Background

In 2006, SURFnet began constructing a federation, which commenced production in 1 November 2007. SURFfederatie gives researchers, students, and instructors access to content and services offered by various providers. Access is managed on the basis of an account with the user’s own organisation, for example an educational institution. SURFfederatie ensures that users can provide evidence of their identity by using data issued and managed by that organisation, the “identity provider” (IdP), with the user’s privacy being primary. It is therefore also the task of the identity provider to determine the user’s identity and to release this to the federation, perhaps in combination with a number of ‘attributes’.

For its part, the SURFfederatie ensures that providers of content and services can trust that identity. This prevents users having to remember a whole series of different login names and passwords and the organisation having to maintain a large number of technical connections with the various providers.

The unique thing about SURFfederatie is that  IdPs with different connection protocols can connect to the federation and that the central infrastructure sees to the “translation” to other protocols. This means that users can log in to a large number of service providers through a single connection to SURFfederatie, without requiring additional technical connections and without service providers and identity providers needing to utilise the same protocol.

SURFfederatie makes it possible for providers of content and services to control access – down to the level of the individual end user – rather than utilising a system of IP address-based access. This access control can be implemented, for example, on the basis of the name of the organisation to which the user belongs, or even on the basis of specific user features.

With a view to simplifying collaboration between organisations within the SURFfederatie target group and providers of content and services, SURFfederatie offers a set of agreements (“federation policies”) and a technical infrastructure; these form the basis for the federation. This website gives information for end users, federation members (and prospective members), and providers of content and services.