Skip to main content

Federated Identity

Making it easier for academic users to get access to password-protected resources is one of CLARIN's important goals. Rather than having to register a new username and password for each individual web application, academic users should be able to login with their existing institutional credentials. Accessing CLARIN applications becomes as simple as logging in to your own university's webmail.

To achieve this, the user stores from universities and academic institutions ('Identity Providers') are connected to password-protected web applications ('Service Providers'). This connection is based on mutual trust: the user logs in at the home institution (which checks the validity of the password) and then a signal is sent (via the protocol) to the protected website that the user is trustworthy. Additional details, like the name and the email address, can be sent along as well.

This approach has several advantages:

  • No lost passwords. Just use your existing account.
  • : once you have logged in, other web applications will recognise you automatically.
  • Sensitive information, like your password, never leaves the home organisation.
  • For Service Providers, it is easier to open up resources to the academic community.

These trust networks ('identity federations') already exist at the national level. CLARIN is working at crossing the country borders when logging in, so that e.g. a Danish researcher can access language resources hosted in Estonia. Work in the preparatory phase led to the creation of the Service Provider Federation - a construction that connects CLARIN Service Providers to a wide range of European Identity Providers.