Fwd: Re: [T17Q8] output document of X.ccsec
0 views
Skip to first unread message
Tony Rutkowski
Jul 10, 2013, 9:00:12 AM7/10/13
to Mark Carlson, CloudSt...@googlegroups.com
Hi Mark,
This is from the ITU's SG17 cloud security list.
Their rapporteur meeting in Guandong just
wrapped up today.
--tony
-------- Original Message --------
This is from the ITU's SG17 cloud security list.
Their rapporteur meeting in Guandong just
wrapped up today.
--tony
-------- Original Message --------
| Subject: | Re: [T17Q8] output document of X.ccsec |
|---|---|
| Date: | Wed, 10 Jul 2013 08:47:13 -0400 |
| From: | Tony Rutkowski <to...@yaanatech.com> |
Hi Huirong,
It seems worth noting that you have also uploaded
a draft report of the meeting and text for X.sfcs to
the group's ftp site.
You might differentiate in the report between who
actually attended the meeting and those who
simply called in.
The report indicates that X.ccsec is planned for
determination 2013-08. Clearly this cannot occur
given the immature and evolving state of the
document, as well as external collaboration on
basic terms and architecture.
There are substantial inconsistencies between
the description of X.ccsec in the Summary versus
the Scope of the document. It clearly *does not*
"describe the security framework for cloud computing."
In fact, the text as it has emerged is little more than
a rendition of focus group material from several years
ago rather than any kind of real Recommendation.
By contrast, useful material and work by the actual
participants in this sector can be found ongoing at:
http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf
Since it is the NIST SP and similar work that will actually
serve as the basis for evolution of the industry and
technology, would it not make sense to leverage that
work at some point in the future rather than keeping
the X.ccsec juggernaut going among a handful of people?
--tony
On 7/10/2013 3:04 AM, tianhuirong wrote:
It seems worth noting that you have also uploaded
a draft report of the meeting and text for X.sfcs to
the group's ftp site.
You might differentiate in the report between who
actually attended the meeting and those who
simply called in.
The report indicates that X.ccsec is planned for
determination 2013-08. Clearly this cannot occur
given the immature and evolving state of the
document, as well as external collaboration on
basic terms and architecture.
There are substantial inconsistencies between
the description of X.ccsec in the Summary versus
the Scope of the document. It clearly *does not*
"describe the security framework for cloud computing."
In fact, the text as it has emerged is little more than
a rendition of focus group material from several years
ago rather than any kind of real Recommendation.
By contrast, useful material and work by the actual
participants in this sector can be found ongoing at:
http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf
Since it is the NIST SP and similar work that will actually
serve as the basis for evolution of the industry and
technology, would it not make sense to leverage that
work at some point in the future rather than keeping
the X.ccsec juggernaut going among a handful of people?
--tony
On 7/10/2013 3:04 AM, tianhuirong wrote:
If there's any comment, pls let me know. We'll continue to improve this document through correspondence group of X.ccsec, and upload the revised output to the ftp server.
Reply all
Reply to author
Forward
0 new messages