure established
to exchange data between systems. In the context of cloud computing, transport interoperability is the
transfer mechanism between various cloud computing components, either between CSC components
and CSP components or between CSP components related to different cloud services. Examples
include HTTP/S, SOAP, Advanced Message Queuing Protocol (AMQP) and Message Queuing Telemetry
Transport (MQTT).
5.2.1.3 Syntactic interoperability
Syntactic interoperability is the ability of two or more systems or services to understand the structure
of exchanged information, which is an encoding of the domain concepts as defined by the semantic data
facet. Examples of encoding syntaxes include JSON, XML and syntaxes described in ASN.1.
5.2.1.4 Semantic data interoperability
Semantic data interoperability is the ability for the systems exchanging information to understand the
meaning of the data model within the context of a subject area. Domain concepts in a cloud computing
context are dictated by the type of cloud service offering.
Semantic data interoperability is based on the data models of the information being exchanged at the
time of that exchange. At the infrastructure level, this concerns virtual machines (VMs), containers,
storage and networking concepts and their management. At the platform level, this concerns
applications, the execution and deployment environment and their management. At the application
10 © ISO/IEC 2017 – All rights reserved

level, the domain concepts are dictated by the application itself, such as Human Capital Management
(HCM), Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), etc.
At the business domain level, semantic data interoperability concerns the ability for discrete domain
concepts to be shared and understood between applications, e.g. the concept of “customer” in insurance
versus the concept of “patient” in healthcare. Example approaches include the construction of ontologies
using, for example, OWL, and the use of semantic query languages like SPARQL.
5.2.1.5 Behavioural interoperability
Behavioural interoperability is where the results of the use of the exchanged information matches the
expected outcome. A cloud service, like any other piece of software is designed for a particular purpose
or intention. However, its actual use by a customer may have a different intention without violating
the other facets of interoperability. For example, the web architecture was originally intended to serve
static web pages but over time and without significant architectural redesigns, many different dynamic
and interactive models have emerged.
Behavioural interoperability of a cloud service is defined in the service description. The service
description includes a declaration of the interface provided by the service, often referred to as an
API. The interface declaration describes the service in terms of a set of operations provided by the
service and the inputs and outputs for each operation. In terms of the
...