This page is about a service, offered by SURF, that makes it easier for research collaborations to set up and manage access to (data and compute) services they need for their projects. Using our service saves those collaborations time and enables them enables collaborations to spent more time on research instead of managing infrastructure. Everybody involved benefits: researchers, providers of services for researchers and institutions. Anybody is invited to read about the service, but it the service is geared towards Dutch led research projects (.
Don't want to read the information below but want to know how this can help you? Or have questions? You can send us an email and we'll set up a call!
Table of Contents |
---|
...
Research is more and more about collaboration, also confirmed in the Dutch NWO 2019-2022-strategy. Researchers that want to collaborate (internationally) and providers of resources who parties that want to offer research facilities to collaborative organisations therefor face the question: how to provide secure access to resources? Researchers have typical access needs that aren't taken care of by the current solutions, and they have documented them in FIM4R-documents (Federated Identity Management for Research). People from around the world have been thinking about how to solve the access issues. In the European AARC-project (Authentication and Authorisation for Research and Collaboration) the specific identity and access challenges researchers face are addressed, and they made a clear video about the problem:
...
AARC crafted a blueprint architecture that addressed those challenges. SCZ is basically an implementation of that blueprint. The SCZ-project enables you to:SURF has followed up that development with a project (SCZ, Science Collaboration Zone), to develop a service based on the gained insights: SURF Research Access Management, SRAM. SRAM enables you to:
Invite your collaborators: as soon as someone accepts the invitation, accounts get created automatically for all connected services.
Connect to web and 'non-web' services (think of resources accessed via SSH or WebDAV ): with SRAM those can be tied to institutional accounts, improving access revocation.
Work with people from all over the world, either through their institutional account or one of the available guest identity providers SRAM offers.
Simply manage authorization. Group membership in SRAM is converted to attributes that can be used by the connected services to decide who can do what.
No more need for zero hours (nul-uren) accounts that take forever to arrange for and stay in existence far too long and often incur unnessary cost (for licenses for example). Currently, for every new research project the access-wheel is reinvented. Collaborations and research are delayed in the start-up phase because setting up secure access takes time (and IT-expertise). What if there was a plug and play service? SRAM is delivering just that.
We provide SRAM provides an access Authentication & Authorisation Infrastructure-as-a-Service focused on the needs of researchers, research projects and providers of resources for researchers. It takes care of user management. The service name: SURF Research Access Management (SRAM). On On these pages we describe what the SCZ project and the resulting SRAM -service is about.
Besides SRAM, which is tailored for Dutch-led research projects, similar AARC-based initiatives exist, like the EOSC-Life AAI and eduTEAMS.
...
providers of services for researcher also save time because they technically have to connect their services to SRAM only once (using open standards like LDAP, OIDC and SAML) and thereafter can easily offer their service to unlimited collaborations and people. Providers can configure and offload simple repetitive fault sensitive user creation tasks, while still being in control over which collaborations are are allowed access etc.
To get an extra idea of what SCZ wants to offer, hereHere we share the 'user stories' (in broad outline) for which we want to offer a solution with SCZ.
...
collected when we started developing SRAM.
Open Access and access regulation mechanisms often go together. Possible scenario's:
...
Schematically the SCZ SRAM can be drawn as follows:
The picture above shows that the research services are linked to the SCZ proxySRAM: these services only have to make and maintain one linklink to service all Dutch led research collaborations that use SRAM to manage access. The picture shows the features of the SCZ infrastructureSRAM:
Connects with eduGAIN so that research services are accessible for researchers at institutions outside the Netherlands.
Provides a mechanism (via a 'membership management service, like COmanage, Hexaa, Perun or SBS) to invite users and manage groups and attributes (a so called 'Membership Management Service').
Provides a solution for people without an edu account to use services (guest providers in the Identity HUB, such as via Google and / or other ORCID, eIDAS, social accounts like from Microsoft and Google etc).
Provides a solution to securely unlock access (web and) non-web services.
...
You can also try a demo yourself.
...
Many federated academic services require a few user attributes to successfully complete login, usually name, email, and a persistent user identifier (called the “R&S attribute bundle”). An international program called the Research & Scholarship Entity Category (R&S) was established to meet this need. This program enables federated services serving a research or scholarly purpose to request that their national R&E federation (as InCommon is for the US) “tag” them with the R&S entity category. It also specifies how R&E federation operators vet such requests to ensure that such tags are only applied to appropriate services.
...