1. Application and development Femke, Paul, Matthew, Bas If we do anything … it should be ready in 6-12 months, otherwie we’ll be overhauled by reality -This means Small Scope and/or Large Resources If we do anything … it should be Open Source

2. Application and development Develop a tool for encryption geared at end users, applicable to any kind of Cloud usage Explore the separation of Storage and Process Combine these and other, small scale solutoins, to achieve the bigger solution regarding trust, security, confidentiality

3. Application and development Notion: there are already small offerings of more trusted or reliable cloud services, e.g. the What-Not-Cab-Be-named-DropBox facilities Requirements list, a SMART action !!!

4. Application and development JISC, CSC and SURF are (inter)nationally promoting federations. They can do that as well for Cloud requirements They should set up a Requirements List -Convince vendors to comply to requirements made by institutions, otherwise HEI’s not interested: -SAML2, (well developed) API’s, O-AUTH

5. Application and development Set up a requirements list collaboratively (working group of JISC-CSC-SURF plus HEI reps) List vendors that comply List institutions that comply Canvas to get other HEI’s on the list ACTION2: explore/find convincing strategy to have OVF support required, to avoid vendor lock-in.

6. Application and development SMART: -Specific, and can start fro the dtch example -Measurable: indication we wish to have 25 % of the institutions support the list, and in the first year a significant # of complying vendors -Acceptable – as long as the requirements are reasonable compliance is an accepted practice -Realistic – it’s already done (SURFnet in NL) -Timely – Now is the time of Cloud contracting, community pressure on vendors should build up now.