Making the cloud work: The federation connection

Getting Google Wave or any mega-sharing, browser-based application work for government boils down to trust

In my previous column (“Google Wave Could Crush the Competition,” Jan. 11), I raised some questions about how Google’s Web applications, principally Wave, fit with policies regarding ownership and custodianship of data. Of information stored in Wave’s piece of the Google cloud, I asked, “Will it commingle with nonfederal data? Is that OK?” Surprisingly enough, someone at Google took the time to write me a response. It’s not every day in academia that someone reaches out and answers your questions.

I was sent a pointer to the Google Wave Federation Architecture white paper, a straightforward, high-level concept piece on how Wave's server-to-server communications will work. The company realizes that most organizations will not want to simply toss their information on Google’s server or one maintained by a random service provider. That is especially true of the federal government. Agencies operate under the provisions of the Office of Management and Budget’s Circular A-130, which contains guidance about data custodianship. With Wave, Google understands that some folks — for instance, the federal government — might want their own Google boxes, appliances or services that live someplace other than Google’s data centers.

Making Wave or any other mega-sharing browser-based application work for government or most other large organizations essentially boils down to the issue of trust. People inside and outside government might want to work together and share information, but they have to trust one another to do it. Technologists and policy-makers view trust differently. Google’s white paper has the right technical pieces to make a computer engineer or information systems director happy. Wave’s network protocol is largely borrowed from the Extensible Messaging and Presence Protocol, a set of Extensible Markup Language technologies used by Apple iChat and Jabber. Transport Layer Security handles authentication and encryption of connections. Those and other well-understood protocols allow Google’s engineers to say they have thought about a federated model for the control of information.

But what does that mean in practice? Let’s dig out information security’s favorite cardboard cutouts. Alice and Bob, who work at different organizations, can create waves, with the component wavelets each of them produces sitting on their server and replicated to others. Wave has a good idea of what Alice or Bob wrote or added and where each resides by assigning lots of unique ID numbers and tying them to Alice's or Bob’s Wave server. The behind-the-scenes server-to-server connection allows them to communicate while keeping out that ever-malicious Eve, who’s had a bad rep since the days in the Garden.

Government approaches the issue of trust a bit differently. It’s also thinking about federation — the problem of how trustworthy folks can share information and work together. But instead of thinking in terms of computer code, it’s more about that other code, the legal stuff. The good news is that people in the U.S. government are thinking about it. The bad news is that it’s complicated. More on that in next month’s installment.

About the Author

Chris Bronk is a research fellow at Rice University’s Baker Institute for Public Policy and an adjunct instructor of computer science at Rice. He previously served as a Foreign Service Officer and was assigned to the State Department’s Office of eDiplomacy.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group