This is an old revision of the document!
Table of Contents
Roles and Authentication
General Description
The DaMSym system (WP4) adopts a controlled access model based on roles, which determines the rights and functionalities available to each user.
Authentication is performed through the D4Science platform, which provides a secure and centralized infrastructure for identity management, using Keycloak as the SSO (Single Sign-On) provider.
This integration allows ITSERR and RESILIENCE users to access all related tools (such as Ubiquity, DaMSym, Sanctuaria, etc.) using the same credentials, while maintaining consistent control over profiles and permissions.
User Types
The system defines four main user profiles, each with a specific set of functionalities and permissions.
Each role determines the actions allowed within the interface, both for semantic search and for resource management and review.
| Role | Description and Permissions |
|---|---|
| Guest (unauthenticated user) | Can freely access the homepage and use semantic search in all available languages. Has no access to restricted areas and cannot add or modify resources. |
| Researcher | Authenticated user who, in addition to search functionalities, can add new resources (Add Resource), edit existing texts (Edit Texts), modify associated metadata (Edit Metadata), and add new metadata (Add Metadata). The Researcher also has access to a personal Dashboard for managing their submissions. From the Dashboard, the Researcher can access the Corrections section, where the list of modification requests related to submitted resources is available. |
| Reviewer | Has the same functions as the Researcher, with the additional ability to evaluate search results through a feedback (rating) system accompanied by descriptive notes. Reviewers also access their personal Dashboard. From the Dashboard, the Reviewer can access the Corrections section to view the list of modification requests associated with evaluated resources. |
| WP Lead | Supervisory and control role. In addition to all previous functions, the WP Lead can approve or reject resources submitted by other users, view all feedback, and export ratings provided by Reviewers. From the Dashboard, the WP Lead can also manage fonts dedicated to the Church Slavonic language and access the Corrections section, where modification requests related to texts and metadata submitted by Reviewers or Researchers are collected and managed. |
Platform Access
Access to the DaMSym portal is provided via a dedicated URL: 🔗 https://damsym-itserr.d4science.org
The homepage displays the “Login” button located in the upper-right area of the interface.
By clicking it, the user is redirected to the authentication page managed by D4Science / Keycloak, where one of the following access methods can be selected:
- D4Science account – login using personal credentials already registered on the platform;
- Federated institutional account – login through an academic or university provider recognized by RESILIENCE;
- Other enabled Identity Providers – external login through compatible federated systems (e.g., partner institutions or accredited research centers).
Authentication Procedure
The access flow consists of four main steps:
- the user selects “Login” from the top navigation bar of the portal;
- the system automatically redirects to the Keycloak / D4Science Login page;
- after authentication, Keycloak validates the credentials and returns a session token to the DaMSym platform;
- the user is redirected back to the homepage, now enriched with functionalities specific to their role.
The system keeps the session active for the duration of navigation or until manual logout via the user menu.
User Menu
After authentication, the user profile icon appears in the upper-right corner of the screen, opening a dropdown menu containing the following entries:
- Dashboard → access to the personal section for managing resources and feedback;
- Logout → system logout and termination of the current session.
For users with the role of Researcher and Reviewer, the Dashboard presents a simplified view. Specifically, these users can access only the following sections:
- Dashboard – overview of personal resources and associated feedback;
- Corrections – section dedicated to managing modification requests related to texts and metadata.
For WP Lead users, the Dashboard includes the following sections, displayed in order:
- Dashboard – general overview of resources and feedback;
- Corrections – section dedicated to managing modification requests related to texts and metadata;
- Add Fonts – section for managing and adding fonts specific to the Church Slavonic language;
- Ratings Export – functionality dedicated to exporting feedback (ratings) provided by Reviewers.
Session Timeout and Security
For security reasons, the system implements a session timeout mechanism. In case of prolonged inactivity, the user is automatically logged out and redirected to the login page.
Authentication is entirely managed by D4Science / Keycloak, ensuring compliance with European data protection standards (GDPR) and with OAuth2 and OpenID Connect security protocols.
All credential exchanges occur in encrypted form (HTTPS/TLS).
Anonymous vs Authenticated Access: Summary
| Functionality | Anonymous Access (Guest) | Authenticated Access (Researcher / Reviewer / WP Lead) |
|---|---|---|
| Semantic search execution | ✔️ | ✔️ |
| Results visualization | ✔️ | ✔️ |
| Add resources | ❌ | ✔️ |
| Edit texts / metadata | ❌ | ✔️ |
| Feedback submission | ❌ | Reviewer (submission); WP Lead (view only) |
| Dashboard access | ❌ | ✔️ |
| Rating export | ❌ | WP Lead only |
Logout
Logout is performed by selecting the “Logout” entry from the user menu.
At the end of the session, the user is redirected to the public homepage in guest mode, temporarily losing access to all restricted functionalities.