Making the cloud work: The federation connection

Getting Google Wave or any mega-sharing, browser-based application work for government boils down to trust

In my previous column (“Google Wave Could Crush the Competition,” Jan. 11), I raised some questions about how Google’s Web applications, principally Wave, fit with policies regarding ownership and custodianship of data. Of information stored in Wave’s piece of the Google cloud, I asked, “Will it commingle with nonfederal data? Is that OK?” Surprisingly enough, someone at Google took the time to write me a response. It’s not every day in academia that someone reaches out and answers your questions.

I was sent a pointer to the Google Wave Federation Architecture white paper, a straightforward, high-level concept piece on how Wave's server-to-server communications will work. The company realizes that most organizations will not want to simply toss their information on Google’s server or one maintained by a random service provider. That is especially true of the federal government. Agencies operate under the provisions of the Office of Management and Budget’s Circular A-130, which contains guidance about data custodianship. With Wave, Google understands that some folks — for instance, the federal government — might want their own Google boxes, appliances or services that live someplace other than Google’s data centers.

Making Wave or any other mega-sharing browser-based application work for government or most other large organizations essentially boils down to the issue of trust. People inside and outside government might want to work together and share information, but they have to trust one another to do it. Technologists and policy-makers view trust differently. Google’s white paper has the right technical pieces to make a computer engineer or information systems director happy. Wave’s network protocol is largely borrowed from the Extensible Messaging and Presence Protocol, a set of Extensible Markup Language technologies used by Apple iChat and Jabber. Transport Layer Security handles authentication and encryption of connections. Those and other well-understood protocols allow Google’s engineers to say they have thought about a federated model for the control of information.

But what does that mean in practice? Let’s dig out information security’s favorite cardboard cutouts. Alice and Bob, who work at different organizations, can create waves, with the component wavelets each of them produces sitting on their server and replicated to others. Wave has a good idea of what Alice or Bob wrote or added and where each resides by assigning lots of unique ID numbers and tying them to Alice's or Bob’s Wave server. The behind-the-scenes server-to-server connection allows them to communicate while keeping out that ever-malicious Eve, who’s had a bad rep since the days in the Garden.

Government approaches the issue of trust a bit differently. It’s also thinking about federation — the problem of how trustworthy folks can share information and work together. But instead of thinking in terms of computer code, it’s more about that other code, the legal stuff. The good news is that people in the U.S. government are thinking about it. The bad news is that it’s complicated. More on that in next month’s installment.

About the Author

Chris Bronk is a research fellow at Rice University’s Baker Institute for Public Policy and an adjunct instructor of computer science at Rice. He previously served as a Foreign Service Officer and was assigned to the State Department’s Office of eDiplomacy.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group