Federated identity

Making it easier for academic users to get access to password-protected resources is an important goal of CLARIN. Rather than requiring to register a new username and password for each individual web application, academic users should be able to login with their existing institutional credentials. Accessing CLARIN applications becomes as simple as logging in to your own university's webmail.

To achieve this, the user stores from universities and academic institutions ("Identity Providers") are connected to password-protected web applications ("Service Providers"). This connection is based on mutual trust: the user logs in at the home institution (which checks the validity of the password) and then a signal is sent (via the protocol) to the protected website that the user is trustworthy. Additional details, like the name and the email address, can be sent along as well.

This approach has several advantages:

  • No lost passwords any longer. Just use your existing account.
  • : once you have logged in, other web applications will recognize you automatically.
  • Sensitive information, like your password, never leaves the home organisation.
  • For Service Providers, it is easier to open up resources to the academic community.

These trust networks ("identity federations") already exist at the national level. CLARIN is working at crossing the country borders when logging in, so that e.g. a Danish researcher can access language resources hosted in Estonia. Work in the preparatory phase led to the creation of the Service Provider Federation - a construction that connects CLARIN Service Providers to a wide range of European Identity Providers.