We notice you are using a browser that our site does not support. Some features on this site may not work correctly. We recommend that you upgrade to a supported browser

Scaling Up: Easier ORCID iD Authentication for Everyone

Matthew Buys's picture

At its core, ORCID enables researchers to make connections between themselves (via their ORCID iD) and their activities and affiliations (via other identifiers and APIs).  These connections are asserted either by the researcher or, with their permission, by ORCID members.

Ensuring that researchers have control over their iD and the information connected to it is one of our core principles. To fully wield that control, researchers must be able to understand both what information has been asserted and who has made the assertion. Making this information transparent also helps build trust in iD-ID connections.

Assertion Anatomy

While assertions might seem straightforward, things can get complicated quickly. We care about three relationships in an assertion:  

  • Item origin - whoever published the activity or is the affiliated party  
  • Assertion origin - whoever collects the ORCID iD and makes the connection to an item
  • Source - whoever adds the information to the researcher’s ORCID record  

The “who” in these sources may be the same or different.  For example, a researcher can manually add something to their record, they can use a Search and Link Wizard, or they can give permission to a member to update their record.  At present, there’s no way of telling which of these three pathways were used to connect information to an ORCID record.

We think it is important to change that.  Doing so will both make it possible for researchers to request updates to incorrect information (such as a name misspelling), and for the consumers (such as universities, funders, publishers, and researchers) to make informed decisions about what information to re-use.

Engaging our Community

To explore methods for articulating assertions, we are launching Research Information Platform Engagement (RIPEN). The RIPEN program will allow us to test a technological approach to clarifying  the provenance of information on ORCID records, using JSON Web tokens (JWTs) to reduce the technical burden of integrating authenticated ORCID iDs into workflows. RIPEN brings together a number of projects and themes we have been working on since our launch, including researcher control, authentication, and auto-updates.

Our overarching goals for the RIPEN program are to:

  • Test our implementation. Ensure that our technology and messaging are easily understandable and meet community requirements
  • Improve data quality and trust. A primary goal is to improve trust in iD-ID connections, by ensuring adherence to ORCID best practices for authentication and assertion assurance
  • Broaden reach. Expand the community that can interact with ORCID technology by reducing technical development cost and barriers to implementation

Step-wise Approach

We will be rolling out the RIPEN program in three stages.  In the spirit of eating our own dog food, the first partner implementer is ... ORCID!  We will be testing out JWTs (pronounced “jots”) in our own systems, using them to collect authenticated iDs from staff, board and working group members, to delegate user permissions between our app for collecting iDs and our SalesForce CRM system, and to update ORCID records with affiliation assertions into ORCID records.  Another key part of the program is to collect data on the time and cost of implementing this technology compared with using our current three-legged OAuth methodology.  

We are starting our work now, and expect to share more about our progress around March 2019.  We are in the process of recruiting partners for Stage 2, which we anticipate launching early in 2019.   We will decide whether to move on to Stage 3 after evaluating the program in discussion with our Board, tentatively at their October 2019 meeting.

Stay tuned for more!

Related Posts and Pages