Nederlands
ABOUT SURFFEDERATIE

Participating in SURFfederatie

SURFfederatie is a SURFnet service that makes  federated collaboration in higher education and research possible. The architecture of the federation consists of three main components: identity providers (IdPs), service providers (SPs), and Central Federation Components (CFCs). These are shown in the figure below. 

Click to enlarge image

The identity providers supply the details of end user features within SURFfederatie. This means that an IdP can identify, authenticate, and authorise users. The federation policies describe which features (“attributes”) of the user can be passed on to the federation. It is the IdP that makes the final choice of attributes to be passed on (if desired, for each particular service offered).

The service providers offer services to the members of the federation and consequently to the individual end users. An SP can set conditions for access to its electronic service as regards the features of the end user and the IdP can also impose restrictions on its end users for using a service. For example: the user may have to belong to the specific category “student” or “employee”. The federation ensures that the information regarding an individual user that is provided by the IdP (“authorisation”) is communicated to the service provider in a secure manner; the service provider then decides on the basis of that information whether a user should or should not be allowed access (“access control”).

In some cases, a party acts within the federation as both an IdP and an SP, for example in the case of an education institution that also offers educational resources within partnerships.

Roles

The federation comprises federation members – institutions belonging to the SURFnet target group – and federation partners – external service providers from outside that target group. Federation members can act within the federation as both an IdP and an SP; federation partners can only act as SPs.

Interfaces

Identity providers can connect to SURFfederatie in various different ways (i.e. protocols): the options include SAML 2.0, WS-Federation, A-Select, and Shibboleth. This means that an institution can choose from products that comply with these standards (this includes products provided by Microsoft, Novell, Oracle, IBM, HP and PingID, and open source products) in order to create the connection with SURFfederatie.

Agreements

Collaboration within SURFfederatie makes it essential for service providers and identity providers to be able to trust one another. A number of contractual agreements have therefore been drawn up within the federation laying down the rights and obligations of the participating parties. These are evaluated regularly in consultation with the participants.

Also read:

    More information about joining the federation for:

    1. Members (SURFnet institutions that wish to connect as an IdP or as an SP)
    2. Partners (external service providers that wish to connect as an SP)
Email Print
SURFnet bv
PO box 19035
3501 DA Utrecht
Telephone: +31 302 305 305
E-mail: admin@surfnet.nl