Infrastructure trust & identity

Version: 28 June 2019 (Most recent version:)

Innovation at SURF is a process in which an idea develops into a new service by following a series of consecutive stages. Innovation projects are part of the SURF vision.

Filter
Idea for a new potential service or technique.

Concept

Student mobility

eduID

One (lifelong) identity to use throughout your entire career in education.

To project
Strong authentication

eSIM

Applications (e.g. 2FA) on embedded SIMs in mobile devices.

Authorisation Research Non web

SciTokens

Delegated, decentralised access to computing and storage.

Privacy

Solid / Inrupt

Decentrale opslag voor cloud-applicaties

Privacy

Browser integration

Improving user experience federation by browser integration or extentions.

Privacy

PEP

Increase privacy by using polymorphic encryption and pseudonymisation.

The idea is converted into a technical solution. Does it work?

Proof of concept

Research

ID Resolver

Support for the correct identification of researchers in library catalogues.

Non web

Kerberos realm Crossover

Use of Kerberos across several environments.

Student mobility

eIDAS

Log on to central and institutional systems with national identities.

Strong authentication

Microsoft MFA

Research how Microsoft MFA resources can be used within SURFsecureID.

Authorisation

Autorisatie Server as a Service

To what extent can an OAuth2 authorisation server be delivered as a service?

Authorisation Strong authentication

Context-based Strong Authentication

Deciding whether strong authentication is necessary based on the login context.

Strong authentication

Remote vetting

Opportunities and limitations of remote identification.

A small number of institutions try the service or technique.

Pilot

Research Non web

iRODS

Add federated identity management to iRODS.

Privacy Strong authentication

IRMA

Access to cloud services with only the necessary attributes being shared.

Research

AARC

Different federated identity projects for research.

Non web

Rich Client SDK

Log in to cloud services with SURFconext within native apps.

Student mobility Strong authentication

iDIN

Log in to cloud services with an identity provided by a bank.

Groups Research

Science Collaboration Zone

Components for better authentication and authorisation for collaborating researchers and research services.

To project
The technique or service is completed in a technical and operational sense.

Dienst­ontwikkeling

Service

IAA vision

Develop shared vision for IAA.

To project
Service

InAcademia

Develop authorisation tool for third parties.

To project
Service

eduTEAMS

Infrastructure for authorisation for research.

Strong authentication

FIDO2/Webauthn

Using Fido U2F as the second factor within SURFconext Strong Authentication.

The technique or service becomes available to the institutions.

Dienst

Service

SURFconext

Researchers, staff and students use the SURFconext infrastructure to access cloud services from a number of providers. Components of the service are:


To project
Service Strong authentication

SURFsecureID

Better secure access to cloud services.

To project
Authorisation Groups Student mobility

Attribute Aggregation Service

Enrich identities with attributes from several sources.

To project