network concept (Sashkin/

NIST outlines principles of federated community clouds

To help IT program managers implement a federated community cloud, the National Institute of Standards and Technology has issued a draft architecture that describes the basics of hybrid and community cloud deployment models  through the interactions of the actors and their roles related to trust, security and resource sharing and usage.  

Community clouds can be described as infrastructure shared by organizations with common interests, such as scientific data or computing sharing, public safety, disaster response or supply chain management.  These systems need governance and processes that allow users to work across different cloud environments. This federated community cloud requires "technical policies, credentials, namespaces, and trust infrastructure" that span multiple service providers’ physical environments, according to NIST's draft Cloud Federation Reference Architecture.

The CFRA describes a federated cloud in terms of six actors -- the federated cloud consumer, provider, operator, broker, auditor  and carrier -- along with their functional behaviors and interactions. It also identifies the necessary governance for each stage in the lifecycle and describes how the pieces of the architecture of a federation interact.  NIST then discusses federation deployment models, their implementation approaches and how they affect performance, governance, trust relationships and scalability.

The draft also reviews existing standards and tools relevant to general federation functions and suggests additional standards needed to make federations truly general and easy to use, such as application programming interfaces and a federation markup language. Appendices include cloud federation terms and definitions and two example use cases.

NIST acknowledges the architecture needs to be fleshed out in several areas.

"Many of the concepts presented here need to be examined in much more depth. The possible areas of standardization have only been described in very general terms. Not all areas have been given equal attention," the document says, and "much more experience and specifics are needed."

Comments are due Sept. 20. Read the full draft here.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected