Great news -
The Tools working group needs to ramp up against our stated goals and
mission. The last few weeks have been busy for most, so I'd like to
use this coming week to get things back into gear. Here's where we
stand:
1- Need to differentiate between PROVIDER and CONSUMER Tools.
Example, CloudAudit could quickly produce a validation/syntax checking
tool for service providers to validate namespace form and format,
links, file locations, and other structural components of cloudaudit
services. This would be part of the reference implementation for
PROVIDERS.
2 - Certification and how far should we go - The goal is not to become
a CloudAudit certification body, but to produce the standards and tool
reference specifications that official certification bodies can elect
to use as part of their services.
3- Namespace DATA requirements and what it means to the Tools W/G -
the Standards W/G has the objective to produce data requirements for
each framework namespace. Tools w/g should focus on the capabilities
need to reliably and securely "fill the data in (PROVIDER), and use
the data (CONSUMER)". Tools need to be audit-able.
4- Make-up of W/Gs - do we have this right? Should the Consumer and
Provider teams working as subgroups to the Tools W/G?
5- Use Case Workflow - need to select one or two use cases and design
a workflow to show the interaction between CONSUMER Tools and PROVIDER
Tools.
The Tools group was also asked to look at an incorporate the CSC Trust
Cloud Protocol and aspects of SCAP relative to consumer and provider
tool requirements.
Next meeting announcement for 10/22 due out shortly.
Mike