SURFconext Connection Agreement (Dutch: aansluitovereenkomst)
Every time a user logs in via SURFconext, user-information is transferred from the institution, via SURFconext, to your service. Based on what you agreed, as a Service Provider you may receive data from the Identity Provider/Attribute Provider:
- for the authentication (the proof of authentication by the Identity Provider);
- for authorisation decisions within your service;
- about the group memberships of a user if such is required for cooperation and authorisation within the service provided;
- extra data from a user relevant to the service.
A contract needs to be signed (when going to production environment) in order to guarantee that the service provider will deal with this information with caution:
- Alterations to the Connection Agreement are not permitted. We believe every Service Provider is able to sign the contract as is.
- Don't sign the contract below. Please let us know if you like to receive a copy to sign.
| Version | Template connection agreement | |
|---|---|---|
| Dutch | 1.03 | Template aansluitovereenkomst SURFconext_v1.03_NL + brief.pdf (incl aanbiedingsbrief) |
| English | 1.03 | Template Connection Agreement SURFconext_v1.03_eng-GB + brief.pdf (incl accompanying letter) |
See previous versions of the SURFconext Connection Agreement
GDPR (Dutch: AVG) related questions
In the context of transparency we will make the answers to the questions below available for our institutions. This will help them deciding whether or not to connect your service.
| GDPR related questions | |
|---|---|
| Dutch | VragenVoorSPsVoorAO2017.docx (Engels) |
| English | QuestionsForSPsForCA2017.docx |
Who needs to sign a contract?
Commercial vendors need to sign a SURFconext Connection Agreement. You can download the template to see in advance what the agreement entails. Send a mail to support@surfconext.nl to start the trajectory and receive a copy to sign.
SURFnet members
For SURFnet members offering a service, the procedure is as follows:
- Check if there is a relevant SURFconext contract.
If you are registered as a SURFconext Identity Provider (check here), you can assume this is done. In case of doubt, contact support@surfconext.nl. - Adhere to the SURFconext Privacy Policy.
- Inform the person in your organisation responsible for SURFconext (role SURFconextverantwoordelijke) that you are going to connect a service to SURFconext. SURFnet needs explicit consent from the person with this role before your service can be connected.
Version-log
Previous versions of the documents on this page can be found below:
| Version | Template connection agreement | This version compared to the newer version (so you can easily see edits) | |
|---|---|---|---|
| Dutch | 1.02 | Template aansluitovereenkomst SURFconext_v1.02_NL + brief.pdf | |
| English | 1.02 | Template Connection Agreement SURFconext_v1.02_eng-GB + brief.pdf | |
| Dutch | 1.00 | Template aansluitovereenkomst SURFconext_v1.01_NL + brief.pdf | Template aansluitovereenkomst SURFconext_v1.01_NL compared to v1.02.pdf |
| English | 1.00 | Template Connection Agreement SURFconext_v1.01_eng-GB + brief.pdf | Template Connection Agreement SURFconext_v1.01_eng compared to v1.02.pdf |