It is our ambition to let SURFsecureID grow into the default strong authentication solution for Dutch education and research institutions. The following activities are planned:

  • GSSP Fallback Feature, i.e. using AzureMFA without SSID registration
    • In progress, release planned for 2025H2
  • Implement tiqr MFA fatigue measures
    • In progress, release planned for 2025H2
  • User de-provisioning, i.e. remove token registrations that have not been used for a long time
    • Planned for 2025H2
  • Proof-of-Concept with Microsoft EntraID External Authentication Methods. When successful we will also start to implement this in SURFsecureID.
    • Planned for 2025H2

In addition to these more innovative activities, we will continue to improve our service:

  • Functional improvement of Registration portal, RA Management portal, supporting processes and documentation
  • Infrastructure and management improvements
  • Grow the number of connected Identity Providers and Service Providers
  • Best practices on SURFsecureID implementations
  • Knowledge dissemination on strong authentication, Levels of Assurance, etc.
  • Periodic security audit

Activities and priorities in this roadmap may change over time depending on input of our members. We encourage you to engage in our periodic SURFconext meetings or contact us at info@surfconext.nl to discuss your strong authentication needs.

Released or old roadmap items:

  • Replace SURFsecureID signing key
    • Replaced 2025Q1
  • Support OpenID Connect
    • OpenID Connect is supported through the integration with SURFconext
    • Released november 2019
  • Support context-based strong authentication
    • Finished a Proof of context using SURFconext Authorization service (PDP)
  • Support multiple tokens per user
    • Released 12 juli 2018
  • Facilitate the re-use of tokens from commercial vendors
    • We created an interface (GSSP), php library and example that facilitates adding new token types to stepup
    • Released 12 september 2018