Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • (ongoing) Improve SCZ based on user feedback etc (stories available on PivotalTracker)
  • Add 2FA as an option
  • Add a dashboard for service providers, so service providers can configure the connection to our platform in a DIY way
  • Add a service user import-tool: when a service is connected to our platform, they often already have a user database. So if you want to route all authentications via our platform, and want to prevent existing users having to go through a new sign up on our platform, you need to map the existing users to our platform. We need to investigate whether this is possible, based on actual use cases.
  • Monitor need and possibility to (better) connect our platform to EOSC-hub
  • Depending on requests from users, look into tokens like SciTokens and Macaroons and build upon WLCG-actions from end 2018/begin 2019 . If the NWO BBMRI3-call is awarded (award expected end of 2019/begin 2020), probably token based solutions will be needed, as the plans are to do Artificial Intelligence/Machine Learning kind of operations on federated data (so 'agents' will probably need to be granted access to data stored at institutions etc)
  • Study Elixir AAI experience, as presented here. For instance add a workflow option to request access to data using tools like “Resource Entitlement Management System (REMS)” (webinar about REMS in Elixir AAI)
  • See whether we find unresolved problems in the FIM4R-report (for instance after page 17 in ), like:
    • "Delegation here means providing end-entities (users) ability to give a constrained portion of their access to another entity acting on their behalf. This might be reasonably accomplished either by impersonation or by proper delegation. This is required in any use case in which a work-flow continues without the presence and direct connection of a user."
    • "AuthZ decisions at an SP must be based on identity credentials, attributes or assertions that have a short lifetime, i.e. they are valid now and not for too long into the future. Even within this short period it should be possible for the SP to look up real time status information, e.g. revocation lists and/or suspension lists."
    • "It must be possible for an Infrastructure or research community to block access to a service based on the presence of an identity credential in an operational suspension list or revocation list."

  • Investigate closer integration with RDM, RDM metadata, RDM catalogues, RDM DRM etc
  • Look into possibilities to combine SCZ with eLAN/on-the-fly-network virtualisation/light paths ... since researchers want to collaborate, it would be nice that if data has to travel over multiple locations, the network automatically resizes to the needed paths and bandwidth.