network concept (Sashkin/

NIST outlines principles of federated community clouds

To help IT program managers implement a federated community cloud, the National Institute of Standards and Technology has issued a draft architecture that describes the basics of hybrid and community cloud deployment models  through the interactions of the actors and their roles related to trust, security and resource sharing and usage.  

Community clouds can be described as infrastructure shared by organizations with common interests, such as scientific data or computing sharing, public safety, disaster response or supply chain management.  These systems need governance and processes that allow users to work across different cloud environments. This federated community cloud requires "technical policies, credentials, namespaces, and trust infrastructure" that span multiple service providers’ physical environments, according to NIST's draft Cloud Federation Reference Architecture.

The CFRA describes a federated cloud in terms of six actors -- the federated cloud consumer, provider, operator, broker, auditor  and carrier -- along with their functional behaviors and interactions. It also identifies the necessary governance for each stage in the lifecycle and describes how the pieces of the architecture of a federation interact.  NIST then discusses federation deployment models, their implementation approaches and how they affect performance, governance, trust relationships and scalability.

The draft also reviews existing standards and tools relevant to general federation functions and suggests additional standards needed to make federations truly general and easy to use, such as application programming interfaces and a federation markup language. Appendices include cloud federation terms and definitions and two example use cases.

NIST acknowledges the architecture needs to be fleshed out in several areas.

"Many of the concepts presented here need to be examined in much more depth. The possible areas of standardization have only been described in very general terms. Not all areas have been given equal attention," the document says, and "much more experience and specifics are needed."

Comments are due Sept. 20. Read the full draft here.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected