Research is more and more about collaboration, also confirmed in the Dutch NWO 2019-2022-strategy. Researchers that want to collaborate (internationally) and providers of resources who want to offer research facilities to collaborative organisations often face questions related to providing therefor face the question: how to provide secure access to resources. The SCZ project (SCZ, FIAM for collaborating researchers) tries to solve a number of issues in the field of authentication, authorization and policies. On these pages we describe what the SCZ project is about. 

...

Why the SCZ project?

Researchers have typical access needs that aren't taken care of properlyby the current solutions, and they have documented them in FIM4R-documents (Federated Identity Management for Research). We address a number of those problems in the SCZ-project:

...

• Providing access to invited people to the actual resources currently often takes a relatively long time (working with system admins of all resources, setting up 'account management', provisioning etc). 

• You want to streamline the invitation process (invites, enrollment). When the collaboration grows, there is a need to manage collaboration groups (membership etc).

• Researchers often want access to Apart from enabling access to browser-based services, for 'non-web' services (think of resources accessed via SSH or WebDAV ) there are currently no possibilities for federated authentication.: those are currently not tied to their institutional accounts, which makes access revocation a problem.

• Research is often international and providing Giving access to a service to international (in our case non-Dutch) researchers and people without an institutional account (eg from companies involved in the research project, 'guest-access') requires a relatively large amount of worksecure access often is a problem.

• Authorization often is a problem. Group membership can be used to decide on authorization: what is a user allowed to do within a certain service? This requires a solution that can convert the group information into attributes that are subsequently consumed and interpreted by the resources to be shared (eg wikis, compute or data) for authorising users.

...

How does SCZ provide a solution?

In With the SCZ project, we want to:

• Ensure ensure that parties who want to share resources can do so by smoothly (and only once) connecting the resource to the SCZ proxy (only once). The SCZ solution takes care, amongst others, of making the service available via eduGAIN.

• Provide provide an environment where institutions and collaborative organisations can quickly request a collaboration group, assign group managers and then manage that group themselves, invite people, etc.

• Provide provide a possibility to manage specific attributes per collaborative organisation.

• Ensure ensure that people without an edu account can also easily be invited and access the resources, where possible with a higher 'Level of Assurance' than with a social identity.

• Ensure ensure that non-web resources like SSH and WebDav can be approached via federated authentication (eg institutional account) (for the benefits of federated authentication see "Why federative"? ).

• Ensure ensure that an institution only has to join the SCZ once in order to give all its researchers (via one or more collaborations) access to the participating services and resources.

...

Another way of logging in is shown in a video at the bottom of PAM Module. You can also try a demo yourself.

...