Task 2 “Interoperability and Standardization” is continuously surveying the cloudscape for applicable standards, best practices and other examples to follow. This document, including the Executive Summary, is likewise being continuously updated.

There are three distinct roles an NREN – a GÉANT member – can play with respect to the formulated cloud strategy. They are:

• Procurer
• Provider
• Mediator/broker/integrator/consultant

For Procurers, it is best practice to dwell on standardization in at least the most basic areas, which are authentication and cloud management. Given GÉANT’s long-term activities in the field of authentication, standards should be chosen from among the SAML (Security Assertion Markup Language) family, currently SAML2. For cloud management, the emerging standard being widely adopted by many providers is OCCI (Open Cloud Computing Interface). Therefore, for cloud services procurement, these two (SAML2 and OCCI) are considered the reasonable minimum.

As far as cloud service providers or brokers are concerned, they should shape their services to meet that requirement for SAML2 and OCCI on their end, too.

One must not forget that there are other groups, often powerful standardization bodies, who perform evaluation of cloud standards. A comprehensive list is given in Section Related Work. Most relevant results are currently expected from ETSI (European Telecommunications Standards Institute).

Reiterating what has already been said in the Introduction; it is also important to stress that this Document is by no means finite. At this point, it has yet to be submitted to other members of GN3+’s SA7 members, and other interested parties. Non-trivial feedback, contributions, and recommendations as to which standards or use cases deserve most attention, must arrive from them!

This section sums up actions taken within the tasks.

A survey of services currently used or provided by NRENs, including services planned or envisioned, is being taken.

Describing currently used protocols, problems with OpenStack/Amazon proprietary/defacto standard; for interoperability suggest also libraries which already support several cloud providers/standards and therefore provide interoperability

There is related work already done. Checking on the progress is required.

Seen as a completely different use case. The Task needs at least to evaluate best practices, standards and policies.

The Standardization chapter gives an overview of standardization bodies, evaluation of (potentially) applicable standards and related work by other teams. It is mainly a repository of acquired knowledge.

Standardization bodies identified as having done work wrt. clouds.

How do we sort standards? CSCC (Cloud Standards Customer Council), for instance, sorts standards by the originating body. Sorting by area of application may be worth considering, perhaps.

This subsection includes references to work done by various other teams, working groups or task forces within the field of cloud standardization and interoperability.

This Section explains how not only standards but also best practices and other tools can be applied to achieve interoperability.

This Section collects experience, recommendations and evaluation of wide-spread solutions, which are not true standards but are often presented and used as such.

There were already several projects on a different scale, which had to address interoperability issues. There are certainly lessons to be learned from them.

This subsection provides guidelines and tips based on the evaluation of the standards and use cases outlined above. It is divided by service model.

The area of cloud storage is covered by standards even less than others. There is CDMI (Cloud Data Management Interface) for management but there is a lack of standards for access. Apart of Amazon’s S3 with several competing implementations, most providers offer specific protocols or – in the case of storage services such as DropBox or BOX – even closed-source clients. An emerging solution supported by many public as well as private storage service providers is perhaps WebDAV (Web Distributed Authoring and Versioning).

There are tools intended to overcome lack of standardization in different cloud solutions by implementing different backends for different providers, and presenting the user with a unified frontend to access the different providers in a unified way. In some cases they promise to implement a standard. In other cases, they strive to become a de-facto standard by themselves simply by attracting a wide enough user base.

Aside of the matters of standardization and interoperability, there is the other, non-technical angle to consider when procuring cloud services. It needs to be kept in mind while preparing tenders or writing up service agreements. Although these mostly legal matters may not be the main focus of Task 2 at first sight, it is not unreasonable to image a template legal document such as an SLA or a section on personal data protection being considered a de-facto standard, and as such made use of by multiple GÉANT members.

Along the track, Task 2 has collected a sampling of such documents, which are presented as case studies below.

General advice for those who open tenders for cloud services is being collected in this Section, based on the interpretation of existing standards and evaluation of case studies

This section links to cloud strategy documents by GÉANT partners.