Certification approach in DOME
EU Cloud Rulebook will comprise different types of schemes, regulations and standards. DOME compliance model will focus on certification schemes and standards which cover the most relevant schemes and frameworks to be included in the EU Cloud Rulebook. The approach to be followed in DOME is incremental starting by supporting the certification compliance assessment to widely adopted schemes (ISO based in the first version) and incrementally supporting the rest of the schemes to be defined in the Cloud Rule book. The objective of is to automate as much as possible the compliance assessment process so that no "human" intervention is needed. Nevertheless, and due to a number of limitations on the CABs and other stakeholders to support the automation of some parts of the process (i.e. lack of available APIs to check and assess the existence and correctness of the certificates in a form of automatically exposed Register of Adherence, lack of support to verifiable credentials approach from the certificates issuers, etc) DOME foresees to implement different levels of support to the automatic checking of the certificates.
The main objectives of the compliance support in DOME are:
-
Develop a formal process to verify the compliance against reference standards.
-
Develop a methodological framework supported by tools to verify the compliance against reference standards during the on-boarding process.
-
Develop tools to automatically monitor the validity of the certificates.
-
Develop tools to continuously monitor that security requirements are being fulfilled through the continuous assessment of the validity of the certificates.
To this end, DOME will guarantee that services in the platform are certified checking the validity of the related certificates. It is worthy to note, that DOME won't certify services, but will rely on valid certificates from official certificates issuers.