Both SURFconext and SRAM allow applications to make use of federated authentication and authorisation. Despite the similarities, there are also some differences. In general, applications who are (typical) research applications benefit most from connecting to SRAM, whereas 'enterprise' applications are probably best off using SURFconext. See the table below for a more detailed overview of the differences.
What | SRAM | SURFconext |
|---|---|---|
Policy | The collaboration admin decides who has access to which applications. Users from different organisations can use an application as soon as a collaboration decides it needs to use it. | The user's institution (through an IdP-manager) decides what applications to connect/use. applications can be used as soon as an institution connects the application. |
Supported protocols | SAML, OIDC and non-web (e.g. LDAP, SCIM, SSH) Users can be pre provisioned. | SAML and OIDC Please note that OIDC is not available for applications wanting to connect to international Identity Providers through eduGAIN Users can only be provisioned just in time. |
| Type of applications | Research applications, including small scale applications | All types of applications |
International | International collaboration supported maximally for both collaborations and SPs | Institution can choose to connect to eduGAIN SP's |
| Attribute release | A fixed set of attributes is released to all connected applications. | Which attributes are released is negotiated between SURFconext and the application on a case-by-case basis |