Open Standards

We promote and use open standards while designing and implementing hybrid cloud and distributed application solutions. Modern industry standards enhance interoperability, serviceability and flexibility of your application services and data sources.

Standard Categories

Cloud Computing

Interoperability, portability and security of cloud platforms and environments

  • Network Transport
  • Resource Pooling
  • Cloud Portability
  • Physical Security
  • Measured Usage
  • User Self-service
More details »

Web Services

Discovery, interaction, management and security of application services

  • Message Delivery
  • Message Level Security
  • Trusted Data Exchange
  • Service Management
  • Resource Framework
  • Dynamic Discovery
More details »

Cyber Security

Methods and techniques of protecting information, systems and networks

  • Network Access
  • Identity Federation
  • Access Management
  • Identity Governance
  • Event Management
  • Key Management
More details »

Standard Publications

Cloud Computing Standards

Cloud Provisioning, Management and Protection

Cloud Computing has evolved as a result of synergy between a business-centric concept of service outsourcing and a technology-centric notion of utility computing. It has become more than just another IT trend: an opportunity to further align and advance the goals of the business with the capabilities of technology.

The use of managed platform or infrastructure capacity allows organizations to benefit by incrementally leveraging a more significant capital investment made by a cloud service provider. Cost advantages of cloud-based services will continue to impact commercial marketplace in terms of how commercial IT infrastructure is acquired, maintained and dynamically scaled. That said, cloud migration initiatives need to be approached with caution, in order to maximize the use of open standards and ensure independence from specific cloud platforms and service providers.

Growing popularity of deploying business applications in the cloud environment is complementary to service-based enterprise transformation. Given the distributed nature of cloud-based services, system integration and data sharing capabilities will have to get more streamlined across a broader portfolio of inter-connected, separately managed systems. Application service governance platforms and processes need to be enhanced to provide more efficient discovery, data transformation and usage control functions to accommodate cloud deployment models.

The IT industry is evolving multiple initiatives focusing on standardizing specific aspects of Cloud Computing, such as portability across cloud platforms, cloud-centric security controls and service provider requirements.

cloud

Cloud environment is characterized by a shared pool of system resources and distributed services that can be rapidly provisioned with minimal effort.

Technology infrastructure, enterprise platforms and domain-specific applications are delivered "as a service" to their consumers.

Cloud deployment models range from private, community and public to any combination of the above (known as hybrid), where they remain unique entities bound together by common technologies.

Cloud Ecosystem

The Cloud Ecosystem of an enterprise provides critical enabling capabilities to meet growing market demand for greater business agility and cost-effectiveness.

View details »
Open Containers

A vendor-neutral, portable runtime environment helps deliver on the promise of containers, which can function across cloud platforms and service providers.

View details »
Cloud Security

Cloud security services provide a broad set of capabilities to protect system data, customer information, application functions and infrastructure services.

View details »
Cloud Operations

Cloud Computing can become more valuable if automatic provisioning and management of cloud-based services is uniform across hosted environments.

View details »

Web Services Standards

Web Services Description, Invocation and Governance

The first generation of web services standards collectively referred to as WS-* established a basic framework for metadata definition, messaging, access control and distributed management, among other aspects. There is no recognized owning body across this specification category, and neither there is an industry agreement on which alternative standards should be used to address any specific aspect of service utilization.

A fast-growing, broad adoption of web services by enterprises has prompted for the emergence of a new wave of standards required to simplify the delivery, composition, invocation and maintenance of the underlying system components. While the initial set of WS-* specifications assumed then widely-used XML as the mainstream message format, the new architectural style known as Representational State Transfer (REST) lifted this constraint and proposed interpreting services as simple web resources identified by their URL. An increasingly popular and more browser-friendly messaging format for RESTful web service payload, JavaScript Object Notation (JSON) became a catalyst for alternative, simplified methods of service description, invocation and validation.

Web services security has become another area subject to simplification: the industry came up with a number of new standards around single sign-on, identity federation and delegated access control that would apply to web resources in general, whether those be human-readable web pages or system-oriented web services.

The rising popularity of Cloud Computing, micro-services and agile development have challenged traditional standards and techniques related to monitoring and managing web services. To ensure ease-of-use and reduce integration complexity, more and more initiatives are utilizing API Management techniques.

service

Web, or application services are well-defined, discrete units of business logic utilized for machine-to-machine communication using standard web protocols.

Contract-first technique ensures that any changes internal to the service producer or consumer do not affect message exchange between them, as outlined in the service definition.

Increasingly popular RESTful services allow the requesting systems to access and manipulate textual representations of web resources by using a uniform and predefined set of stateless service operations.

Service Metadata

A machine processable description of application service contracts facilitates the API adoption in mixed environments spanning organization boundaries.

View details »
Service Messaging

Application layer messaging protocols and interface descriptions formalize client-server interactions that use generally-adopted data interchange formats.

View details »
Service Security

Application service security enhancements ensure confidentiality and integrity of exchanged messages, while enforcing identity verification and API access control.

View details »
Service Operations

Managing a logical network of application services is critical for organizations that deploy web resources to automate and integrate their business functions.

View details »

Cyber Security Standards

Information Confidentiality, Integrity and Disclosure

Information security has been always viewed business-critical yet extremely complex subject with any technology solution implementation. Making computing platforms and application services more independent and distributed only increased the complexity factor, as in case of single sign-on and entitlements management for the initial set of WS-* and web related specifications. Market demand for information delivery over multiple channels, such as mobile, social media and IoT-centric networks has made private data protection even more challenging.

In the meantime, broader usage of Internet inadvertently provided cyber criminals with a more convenient access to sensitive digital assets originally intended strictly for commercial or individual private use. The need for adoption of the Information Security standards and best practices is higher than ever, as more distributed and easier accessible private data requires advanced threat protection methods and tools.

Luckily, cyber security standards have also evolved, specifically in the area of IT security practices, cloud protection, information privacy, electronic payments and processes adopted by federally regulated financial institutions. Many of them have become the basis for obtaining industry or regulatory compliance certifications, often indicating organizational readiness to protect customer information and mitigate shared risks.

security

Cyber security covers a wide range of policies, standards, concepts, best practices, safeguards, risk management techniques and control assurance processes.

Security and privacy controls together with associated policies and procedures protect organizational operations, digital assets and individual private information.

Information protection methods, practices and tools are derived from legislation, industry standards, executive orders and business needs.

Security Techniques

Through the use of Information Security techniques, organizations develop and implement a framework for protecting their digital assets.

View details »
Information Privacy

Information privacy controls and procedures are aimed at protecting electronic data that is collected, used or disclosed in certain circumstances.

View details »
Payment Security

Payment industry standards and practices were developed to encourage payment data protection, and facilitate the broad adoption of consistent security measures.

View details »
Federal Security

Public laws and security guidelines for government agencies define minimum requirements for federal information systems and associated processes.

View details »