Developing and Testing On-line Retail Storefront Application - Use Case

[DCR]

This post is a continuation in support of developing Version 3 of the
Cloud Computing Use Cases White Paper
( http://groups.google.com/group/cloud-computing-use-cases ). We
welcome your comments at either the Use Cases White Paper or as a
direct response to this post.

This use case is intended to highlight the need for federated
configuration management by showing how an open cloud marketplace
permits customers to choose to utilize different cloud providers to
manage an application during its early life cycle.

Use Case: Developing and Testing On-line Retail Storefront Application
can be found at http://su.pr/1l9UT4

Description: An online retailer needs to develop and test a new (Web
2.0) storefront application; however, it does not want to burden its
IT staff and existing resources. Instead, two separate public cloud
providers are chosen to provide computing resources; one for
development and another for test of their new application.

More details: The retailer would independently federate trust to each
cloud provider using signed certificates (with keys) from a trusted
cert. source / provider. The certificate and SPML could be used to
"on board" with all policies, roles, identities. The customer would
act as its own identity provider and authorization service (for
simplicity in this use case to feature more of the Config. Mgmt.).
During app development and test the customer can request audit logs
for accesses to its application (perhaps using an XDAS or other open
API). The customer would apply different policies, roles and config.
mgmt. data in the development cloud environment from that used in the
test environment (closer to production configuration) and expect that
any config. mgmt. changes would also be subject to audit logs as well
as any CM changes. The CM changes COULD also perhaps appear as
historical change data in the OVF metadata (portability).

Use Case View: Customer (IT Staff, Software Engineers, QA/Test)

Patterns Featured (potential underlying standards):
- Federated Trust (using signed IEEE X.509 Certificates, SPML
onboarding)
- Security Policy (exchanged using XACML)
- Federated Single Sign-On (FSSO) (using userid/password over HTTP-
SSL)
- Federated Identity Management (FIM) (Customer acts as its own
identity provider and authorization service)
- Federated Access Management (FAM)
- Federated Configuration Management (FCM) (OVF Images/metadata)
- Federated Audit and Compliance (TBD, request access logs/reports
during dev/test lifecycle)

Are there any other standards or considerations for Configuration
Management? Of course, there may be impacts or cross checks against
SLAs during deployments, these could be another use case perhaps?

Are there any ties between standards such as OVF (metadata) and SLA
standards?

Regards, Matt