The recent release of the Open Container Initiative version 1.0 specification is a milestone in the development of container technology, setting the stage for innovation to move up the stack.

That’s according to Brian Gracely (pictured), director of product strategy at Red Hat Inc. and a former analyst at Wikibon, owned by the same company as SiliconANGLE. “We now have a standard for the low-lying pieces and we can start working at another level,” Gracely said in an interview.

The standard covers runtime and image specifications for containers, which are a way to make software applications run the same no matter what computing environment they’re moved to. The OCI standard resolves the most important elements needed to ensure container consistency across implementations and platforms.

The image component defines how a script tells containers what pieces to assemble before launching. The runtime dictates a standard for running a binary container file on a given platform. These two technologies are “boring,” in Gracely’s words, but they mend a rift that was developing between different container implementations.

For example, in the area of runtime elements, “you had things like LXC in Linux, then the Docker format came along and got a lot of traction,” Gracely said. “CoreOS had a version called Rocket that looked at security slightly differently. They all had good pieces and different approaches. OCI has now figured out these different elements.” That means developers can build, package and sign containers with the confidence that they’ll run across compliant engines.

What’s next?

That doesn’t mean the initiative’s work is done. The organization, which is a subgroup of the Linux Foundation, hasn’t yet settled on its next project, but its success at enlisting more than 40 technology providers gives it a chance to tackle more ambitious things.

Gracely hopes that includes security and scanning. “The next thing people will want it standardization around how to cryptographically sign an image so I know it comes from a trusted resource and hasn’t been tampered with,” he said. Scanning is “a consistent way to make sure that somebody didn’t, for example, introduce a line [in a script] that has a known malware vulnerability.”

The OCI could also take on work to make containers compatible across a broader range of operating systems, including Windows, Solaris and mainframes. “Windows is compatible with the Docker [application program interface], but the way Linux implements containers is different from the way Windows implements them,” Gracely said. “The OCI project can define a common way to talk to the operating system.”

Turning to Kubernetes

The release of a spec also clears the way for developers to begin focusing on other container ecosystem components such as Kubernetes, which is emerging as the de facto standard for container orchestration. The Linux community is also at work on lightweight, stripped-down versions of the operating system like Red Hat Atomic, which are optimized to run containers.

“There are a lot of things within the typical distribution that you don’t need, so it makes sense to have a Linux operating system that’s entirely based on containers,” Gracely said. The benefits are in performance, stability and security, since a lightweight operating system presents a smaller attack surface to defend.

A related development is serverless computing, a cloud-oriented operating model based on microservices that dynamically manages underlying infrastructure resources. It enables developers to focus on functions rather than worrying about infrastructure, and to pay only for the resources that are used rather than for time using a server.

No matter what OCI tackles next, the group is demonstrating that competing vendors can work cooperatively to advance a standard. “Now every major company is saying, ‘OK, I’m willing to contribute to these open standards because I don’t want to be left out of this next trend,’” Gracely said. That ensures that no one company will come to dominate the market and force its standards on others, as Microsoft did 20 years ago.

Image: theCUBE