At March 30th, several vendors, including IBM, Sun, and Cisco, announced an "open cloud manifesto" which pleads for open standards in the cloud. The "open cloud" shall allow choice and flexibility of cloud platforms and cloud providers. A main target is the easy portability of applications. But, if you read that manifesto, you'll find the typical sentences about "openness", "avoiding vendor lock-in", "the need for standards", and so on.

One of the most interesting things with the short and pretty lightweight (to avoid the harsh term of  "meaningless") "manifesto" is which vendors are missing in the list of supporters:

Microsoft,, Amazon, Google

With other words: Several big ones don't participate in that initiative yet. And most of them have established cloud platforms.

That doesn't mean that the noble intention of the initiators of the Open Cloud Manifesto (which isn't that noble given that all of them hope to earn money from the cloud) doesn't make sense. Yes, we need standards. Yes, we need portability of applications between cloud platforms. But some nice words doesn't solve anything.

What we really need are standardizations. For the application packaging, for cloud governance, for cloud management and monitoring, and so on... In some areas we might reuse existing standards like SAML for identity federation, in other areas standards are still missing. Thus, instead of talking about a "cloudy" target of an open cloud world, there should be precise actions. And these should take place in the existing standard bodies like OASIS, W3C, and so on.

Standards are important - not only to the cloud. At the European Identity Conference, May 5th to 8th in Munich, there will be a OASIS pre-conference workshop - and there will be a lot of discussion around the Identity and Governance standards which are required for IAM and GRC, as well for internal services as the cloud. Cloud Governance won't work without such standards.