Article

Single sign-on: connection, security and governance

Redactie openresearch.amsterdam

About the project and it's participants

Commisioned by the editorial board of openresearch, Aeves Benefit has conducted research into the needs and possibilities for the further development of openresearch.amsterdam. One advise was to create a login with the existing single sign-on software modules of both the municipality and the knowlegde institutions. In the spring of 2022, we started a project to connect the modules to openresearch for the four mayor and most active institutions on the platform. The connection was realised in September 2022.

The following parties were part of the project:

  • An project manager/information management specialist from the city of Amsterdam
  • A Security Officer from the city of Amsterdam
  • Bureau Driebit (technical development and maintantance of openresearch)
  • Sogeti (SSO-connection city of Amsterdam)
  • SURF (SS-connection knowlegde institutions)
  • ONVIO (Security Audit)
  • The chief editorial board of openresearch (commissioner & user testing)
  • De University of Amsterdam (connection, security & user testing)
  • De Vrije Universiteit (connection, security & uses testing)
  • VU Amsterdam (connection, security & user testing)

Security

Before going live with SSO, the new software was audited by ONVIO. From the report of the penetration & hacktest it was concluded that the implementation of SSO was safe. The test-results have been shared with the security departments from the city of Amsterdam and the knowlegde institutions. The security of the platform as a whole is and will be also be periodically tested in the future.

Personal data

SURF does not process any personal data from employess of the city of Amsterdam. Openresearch processes the following data from participants logging in with SURFconext and ADW: first name, last name and e-mail address.

First and last names are publicly visible through the public profiles that the system generates after the first login.  E-mailadresses are only visible for participants from our partner organisations. Users can delete their own accounts after login, after which their details will be removed from the platform. 

Participans interested the processing of personal data at SURF can find more information here.

Governance and management

To realise the single sign-on cnnection with SURF,  a connection-agreement document was signed and approved by the knowlegde institutions. The Chief Science Office of the city of Amsterdam also applies the Policy Regulation on Integrity and Agreements.

Furthermore, general governance agreements apply that were made with all partner organisations before when openresearch.amsterdam was designed and built. You can find them in this collection.

Cconnecting to other partner organisations

We chose to connect our partner organisations of openresearch in different stages. This means that not all Amsterdam-based knowlegde institutions and government organisations are connected with the new login system. Together with these organisations we hope to explore and realise more SSO-connections in the near future.

Image credits

Header image: Touch - MaxPixel

Icon image: Max Pixel - data privacy