LLMpediaThe first transparent, open encyclopedia generated by LLMs

SURFconext

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: NARCIS Hop 4
Expansion Funnel Raw 138 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted138
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
SURFconext
NameSURFconext
TypeFederated identity and access management
CountryNetherlands
OwnerSURF

SURFconext is a Dutch federated identity and access platform enabling single sign-on and resource sharing among higher education, research, cultural heritage, and public sector organizations. It connects institutional identity providers with service providers, supporting protocols and standards to facilitate collaboration among universities, colleges, research institutes, libraries, museums, and archives. SURFconext interoperates with international federations and platforms to integrate services across borders and sectors.

Overview

SURFconext links institutional University of Amsterdam, Delft University of Technology, Utrecht University, Eindhoven University of Technology, and Leiden University with cloud services such as Google Workspace, Microsoft 365, Zoom Video Communications, Elsevier, and Clarivate while supporting research platforms like Zenodo, Figshare, and ORCID. The platform implements standards from SAML 2.0, OAuth 2.0, OpenID Connect, Shibboleth, and eduGAIN to enable authentication and authorization across providers including Centrum Wiskunde & Informatica, Naturalis Biodiversity Center, Royal Netherlands Institute for Sea Research, Netherlands Institute for Advanced Study, and Netherlands Institute for Sound and Vision. SURFconext fosters integration with identity federations such as GÉANT, EDUCAUSE, Jisc, AARNet, and CANARIE.

History

The initiative emerged from collaborations among Dutch higher education and research organizations including SURF, Kennisnet, NWO, VSNU, and Association of Universities in the Netherlands to address cross-institutional access to digital services. Early pilots involved institutions such as Radboud University Nijmegen, Vrije Universiteit Amsterdam, Maastricht University, Wageningen University & Research, and The Open University in the Netherlands, engaging service providers like Blackboard, Moodle, Turnitin, Elsevier ScienceDirect, and Thomson Reuters. SURFconext evolved alongside European projects and consortia including GEANT Project, eduGAIN, EUDAT, OpenAIRE, and EOSC to align with international interoperability efforts. Over successive development cycles it incorporated technologies from vendors and open source communities such as Jenkins, Docker, Kubernetes, Ansible, and Prometheus to scale operations and integrate with platforms like Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Architecture and Components

The architecture connects institutional identity providers with service providers via a hub-and-spoke model, integrating components like a central authentication broker, metadata consolidation, attribute harmonization, and consent management. Core components reference implementations and software from Shibboleth, SimpleSAMLphp, Keycloak, Gluu, and Apache HTTP Server for proxying and routing. SURFconext metadata aggregation aligns with eduGAIN and leverages directory and federation services used by LDAP, OpenLDAP, and Active Directory Federation Services. Monitoring and logging incorporate tools associated with ELK Stack, Grafana, Prometheus, and Graylog, while deployment and CI/CD pipelines utilize systems from GitHub, GitLab, Bitbucket, and Travis CI.

Services and Features

SURFconext offers single sign-on, institution-linked accounts, attribute release policies, group and entitlement sharing, guest access, and support for multi-factor authentication providers such as Duo Security, Yubico, Auth0, RSA SecurID, and Google Authenticator. It enables integration with research identity systems like ORCID and resource discovery platforms such as WorldCat, Scopus, Web of Science, and CrossRef. Additional services include classroom and collaboration connectors for vendors like Canvas (learning management system), Brightspace, Cisco Webex, Miro, and Slack (software), as well as access to digital repositories such as DANS, DataCite, Zenodo, and Figshare.

Governance and Partnerships

Governance involves SURF in partnership with Dutch universities, universities of applied sciences, and research institutes including Royal Netherlands Academy of Arts and Sciences, European Organization for Nuclear Research, Netherlands Organisation for Scientific Research, Dutch Research Council, and sector organizations like VSNU and VH. International collaborations include GÉANT, eduGAIN, REFEDS, Jisc, AARNet, and national partners such as SURF.nl members and consortium participants like University Medical Center Utrecht, Amsterdam UMC, Leiden University Medical Center, and Erasmus University Rotterdam. Policy coordination engages with standards bodies and initiatives such as IETF, W3C, ISO, NEN, and European Commission research programs.

Security and Privacy

Security practices draw on standards and frameworks referenced by ISO/IEC 27001, NIST, OWASP, Common Criteria, and GDPR compliance requirements enforced across participating institutions including Ministry of Education, Culture and Science (Netherlands), Dutch Data Protection Authority, European Data Protection Board, and research infrastructures like ELIXIR. SURFconext supports strong authentication methods and integrates with multi-factor vendors like Yubico and Duo Security, implements attribute minimization and consent workflows similar to guidance from REFEDS and eduGAIN, and adopts logging, auditing, and incident response practices aligned with FIRST and ENISA recommendations.

Adoption and Use Cases

Adopters include major Dutch higher education institutions such as University of Groningen, Utrecht University, Eindhoven University of Technology, Tilburg University, University of Twente, HAN University of Applied Sciences, Avans University of Applied Sciences, and cultural institutions like Rijksmuseum, Van Gogh Museum, Mauritshuis, and Concertgebouw. Use cases span remote access to subscription resources from Elsevier, Springer Nature, Wiley, and ProQuest; collaborative research projects funded by Horizon 2020, Horizon Europe, and European Research Council grants; library lending and interlibrary systems connecting OCLC and WorldCat; and cross-institutional classroom tools for programs with partners such as Coursera, edX, and FutureLearn. SURFconext also supports federated identity in multidisciplinary initiatives involving CERN, EMBL, ESA, and national research infrastructures like National Supercomputing Center (SURFshare), enabling streamlined access for researchers, students, staff, alumni, and guest users.

Category:Federated identity