CADF Cloud Auditing Data Federation Working Group (CADF)
- David Corlette, NetIQ Corporation
- Matthew Rutkowski, IBM
Problem Space and Environment
Concerns over cloud provider security remain one of the top inhibitors to adoption of cloud deployment models. Potential consumers of cloud deployments understand and need assurance that the security policies they require on their applications are consistently managed and enforced “in the cloud” as they would be in their enterprise.
A cloud provider’s ability to provide specific audit event, log and report information on a per-tenant and application basis is essential. It is apparent that in order to meet these customer expectations, cloud providers must provide standard mechanisms for their tenant customers to self-manage & self audit application security that includes information about the provider’s hardware, software and network infrastructure used to run specific tenant applications.
We propose that the best way to address these requirements is by developing open standards for cloud auditing. These standards would support the submission and retrieval of normative audit event data from cloud providers in the form of customized reports and logs that can be dynamically generated for cloud customers using their criteria. Adoption of such open standards by cloud providers’ management platforms would go far to instill greater trust in “cloud hosted applications” and be a significant step forward in fulfilling the promise of an open cloud marketplace.
Current Workgroup Deliverables
|DMTF Standard Publication Identifier||Document Title||Target Version||Target Release Date|
|DSP2028||CADF Use Case White Paper||1.0.0||In Development|
|DSP0262||CADF Data Format and Interface Definitions Specification||1.0.0||2014Q2|
|DSPxxxx||CADF Primer||1.0.0||In Development|
|DSP1071||CADF Profile For OpenStack||1.0.0||In Development|
Visit the CADF Workspace (members-only).
Expired Work in Progress Documents
|DSP #||Version||Title||Date||Comments||Expiration Date|
|DSP2028||1.0.0a||Cloud Auditing Data Federation (CADF) Use Case White Paper||27 Jun 2012||
WIP expired: October 30, 2012
|1 Jan 2013|
|DSP0262||1.0.0c||Cloud Audit Data Federation (CADF) - Data Format and Interface Definitions Specification||24 Feb 2014||
.pdf file. DMTF Work-In-Progres, expiring: 2014-03-31
|31 Mar 2014|
|DSP0262||1.0.0b||Cloud Audit Data Federation (CADF) - Data Format and Interface Definitions Specification||8 Jul 2013||
.pdf file. DMTF Work-In-Progress, expiring: 2013-07-31
|31 Jul 2013|
|DSP0262||1.0.0a||Cloud Auditing Data Federation (CADF) - Data Format and Interface Definitions Specification||17 Oct 2012||
.pdf file. DMTF Work-in-Progress, expiring: January 31, 2013
|18 Jan 2013|
Search for Standards
Recent CADF News
DMTF Feedback Policy
The DMTF welcomes feedback on our standards, but requires that individuals submitting comments first agree to our DMTF Feedback Policy.
Subscribe to Cloud Announcements List
Subscribe to the Cloud Announcements List to receive updates on news and activity.
Contact CADF WG
For questions, please complete our Contact a Working Group form.