Ahead in trust and identity

Logging in with one username and password to all the cloud services your institution uses, that's the goal. The SURFconext team takes care of that. Not only now, but certainly also in the future. Teamheads Michiel Schok and Femke Morsch and (technical) product managers Arnout Terpstra and Bart Geesink talk about their innovative work.

Achter de schermen bij Trust & Identity

There are actually two teams, one dealing with innovation and the other with day-to-day operations, right?
'Right. Some of the staff provide the operational services of SURFconext and SURFsecureID,' says Michiel Schok. 'The other is pioneering and carrying out pilots. Ultimately, we then produce new services, which are transferred to the first team.' Bart Geesink: 'But of course it's not completely separate. New ideas are growing. They are children who are getting bigger and bigger. There's room for innovation within both teams.'

As an example, Femke Morsch gives the application of the Internet standard OpenID Connect within SURFconext: 'That really was a joint effort by the teams of innovation and exploitation.' 'We decided to hold an expert meeting together,' continues Arnout Terpstra. 'We invited 4 experts, people from Microsoft and Yubico, among others, who contributed to the standard OpenID Connect. Busy people who volunteered their time for us because they find it interesting how we want to use their standard for our target group. And they want to think along with us about the opportunities and challenges.' Geesink: 'Well, it cost us a few pounds of "pepernoten"!'

Achter de schermen bij Trust & Identity

Behind the scenes at Trust & Identity

Sounds good. What's OpenID Connect?
Terpstra: 'Via SURFconext, users can access all kinds of different services with a single login. This is done via a specific Internet standard: SAML. But since 2017 SURFconext has also been able to do that via OpenID Connect.' 'This will make it easier to access services and websites, easier to log in to a website or - more and more important nowadays - to an app on your phone,' explains Geesink further. 'The advantages of SURFconext therefore now also apply to mobile apps. It is also possible to use SURFconext and OpenID Connect to shield the institution's APIs. An API (Application Programming Interface) allows software programs to communicate with one another. For example, we make it possible for students to view personal information such as subjects and grades in an app by logging in once via SURFconext.'

Schok: 'The biggest advantage is still the independence of large providers such as Microsoft and Google. That is also the reason why parties inside and outside the Netherlands are showing interest in our solution. With Google, for example, you can only work in Google Docs or Google Calendar. With SURFconext and OpenID Connect, institutions are no longer dependent on large providers and the choices they make. Thanks to the open standard, you can link everything to everything.'

SURFconext: the numbers
  • 15 people in the team
  • 5 million logins per week
  • 1.5 million unique users
  • 31 percent growth per year in the number of services
  • 34 percent growth per year in the number of logins

A lot of attention. Collaboration pays off.
Terpstra: 'You notice that the institutions have confidence in us. If things go wrong once, they know we'll solve it quickly.

'The best thank you we can get is the freedom to innovate.'
Femke Morsch

'The best thank you we can get is the freedom to innovate,' says Morsch. 'That they say, if you have a new release, fine. We trust you.' 'SURFconext processes 5 million logins a week and we do that very reliably. However, we can also add this type of highly innovative functionality to our services, the latest in trust and identity. That is what makes these teams so unique.'

Text: Marieke Linn

Ahead in trust and identity is an article translated from SURF Magazine December 2019

Download (Dutch) SURF Magazine 4-2019