Over the years, universities have developed many services to support local researchers. Whereas the focus for general applications seems to be shifting to the web, many research services---like storage, compute and scientific databases---remain solidly outside the web domain and are thereby hard to service by existing SAML-based identity management infrastructres. With increased international collaboration, the need to share these resources in a scalably way with users from other organizations, both nationally and internationally, and both from academia as from comercial companies. To enable this, we need both proper authentication and a way to handle authorization. In addition, there is typically a need for the service provider to be able to delegate part of the authorization to principal investigators within the university. This talk describes how SURF has developed a service, the Science Collaboration Zone (SCZ), based on the requirements of eleven communities and universities. SCZ was developed to enable institutions to easily yet securely manage and delegate access to both web based and non-web resources on their campuses. This paper reports what steps were taken to develop and deploy the service, both technically as well as in regard to policies. Finally, it also includes the results of testing the SCZ with these institutions and communities.