The following parties were part of the project:
- An project manager/information management specialist from the city of Amsterdam
- A Security Officer from the city of Amsterdam
- Bureau Driebit (technical development and maintantance of openresearch)
- Sogeti (SSO-connection city of Amsterdam)
- SURF (SS-connection knowlegde institutions)
- ONVIO (Security Audit)
- The chief editorial board of openresearch (commissioner & user testing)
- De University of Amsterdam (connection, security & user testing)
- De Vrije Universiteit (connection, security & uses testing)
- VU Amsterdam (connection, security & user testing)
Security
Before going live with SSO, the new software was audited by ONVIO. From the report of the penetration & hacktest it was concluded that the implementation of SSO was safe. The test-results have been shared with the security departments from the city of Amsterdam and the knowlegde institutions. The security of the platform as a whole is and will be also be periodically tested in the future.
Personal data
SURF does not process any personal data from employess of the city of Amsterdam. Openresearch processes the following data from participants logging in with SURFconext and ADW: first name, last name and e-mail address.
First and last names are publicly visible through the public profiles that the system generates after the first login. E-mailadresses are only visible for participants from our partner organisations. Users can delete their own accounts after login, after which their details will be removed from the platform.
Participans interested the processing of personal data at SURF can find more information here.
Governance and management
To realise the single sign-on cnnection with SURF, a connection-agreement document was signed and approved by the knowlegde institutions. The Chief Science Office of the city of Amsterdam also applies the Policy Regulation on Integrity and Agreements.
Furthermore, general governance agreements apply that were made with all partner organisations before when openresearch.amsterdam was designed and built. You can find them in this collection.
Cconnecting to other partner organisations
We chose to connect our partner organisations of openresearch in different stages. This means that not all Amsterdam-based knowlegde institutions and government organisations are connected with the new login system. Together with these organisations we hope to explore and realise more SSO-connections in the near future.