Roadmap SURF Research Access Management

Security, privacy, and reliability

2022

Our focus is to further improve the availability and reliability of the platform, for example by optimising our internal processes, getting an ISO27001 certification, and improving agreements with our supplier. We will simplify and automate the release process, allowing us to release updates and fixes more often.

By introducing multi-factor authentication for all users logging in to SURF Research Access Management and services connected to it, we further improve security of the platform and all services connected to it. By releasing our own PAM module to production, non-web services will be able to use federated authentication for their users.

2023 and onwards

We will enhance our automatic tests and further improve our multi-factor authentication implementation, ensuring compliancy with on standards used internationally within research. We will closely follow the developments related to government identities and self-sovereign identity. Jointly with the SURFconext team we will move the entire platform into containers.

Functionality for researchers and communities

2022

Our focus is to further improve user experience of the platform in general, for example by simplifying the on-boarding flow for new users. This way, it will be easier to join collaborations after receiving an invitation.

2023 and onwards

We will design and develop new features such as account linking or account migration, and support for managing access rights to data sets and other scientific resources. In addition, due to new developments within the European Open Science Cloud (EOSC) project, we expect that collaborations will require to connect to services from the EOSC catalogue in a user-friendly way. Furthermore, other (similar) infrastructures might possibly wish to use the software behind SURF Research Access Management as well.

Functionality for research services/infrastructures

2022

Our focus is on developing a features aimed at supporting services and their administrators to use SURF Research Access Management, such as self-management for service administrators, support for Acceptable Use Policies (AUPs), support for token-based authorisation, and additional support for (de)provisioning based on the SCIM standard.

2023 and onwards

The features mentioned above will be further enhanced based on feedback from users and service administrators. In addition, we expect that services connected to SURF Research Access Management will also need to offer their services to other AAI-infrastructures and/or within EOSC. We will work closely with those services to ensure SURF Research Access Management supports these use cases.

Adoption/communication

2022

The focus will be on developing several different materials which can be used by SURF's member institutions to better communicate and explain what SURF Research Access Management has to offer. In addition, we will develop a communication strategy which will guide us in the coming years.

2023 and onwards

We intend to strengthen our relationship with research support departments and/or Digital Competence Centers (DCCs) at SURF's member institutions. In addition, we aim to establish an advisory group and have 3 or 4 yearly meetings.