The transparency of cloud infrastructures is a systemic challenge to industry.
Internal or external stakeholders of a cloud infrastructure may want to publish or verify data about its operational, resiliency, or security properties. However, there are no specifications for common data structures, protocols, or measurement algorithms to transparently demonstrate evidence of those properties at once or over a time interval. This document proposes an architecture that specializes transparency service architecture for providers of cloud infrastructures to publish evidence of security properties with verifiable digital signatures. Providers of cloud infrastructures, their consumers, or external auditors publish counter-signatures to verify multi-party evaluation and verification of this evidence, known as a mutual monitoring network.
The source code from github.com/aj-stein/conmotion at the linked commit generated this copy of the specification, supporting documentation, and related code.