Call for Participation: OASIS Public Administration Cloud Requirements (PACR) TC

A new OASIS technical committee is being formed. The OASIS Public Administration Cloud Requirements (PACR) Technical Committee has been proposed by the members of OASIS listed in the charter below. The TC name, statement of purpose, scope, list of deliverables, audience, IPR mode and language specified in the proposal will constitute the TC's official charter. Submissions of technology for consideration by the TC, and the beginning of technical discussions, may occur no sooner than the TC's first meeting.

The eligibility requirements for becoming a participant in the TC at the first meeting are:

(a) you must be an employee or designee of an OASIS member organization or an individual member of OASIS, and

(b) you must join the Technical Committee, which members may do by using the Roster "join group: link on the TC's web page at [a].

To be considered a voting member at the first meeting:

(a) you must join the Technical Committee at least 7 days prior to the first meeting (on or before 21 February 2013); and

(b) you must attend the first meeting of the TC, at the time and date fixed below (28 February 2013).

Participants also may join the TC at a later time. OASIS and the TC welcomes all interested parties.

Non-OASIS members who wish to participate may contact us about joining OASIS [b]. In addition, the public may access the information resources maintained for each TC: a mail list archive, document repository and public comments facility, which will be linked from the TC's public home page at [c].

Please feel free to forward this announcement to any other appropriate lists. OASIS is an open standards organization; we encourage your participation.



[b] See



The charter for this TC is as follows.


(1)(a) Name

OASIS Public Administration Cloud Requirements (PACR) Technical Committee

(1)(b) Statement of Purpose

Governments are evaluating the use of, and increasingly converting many of their information and communication technology ("ICT") systems to cloud and other remote distributed computing services and installations. The nature of these relatively novel systems requires some re-examination of the public policy and government responsibility requirements generally applied to ICT functions on which public administrations rely, including their:

- Safety, reliability, stability and minimal risk;

- Legislative conformance;

- Regulatory compliance;

- Degree of control and auditability by or on behalf of the responsible public administration;

- Reliance on and vulnerability to single sources, vendors, formats, applications or computing protocols;

- Usability and extensibility of data and data functions by anticipatable stakeholders;

- Portability of data;

- Portability and composability of data functions across multiple systems and clouds operating in concert;

- More agile enhancement and maintenance and multi-site resilience;

- Cost effectiveness; and

- Skills needs.

The increased speed, functionality, reach and efficiencies sought and availability from cloud computing methods in some cases puts unique stresses on the foregoing conventional ICT requirements, and may also give rise to special needs not encountered or well defined in segregated, stand-alone computing installations.

Some work has been done (as cited below) in creating typologies of cloud computing service function levels, and towards models of services; and several recently-formed coalitions have proposed requirements lists at one or another level of cloud activity, some of which are beginning to form a web of partially overlapping and disjointed mass of specifications and candidate standards.

However, there is little help available to governments to integrate those lists into common, readily-understood rules that inform procurement, auditable assurance and conformance testing and acquisition criteria; and little or no openly available, vendor-neutral information mapping of such requirements to the rather large but loosely-organized body of existing ICT standards.

The foregoing state of affairs can lead to haphazard, constantly-changing criteria; serious difficulties in comparing or evaluating possible cloud services; accidental data architectures (or none at all); and a failure to take advantage of easily-used but hard-to-define bodies of existing openly-available work. The Public Cloud (PACR) TC will draw together a common set of attributes and operational requirements that are relevant to public administrations, at each of the major service levels of cloud systems, and show the relationships (where applicable) to existing open standards and published governmental works that supply methods of measurement and definition.

(1)(c )Scope of the TC's work

The committee will develop a set of common required functional elements, and measurable criteria or qualities that should be present in cloud computing services or installations employed by public administration entities, whether purchased, hired or self-created and self-installed.

In this context, "should be present" refers to aspects of a cloud service or installation that are likely to be necessary to reflect public sector risk profiles in order to satisfy the public policy aspects, governmental reliability and stability requirements, responsibility to citizens and constituent stakeholders, and broad, platform-neutral accessibility that generally are expected and desirable from useful, long-term government ICT resources. In essence the work will form a ‘profile’ of government requirements, drawn from and informed by existing works.

Out of Scope: The TC's deliverables will not recommend or require the use of specific tools, products, technologies, software systems or branded commercial or non-commercial services. However, the TC may demonstrate implementation by publishing ‘profiles of the PACR profile’ based on specific protocols, and may identify which tools are used in connection therewith where needed to permit replication of results.

(1)(d) Deliverables

Within 18 months of the TC’s first meeting it will look to deliver a measurable and auditable implementation/conformance profile for government i.e. the features that governments want to see in cloud offerings to government. The profile will include as a minimum the following:

1 A base set of required attributes, expressed as architecture-neutral functional features, that generally should be sought in any cloud or remote computing infrastructure employed by or on behalf of governments (including computer networking, network management, data storage and shared repository, multi-site resilience, abstracted hosting environment, service or device management and virtualization management).

2 A base set of required attributes, expressed as architecture-neutral functional features, that generally should be sought in any cloud or remote computing platform services employed by or on behalf of governments (including common transactional, eventing, notification and messaging operations such as middleware and enterprise service buses, and interaction patterns and protocols among autonomous physical or virtual machines).

3 A base set of required attributes, expressed as architecture-neutral functional features, that generally should be sought in any cloud or remote computing data application services employed by or on behalf of governments (including application program interfaces (APIs) and end-user software applications).

Thereafter the TC will look to deliver:

4 If deemed useful and feasible, identification of existing ICT standards and openly-available, vendor-neutral specifications that are available to implement and measure the requirements of the profile.

5 If deemed useful and feasible, gap analysis identification of those requirements where additional openly-available methods are needed for implementation and measurement.

6 If deemed useful and feasible a government Cloud Reference Model that would include amongst other aspects a common taxonomy of government services and a shared information model.

The deliverables shall:

a. Be vendor-neutral and product-agnostic. (The TC may elect to point to or provide proof-of-concept instances of specific protocol uses, but will strive for catholicity and multiple examples, and facilitate ease of implementation regardless of protocol choices.)

b. Wherever feasible, specify and explain methodologies for compatibility with legacy system integration and incremental adoption.

(1)(e) IPR Mode

The committee will operate under the Non-Assertion Mode of the OASIS IPR Policy.

(1)(f) Anticipated audience

- Government units and other entities responsible for data and computing resources employed in public administration, particularly those who have migrated or are evaluating migrating to cloud computing architectures.

- Market participants, who consume, rely on and transact with those resources.

- Regulators and policymakers with an interest in the procurement, control, interoperability, auditability, certification and accreditation of cloud resources.

- Providers of cloud computing services, devices and advisory assistance who support the evaluation, initialization, migration, maintenance and monitoring of cloud computing services and installations.

- Data integrators for the products & services used by the foregoing.

- Providers of certification and accreditation services.

(1)(g) Language

The TC will conduct its business in English but will strive to translate its deliverables in a number of non-English languages. The TC may elect to form subcommittees that produce localized documentation of the TC's work in additional languages.

(2) Additional Non-normative Information

(2)(a) Similar or applicable work

The proposers are unaware of any currently published work that covers the entire scope described here. Some elements of the PACR project may be informed by or related to the following:

- OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) Technical Committee

- OASIS Identity in the Cloud Technical Committee, and particularly its ID-Cloud Gap Analysis Data Collection (cataloguing distributed identity service use cases)

- OASIS Transformational Government Framework Technical Committee, and particularly its TGF Pattern Language Core Patterns (cataloguing, among other things, policy goals for ICT egov operations in a controlled vocabulary)

- ISO/IEC JTC1/SC38 (Distributed application platforms and services) Working Group 3 on Cloud Computing, and particularly its Use case Analysis Methodology and Principle of Cloud Service Delivery

- The European Interoperability Framework, v2, European Commission (2010)

- ODCA Open Data Center Usage Models (June 2011 and March 2012) and Master Usage Models (November 2012)

- SOA Reference Model v1.0, OASIS Standard (2006)

- SOA Governance Framework v1, The Open Group (2009)

- OASIS Test Assertions Guidelines (TAG) Technical Committee

- Cloud Audit ("A6") Project, Cloud Security Alliance

- DMTF Common Information Model ("CIM") v2.30.0 (2011)

- DMTF Open Virtualization Format ("OVF") v1.1.0 (2010)

- OASIS Privacy Management Reference Model (PMRM) Technical Committee

- TM Forum Digital Services Initiative

- TM Forum Shared Information Framework (SID)

- OMG Cloud Working Group – Cloud Acquisition RFI (2012)

- Kantara Initiative CloudIDsec WG

- NIST Cloud Computing Technology Roadmap

- SIENA European Roadmap on Grid and Cloud Standards for e-Science and Beyond

(2)(b) Date & time of first meeting

The first meeting of the PACR TC will be a teleconference to be held on Thursday 28th February 2013, 18.00 to 19.00 Central European Time. This teleconference will be sponsored by iFOSSF.

(2)(c ) Ongoing meeting schedule

It is anticipated that the PACR TC will meet via teleconference every month for 60 minutes at a time determined by the TC members during the TC's first meeting. It is anticipated that the PACR TC will meet face-to-face every 12 months at a time and location to be determined by the TC members. TC members will determine the actual pace of face-to-face and teleconference meetings. One of the proposers, as listed below, will sponsor the teleconferences unless other TC members offer to donate their own facilities.

(2)(d) Participants

The names, electronic mail addresses, and membership affiliations of at least Minimum Membership who support this proposal:

- Adil Soussi Nachit,, Belgian SPF Finances

- John Borras,, Individual

- Peter Brown,, Individual

- Neil McEvoy,, iFOSSF

- Colin Wallis,, New Zealand Government

(2)(e) Statements of Support

- Arnaud Martens,, Belgian SPF Finances: “As primary representative for Belgian SPF Finances I confirm our support for this charter and endorse our proposer listed above. We support the charter of the proposed new “Public Administration Cloud Requirements” TC as an added-value initiative to deliver a map of requirements to help public organizations going into the cloud computing."

- Neil McEvoy,, iFOSSF: “As primary representative for the iFOSS Foundation I confirm our support for this charter and endorse our proposer listed above. We are pleased to support the work of this new TC which is looking to fill a very important gap in the standards for deploying Cloud services.”

- Colin Wallis,, DIA, New Zealand Government: “As primary representative for DIA in the New Zealand Government I confirm our support for this charter and endorse our proposer listed above. The Department participated in the Discussion Group leading up to this proposal. In consideration of those discussions, the Department concurs that governments' requirements are sufficiently differentiated from corporate enterprises to warrant the establishment of this Technical Committee.”

(2)(f) Convener

The convener is John Borras.

(2)(g) Member Section Affiliation

The TC intends to request affiliation with the OASIS eGov Member Section.

Associated TC: 
Associated MS: