Summary: Next Steps for CCIF / Cloud Forum

[Sam Johnston]

Allen,

Thanks for following up. In order to satisfy the most voices and allow for future growth I think it's fair to say this is a general "Forum" for advocating cloud computing.

As such a minimalist structure is required, likely in the form of a 503(c)(3) non-profit to be created in the short to medium term. An office would certainly be overkill at this stage (especially given how distributed we are). As an administrative support function it would rubber stamp and implement community decisions rather than playing an active role in governance (even if the individuals themselves do) and the committee positions need not by synchronised with company directors (for example international committee members may not be able to be directors of US companies).

The type of work I expect to take place will be tasks around raising awareness of cloud computing which often do not consume inputs nor produce outputs (e.g. coordinating standards development between multiple standards bodies to prevent duplicate effort). Even where output is produced it is likely to be fairly "lightweight" and free of IPR issues, such as the manifesto and various other related documents (principles, bill of rights, etc.). I doubt we'll need things like ISBNs/ISSNs any time soon.

We currently have a 4 person "committee" (2 smallish vendors, 2 individuals?) who have various ad-hoc functional roles. Jesse points out that they "may not be around forever" but spots can easily be filled or the committe grown/shrunk as necessary. In the unlikely event that we have both a departure and more candidates than seats then we can call for a simple majority vote of active participants.

Votes should be very rare and usually decided with vast majorities (the manifesto would have passed with significant margin had it have been presented, though a vote likely would not have been required after calling for objections). Other issues would likely be related to forming/disbanding workgroups for tasks like the Open Cloud Principles, and optionally ratifying their outputs. Technical details can be determined later but should range from a "show of hands" on the mailing list to simple web based voting systems. I'm not the only one who believes it's a non-issue and anticipated that this would be a dead-end discussion, though nobody could have predicted it would have gone that far off the rails. Let's tie that topic off for the time being at least.

Some questions were raised about IPR but I believe these to be of no concern for the type of work we propose to do. Contributors should assign copyright to the forum as a matter of administrative cleanliness but if we are not creating standards for others to implement, nor giving warranties on our work (CC-BY-SA) then we have little to worry about. The OCC already has a document that would make a good starting point for any agreement that we felt the need to enact and this could be implemented as a click-through-agreement for anything but the most pedantic of members (Cisco has already agreed to this so it will certainly satisfy David's employer). I would be interested to hear what Michael @ SAP thinks about this given his extensive committee experience.

All in all I don't see that there is any action to take at this time, beyond someone reporting on the options for the creation of the simplest possible non-profit legal structure. I anticipate the costs to be in the hundreds and the timeframe to be days or weeks. We should aim to have it done within 1-2 months.

I am hoping that we can put this administrative question to rest and move on with the tasks at hand fairly promptly,

Kind regards,

Sam

On Tue, Mar 31, 2009 at 12:59 AM, afalcon <afa...@horizoninfoservices.com> wrote:

My intent in floating this proposal was to initiate discussion of the
future structure of CCIF.  Is it a "Forum", an unstructured or
structured user group, or an "Association"?  Should it be minimalist
in structure or more formal?

Will advocacy be only to vendors or to the government as well? If the
latter, how formal will the lobbying efforts be?

Are we publishing white papers and manisfestos, or do we need/want
LCNs and ISBNs?

If left unstructured, how do we select spokespersons?  Present
consensus and dissent in an organized manner?

In the last week or so, the CCIF has paid a price for a lack of
structure and facilitation.  How do we prevent this moving forward?

I don't see CCIF becoming a standards body, but working with them.  If
the leadership is vendor-only, no matter how altruistic, will users
join and participate?

I'm impressed that we're already arguing about company versus
individual votes and how to validate votes.  But, what will be voting
on?

Allen

On Mar 30, 10:38 am, afalcon <afal...@horizoninfoservices.com> wrote:
> If we are serious about facilitating open standards for cloud
> computing, than we need to formalize quickly.  I suggest the
> following.
>
> 1) Establish a 501(c)(6) non-profit (membership association)
> 2) Create an "office" to manage the association's assets (domains,
> groups, etc.) and membership, and to identify facilitators for the
> process.
>
> To do this, we will need to identify an initial board of directors (at
> least 5), contract with an individual or firm to provide the office
> resources, and secure funding.
>
> The funding is best raised through annual membership dues.  Based on
> experience, we would need $200K - $250K for the first year of
> operation of the office.  Not difficult with enough vendors and dues
> in the $5K to $10K range.
>
> The person or firm hosting the office should not be a vendor with a
> direct interest in the resulting standards, and no member of the firm
> should serve as a director.
>
> Creating a charter sufficient to obtain 501(c)(6) status is not
> difficult.  We can then develop a more elaborate charter and set of by-
> laws.
>
> I know firms that could do this for us, and as a point of disclosure,
> am involved with one such firm that might be willing to do it at cost.
>
> Is this of interest?  Will the CCIF's current sponsors be willing to
> provide initial funding?  Do we have volunteers willing to serve on
> the initial board of directors?
>
> Allen

[Bechauf, Michael]

If CCIF is only planning to develop Whitepapers similar to the Manifesto then I don't think any IP terms are required, other than clarity on copyrights which can be easily accomplished by the variety of Creative Commons licenses. IP terms are important once there is something that will be implemented in a product (i.e. a specification, or a standard profile similar to WS-I). A company will only implement once it's clear that there is no risk for any IP infringement claims.

 

Whether the proposed "voting" will work on an email list with currently 800+ members is questionable. When do you know that you have a significant majority ? When 400+ members have voted ? Good luck doing that in a reasonable timeframe. 

 

In my experience, once there are formal deliverables and action items need to be turned around in a finite amount of time, this usually requires some sort of leadership group that acts on behalf of its members. The lack of such leadership was - as far as I understand it - exactly what caused the uproar with the Open Cloud Manifesto. It was not clear who - if anybody - could speak on behalf of the members of this group. However, once you introduce leadership and rules, you need a document where this is written down, and a process by which new members agree to those rules.

 

This may sound like overkill ("can't we just all get along") but as soon as corporate marketing and PR departments get involved in signing off a company's participation in endorsing a particular deliverable, they will insist on such rules. At this point, to be blunt, I don't think anybody would want to work with CCIF given the experience that 24 hours before release of a document all of a sudden it becomes clear that the leaders who we thought could speak for CCIF turn out that they actually weren't entitled to do so.

 

A final word about "secrecy": When just like in the case of the Open Cloud Manifesto 36 companies need to sign off a document, there is a need for last minute negotiations that often happen in 1:1 conversations. You may call this secrecy, but I call it reality.

[Jason Meiers]

The copyright for CCIF commercial entries belongs to the original
works of authorship not creative commons.


On Mar 31, 8:22 am, "Bechauf, Michael" <michael.bech...@sap.com>
wrote:

[Sam Johnston]

On Tue, Mar 31, 2009 at 8:22 AM, Bechauf, Michael <michael...@sap.com> wrote:

If CCIF is only planning to develop Whitepapers similar to the Manifesto then I don't think any IP terms are required, other than clarity on copyrights which can be easily accomplished by the variety of Creative Commons licenses. IP terms are important once there is something that will be implemented in a product (i.e. a specification, or a standard profile similar to WS-I). A company will only implement once it's clear that there is no risk for any IP infringement claims.

Ok so I suggest that for now we move on with the presumption that any entity so created be able to license contributions under a CC-style license. That is, we need not "down tools" now, but should implement a simple IPR agreement in due course (ala section 7 of the OCC agreement).
 

Whether the proposed "voting" will work on an email list with currently 800+ members is questionable. When do you know that you have a significant majority ? When 400+ members have voted ? Good luck doing that in a reasonable timeframe. 

For now it is reasonable to assume that votes will not be contentious as issues will not be controversial. In the unlikely event that we actually do have to vote for something (and in the even more unlikely event that someone subsequently disputes the outcome) we can implement something like the Drupal-based system used for the OpenID foundation, or something more elaborate like what we use for Debian Linux.
 

In my experience, once there are formal deliverables and action items need to be turned around in a finite amount of time, this usually requires some sort of leadership group that acts on behalf of its members. The lack of such leadership was - as far as I understand it - exactly what caused the uproar with the Open Cloud Manifesto. It was not clear who - if anybody - could speak on behalf of the members of this group. However, once you introduce leadership and rules, you need a document where this is written down, and a process by which new members agree to those rules.

I don't see manifestogate as having a development process that we need to pander to. Such a document could easily have been produced by creating a wiki page and forming a small, informal working group of volunteers around it. A disclaimer on the wiki's edit page ala "You irrevocably agree to release your contributions under the CC-BY-SA license" would suffice for IPR and anything [perceived to be] lost in the "surprise" element would be gained in transparency and risk reduction.

Nor do I think I am alone in saying that there is no need whatsoever to bless any leader with the power to speak unilaterally on behalf of the membership base (at least for potentially controversial issues) without first consulting them.

The underlying theme here is that cloud computing is bringing with it a new level of transparency, and that this is something we should foster rather than repress.

This may sound like overkill ("can't we just all get along") but as soon as corporate marketing and PR departments get involved in signing off a company's participation in endorsing a particular deliverable, they will insist on such rules. At this point, to be blunt, I don't think anybody would want to work with CCIF given the experience that 24 hours before release of a document all of a sudden it becomes clear that the leaders who we thought could speak for CCIF turn out that they actually weren't entitled to do so.

I appreciate your sentiment and I think we all agree that this debacle has done both the CCIF, the manifesto and cloud computing in general some amount of damage and constitutes a disappointing missed opportunity. I don't want to dredge up the subject here, but suffice to say that it was a leadership mis-step, for which they have apologised. I would be very surprised if they were to now take any actions on our behalf without presenting a specific proposal for approval, given all that has happened.
 

A final word about "secrecy": When just like in the case of the Open Cloud Manifesto 36 companies need to sign off a document, there is a need for last minute negotiations that often happen in 1:1 conversations. You may call this secrecy, but I call it reality.

As I said before, this is not a "reality" that we need to cater for - even if Reuven had have been a duly elected official the outcome would have been the same. If such initiatives wish to work under the cloak of secrecy then they are not for us, and a far better approach would have been to encourage IBM to use an open process from inception.

Does this cover everything we need to cover urgently on the topic of governance? I believe it does and I am quite keen to get us back into doing some real work for the community.

Sam

[Jason Meiers]

I am against CC-style license as well as Drupal-based system used for
the OpenID foundation. The author of the post owns the content as well
as the solutions generated by CCIF commercial. CCIF commercial will
vote on actual issues looked into by CCIF. One person cannot and
should not determine the outcome of a discussion based on a
unqualified wiki entry. For CCIF commercial a vote will occur for each
issue covered by CCIF.

On Mar 31, 11:44 am, Sam Johnston <s...@samj.net> wrote:
> On Tue, Mar 31, 2009 at 8:22 AM, Bechauf, Michael

> <michael.bech...@sap.com>wrote:

>
> >  If CCIF is only planning to develop Whitepapers similar to the Manifesto
> > then I don't think any IP terms are required, other than clarity on
> > copyrights which can be easily accomplished by the variety of Creative
> > Commons licenses. IP terms are important once there is something that will
> > be implemented in a product (i.e. a specification, or a standard profile
> > similar to WS-I). A company will only implement once it's clear that there
> > is no risk for any IP infringement claims.
>
> Ok so I suggest that for now we move on with the presumption that any entity
> so created be able to license contributions under a CC-style license. That
> is, we need not "down tools" now, but should implement a simple IPR
> agreement in due course (ala section 7 of the OCC agreement).
>
> > Whether the proposed "voting" will work on an email list with currently
> > 800+ members is questionable. When do you know that you have a significant
> > majority ? When 400+ members have voted ? Good luck doing that in a
> > reasonable timeframe.
>
> For now it is reasonable to assume that votes will not be contentious as
> issues will not be controversial. In the unlikely event that we actually do
> have to vote for something (and in the even more unlikely event that someone
> subsequently disputes the outcome) we can implement something like the
> Drupal-based system used for the OpenID foundation, or something more

> elaborate like what we use for Debian Linux <http://www.debian.org/vote/>.

[Sam Johnston]

On Tue, Mar 31, 2009 at 11:53 AM, Jason Meiers <jason....@gmail.com> wrote:

I am against CC-style license as well as Drupal-based system used for
the OpenID foundation. The author of the post owns the content as well
as the solutions generated by CCIF commercial. CCIF commercial will
vote on actual issues looked into by CCIF. One person cannot and
should not determine the outcome of a discussion based on a
unqualified wiki entry. For CCIF commercial a vote will occur for each
issue covered by CCIF.

I'm surprised its necessary to explicitly state this, but a separate thread was created because you somehow managed to run the other one into the ground, digressing it to SEMP, key-signing parties and biometric fingerprint readers.

I doubt I am the only one to substitute "SEMP" wherever I see "CCIF commercial", constituting yet another thinly veiled conflict of interest (the last thing the forum needs right now).

As such I respectfully request that you resist the urge to derail this thread as the future of this group is hanging in the balance and will be determined over the next 48 hours.

In short: cut it out.

Sam

[Jason Meiers]

whatever Sam isnt there a wiki you should be writing somewhere.

http://cloudbasics.com/
For the commercial interest of CCIF.

Jason Meiers
Monitoring-as-a-Service(TM)


On Mar 31, 12:20 pm, Sam Johnston <s...@samj.net> wrote:

[Sam Johnston]

Allan,

On Tue, Mar 31, 2009 at 4:45 AM, Sam Johnston <sa...@samj.net> wrote:

> Creating a charter sufficient to obtain 501(c)(6) status is not
> difficult.  We can then develop a more elaborate charter and set of by-
> laws.

As a minor point for clarification, I have been talking about a 501(c)(3) organisation (charity based on the scientific and educational aspects) rather than 501(c)(6) (trade organisation or "alliance" of vendors). I appreciate that the bar is likely higher for a charity classification (as there are more benefits), but with the "voice for the user" aspect it may be within reach.

It touches on the subject of whether we consider ourselves:

1. a community of end users (from individuals to large enterprises)
   
2. a trade organisation or "alliance" of vendors (bearing in mind the world has more than enough of those already), or
   
3. a combination of the two; a "melting pot" where both groups come together to share ideas

I personally think this forum is the only group that has the potential to deliver on the latter, and the extra effort will be well rewarded. User groups and trade organisations are both easy and uninteresting - meshing the two will bring vendors closer to meeting the needs of the users.

Do any of you have a view either way, or do you agree with this sentiment?

Sam

PS In the absence of a process for (even temporarily) dealing with disruptive users, please resist the urge to feed the troll.

[afalcon]

Sam,

I agree that we should strive for #3.

The structure of the group -- 501(c)(3) versus 501(c)(6) -- is a
technical legal/tax issue that we should discuss off-line.

Sorry about feeding the trolls.

Allen

On Mar 31, 7:57 am, Sam Johnston <s...@samj.net> wrote:
> Allan,
>

> On Tue, Mar 31, 2009 at 4:45 AM, Sam Johnston <s...@samj.net> wrote:
> > > Creating a charter sufficient to obtain 501(c)(6) status is not
> > > difficult.  We can then develop a more elaborate charter and set of by-
> > > laws.
>
> As a minor point for clarification, I have been talking about a 501(c)(3)
> organisation (charity based on the scientific and educational aspects)
> rather than 501(c)(6) (trade organisation or "alliance" of vendors). I
> appreciate that the bar is likely higher for a charity classification (as
> there are more benefits), but with the "voice for the user" aspect it may be
> within reach.
>
> It touches on the subject of whether we consider ourselves:
>

>    1. a community of end users (from individuals to large enterprises)
>    2. a trade organisation or "alliance" of vendors (bearing in mind the

>    world has more than enough of those already), or

>    3. a combination of the two; a "melting pot" where both groups come

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If we are only spinning up a "503(c)(3) non-profit" is to own
documentation-type "Intellectual Property", then I think it's a waste of
time/paperwork.

There are a number of organizations that I am sure would be happy to be
a such repository, including:
- FSF
- Debian/Software in the Public Interest
- Internet Society (ISOC) (the legal entity for the IETF)
- W3C
- Open Grid Forum.

I'm sure that there are other groups including some universities and the
like, which would also be willing to be the host.

In my experience with the IETF, the biggest problem that we have is
actually doing any kind of serious interoperability. Aside from the
efforts of Paul Hoffman's VPNC and IMC (Internet Mail Consortium), and
ICSA's efforts, there are few protocols which get serious testing.

One reason for this is that there are said to be liabilities if you say
which product is broken.

On the other hand, CableLabs exists as a consortium of the users (the
cable companies), to do interop testing on products: they even do
hostile/negative testing to verify that products refuse to do things
they are supposed to not do. (e.g. it's not enough that they accept a
valid certificate, they have to also reject an invalid one)

- From what I understand, CableLabs actually will tell it's members which
one of two (or multiple) products which are trying to communicate is
doing the wrong thing, as they can then avoid just that product, instead
of combinations of A<->B.

There have been other forums created: the ATM forum, the MPLS forum,
etc. Some of these have done interop testing, some have just done PR.

In my opinion, we should leave the documentation of IaaS standards to
OGF's newly formed group. What exactly will the other levels be
(my colleague Misha will be there on Thursday, with a picture of our
views), still needs to be solidified.

It is important to do the interop testing, and the forum may well be the
place to do this.

Some levels may *not* ever be standardized in a meaningful way: we see
gmail.com and salesforce.com as occupying the same SaaS layer, but I can
not see a common API into both.

Continuing to get feedback about what might meaningfully be done at
other layers is an important function: this does not require
documents/IPR as much may require a spokesperson (with a travel budget),
secretary (I do not mean "Working 9-5" type, long nails and a
typewriter. I mean a person to record decisions, issue minutes, etc.),
event organization, and the like.

Those are my views.

- --
] Y'avait une poule de jammé dans l'muffler!!!!!!!!! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBSdK4mICLcPvd0N1lAQJ8YwgAgo5vdrpEfBat4K3mA1SBUUYBqaREK5cz
dH8JMy8FYMmtFnRyp+UkHFcfeK8/X24+JAETjd5cTTPTTr8uM8FeDoPywTobjpFc
HcS7d+B0CSihWcJr+PsiA2xQiO/wh6M6VLk03ecYB0iF6kllkdbcVjLAm7GAFXq6
h91IXZO0MAMg+BAMaCFkkbM9ecLFzw5bYBFhMxJuGNVr5rdix6BxrSGQvEU7cxQ3
+4dh7HEVqnUUoJEAIxub7K07o5aYVqHw1yS+aE6vl2sH9gqA2pFQAUkg+MkHIcoG
ZOUTgSdMtZghZ9ZPvQndsjk1tywCSnEAoHgpR0YLn0rWH4QpFwsBbw==
=WQit
-----END PGP SIGNATURE-----