Oracle celebrates World Standards Week

Oracle is committed to building standards-based products to reduce complexity and help customers get the most out of their existing technology investments. We build products on standards developed by international organizations and industry consortia, and strive to comply with market-accepted standards, to provide our customers with interoperability, choice, and lower costs.

Oracle participates actively in more than 100 standards-setting organizations and more than 300 technical committees, and thousands of our employees are actively engaged in standards or open source projects. These employees contribute to efforts ranging from Java and Linux to Kubernetes. For more information, see Standards at Oracle.

In recognition of World Standards Week, we want to share some recent standards updates from ANSI, ISO, and OASIS that highlight Oracle’s standards leadership, represented by members of the Oracle External Standards and Community Engagement team, Dr. Elaine Newton and Dr. Anish Karmarkar.

American National Standards Institute (ANSI)

On October 11, Oracle’s Dr. Elaine Newton spoke on a panel at the American National Standards Institute (ANSI) World Standards Week event. The conference discussed synergies and shared interests in standards, and Dr. Newton participated in a panel about the politicization of standards. ANSI is a private, nonprofit organization that coordinates the voluntary standards and conformity assessment activities in the US. The institute represents the interests of more than 270,000 companies and organizations, including hundreds of US-based entities that develop standards. ANSI brings these communities together to support and respond to national priorities.

The panel, summarized in this article, was moderated by Ajit Jillavenkatesa, senior standards policy legal advisor at Apple, and included the following other panelists:

• Ken Ko, managing director, Broadband Forum
• Jessica Fitzgerald-McKay, co-lead, Center for Cybersecurity Standards, National Security Agency
• Dawn Shackleford, executive director for Trade Agreements, Policy, and Negotiations, U.S. Department of Commerce, International Trade Administration
• Carter Eltzroth, legal director, DVB Project

Dr. Newton shared her observations about the value of global standards—including open membership and consensus-based decision-making—and how governments and standards developing organizations (SDOs) can continue to support market-driven standards and avoid fragmentation of the market.

International Organization for Standardization (ISO)

Both Dr. Newton and Dr. Karmarkar represent Oracle in several key standards being developed in ISO, the International Organization for Standardization.

ISO/IEC 270001

ISO/IEC 27001 provides guidance for the establishment and continuous improvement of an information security management system (ISMS) within the context of an organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organization.

For many years, Dr. Newton has participated in the development of international information security, cybersecurity, and privacy protection standards under ISO/IEC as part of Joint Technical Committee 1 (JTC 1) Subcommittee 27 (SC 27). This committee develops and maintains standards such as the widely adopted standard ISO/IEC 27001. Standards published by SC 27 address cryptographic methods, common criteria, identity management, IoT security, and protecting personally identifiable information (PII).

Dr. Newton is currently involved in the revision of ISO/IEC 27017, a set of guidelines for information security controls applicable to the provision and use of cloud services. It provides additional implementation guidance for relevant controls specified in ISO/IEC 27002 and guidance that specifically relates to cloud services.

Oracle’s Cloud Compliance site provides information about third-party attestations (certifications) based on standards such as ISO/IEC 27001 and 27017.

ISO/IEC JTC 1/SC38

Oracle Senior Director and Standards Architect Dr. Karmarkar serves as the chair of the ISO/IEC Cloud Computing and Distributed Platform subcommittee (JTC 1/SC 38). An important standard coming out of SC 38 is ISO/IEC 5140, the international standard on multicloud. Dr. Karmarkar is the editor of this standard, which has reached the Final Draft International Standard (FDIS) stage. The SC 38 national standards bodies will soon be voting on the FDIS ballot. It’s important to note that no more technical changes can be made at this stage; only editorial changes are allowed.

The ISO/IEC 5140 cloud computing standard covers multicloud, hybrid cloud, intercloud, and federated cloud. It provides an overview of concepts that involve multiple cloud service providers (CSPs) in creating a cloud solution. In addition to the concepts, it delves into the challenges and benefits of various cloud deployment models that involve multiple CSPs.

Face to Face Plenary Meeting

After publishing the ISO/IEC 22123 series, the foundational cloud computing standards on vocabulary, concepts, and reference architecture, ISO/IEC JTC 1/SC 38 concluded its face-to-face plenary meeting on September 22, 2023. Approximately 40 delegates from 15 national standards bodies attended the meeting to advance their work program. Opening remarks were provided by Mary Saunders of ANSI, who provided insights into the role of standards in policy and regulations. The meeting was chaired by Dr. Karmarkar, who also gave the opening and closing remarks.

The subcommittee and its working groups met over the week to approve four new projects. The following projects are currently being balloted for approval by the SC 38 national standards bodies:

• ISO/IEC 11034: Information technology – Cloud computing – Trustworthiness in cloud computing
• ISO/IEC 20996: Information technology – Cloud computing – Cloud service customer business continuity and resilience
• ISO/IEC 20151: Information technology – Cloud computing and distributed platforms – Dataspaces concepts and characteristics
• ISO/IEC 19274: Information technology – Cloud computing and distributed platforms – Networking in cloud computing and edge computing

In addition, SC 38 approved revising ISO/IEC 19941:2017 Information technology — Cloud computing — Interoperability and portability. The new revision will address interoperability and portability concerns, including those related to switching service providers, that have emerged since it was published in 2017.

OASIS

Another standards organization for which Oracle provides leadership is OASIS. Dr. Karmarkar was re-elected  to serve on the OASIS Board of Directors in July 2023. He has served on the OASIS Open Board of Directors since 2021 and will serve for two additional years until 2025. OASIS is a member-driven, non-profit organization that provides an open and transparent collaboration environment for both standards and open source. The OASIS Board of Directors is composed of executive-level officers with fiduciary duty and is responsible for oversight, strategy, and governance of the organization.

Dr. Karmarkar is also a member of the OASIS Board of Directors Governance, Process, and Finance and Audit committees. OASIS Open is home to many standards and open projects, including those for cloud computing, cybersecurity, privacy, blockchain, IoT, and various content technologies. OASIS recently published a Q&A with Dr Karmarkar sharing his perspectives on the organization.

Celebrate Standards Week

Please join Oracle in celebrating the important work of these international standards bodies during World Standards Week. Oracle builds products on standards developed by international organizations and industry consortia and strives to comply with market-accepted standards to provide our customers with interoperability, choice, and lower costs. For more information, see Standards at Oracle.