The ITSERR – uBIQUITY platform provides three main user levels, each characterized by different permissions and responsibilities:

Researcher (basic user)

• Can access search functionalities, text comparison features, and create personal notes.
• Can save and reload personal research flows within their user profile.
• Does not have permissions for global data modification or management.

Reviewer (advanced user)

• In addition to basic functionalities, can provide comments and qualitative feedback on the results of performed searches.
• Has access to more advanced comparative analysis tools, useful for scientific validation.
• Cannot modify global settings or other users’ data.

WP Lead / Admin (administrator)

• Has access to all platform functionalities, including data management, user management, and system settings.
• Is responsible for client-side functional maintenance and overall monitoring.
• Currently, the WP Lead and Admin roles coincide.

Access to the platform is provided exclusively through a federated authentication system (SSO – Single Sign-On), integrated with the D4Science infrastructure. This mechanism allows users to employ a single digital identity to access multiple services within the D4Science ecosystem, ensuring security and consistency.

During the login phase, the user is redirected to the Keycloak authentication portal, where they can:

• enter their credentials if already registered;
• or select a federated provider for access (for example, an affiliated academic institution).

Once authenticated, the user is automatically redirected to the uBIQUITY platform homepage with an active session. (Figure 1)

Figure 1, Authentication

The registration of a new user does not take place directly on the uBIQUITY platform, but through the D4Science authentication portal. From the login form, the option “Register” is available, allowing access to the personal account creation module.

During registration, the following information is required:

• first and last name;
• institutional e-mail address;
• possible affiliation;
• acceptance of the service terms of use.

Once the procedure is completed and the identity has been validated, the user will be able to use the same credentials to access uBIQUITY and other federated services within the D4Science network.

The D4Science Keycloak system supports multiple federated identity providers, allowing access through academic institutions, research organizations, or other compatible platforms. This approach ensures interoperability and simplifies the user experience for users already registered with other European research infrastructures.

Examples of supported federated providers include:

• institutional Identity Providers (e.g. universities or research centers);
• D4Science accounts;
• other systems recognized through OpenID Connect or SAML 2.0 standards.

The entire access process takes place according to the following steps:

• The user clicks the “Login” button on the platform homepage.
• The system automatically redirects to the D4Science Keycloak authentication page.
• The user logs in through a federated provider or registers for the service.
• Once authenticated, a secure session token is generated (OpenID Connect).
• The user is redirected to uBIQUITY, where the session is recognized and validated.
• The top navigation bar now displays the user as “logged in”, enabling access to restricted functionalities.

This flow guarantees:

• authentication security and traceability;
• a uniform experience for all users within the D4Science network;
• the absence of locally stored credentials on the platform, increasing the protection of personal data.