Pilot: Authentication en autorisation for research services
Many research services are so specific that relatively few people per institution use them. Enabling secure access is a lot of (specialized) work for institutions. SURF's Science Collaboration Zone (SCZ) project is intended to solve this problem: many research specific services are already linked to this environment.
Why: helping researchers to log in securely
Researchers often experience problems logging in to research services. In order to make logging in safe, easy and efficient, SURF is conducting pilots with approximately 10 institutions with an authorisation and authentication service optimised for researchers: the Science Collaboration Zone (SCZ). The SCZ tries to solve a number of specific challenges faced by researchers:
- How do you arrange access to non-web resources (such as SSH) based on an institution account?
- How can 'guests' from other institutions, companies or outside the Netherlands make use of research services?
- How is group management arranged?
- How do we deal with specific research attributes?
- How do you arrange consent and logging of access so that you comply with the GDPR?
- How can institutions limit the administrative workload resulting from having to create guest accounts, 0-hour contracts, etc.?
What: a pilot environment for federated login to research services
Based on the questions above, SURF has developed a pilot environment that allows researchers to log in federative, i.e. with their institutional account. The environment is a proxy and offers opportunities to link web-based services, but also services that are normally not accessible via a webbrowser, like service you access via SSH. The latter services are particularly important for researchers. These services were linked to SCZ in the pilot project.
The SCZ uses various techniques, such as LDAP, COmanage and SAML. More detailed information about this can be found on the wiki of the Science Collaboration Zone .
Current status: pilot until the end of 2018
A pilot project with various parties will run until the end of 2018, in which different scenarios will be investigated and the technology will be optimized. At the end of 2018 it will be decided whether the pilot will be further developed into a production service.