Delegating ORCID tokens – background

Posted:   Updated: Categories Events, Technical
Posted on behalf of Neil Jeffries, University of Oxford

At the last Cultivating ORCIDs Meeting in Birmingham in June 2017, Neil Jefferies ran a working group looking at different approaches to implementing ORCID IDs. One of the outcomes was a common issue when it came to ORCID implementations and third party suppliers, namely, that institutional users needed to explicitly grant access to third party suppliers in addition to their own institution. This behaviour has a number of undesirable side effects:

  • Communicating this to users can be difficult since they are not always aware of these third parties
  • Getting consistent takeup across multiple systems can be difficult (user loses interest) which makes downstream integration more awkward than necessary
  • Institution has little visibility of these third party interactions – which can cause problems when suppliers are dropped or other issues arise
  • The only way currently round this is to let a supplier use the institutional key – which however then grants them *ALL* the rights can access that the institution has

On the 10th October a small group of interested parties (with representatives from Oxford, Imperial, Leeds, LSE, ORCID and Jisc) were hosted by Jisc in a small gathering to look at this issue and identify a possible route forward for consideration by the UK ORCID Consortium. This will be covered by a more detailed blog in due course.

However, the discussion also produced some other useful observations – one of which I will mention here…

At the meeting, Will Simpson of ORCID presented a very useful non-technical overview of how authentication and ORCID/OAuth tokens worked between institutional identity providers, other systems, ORCID and third parties. This level of information was felt to be something that was missing from the current offerings. While much material exists for end-users of ORCID and technical implementers, there appeared to be relatively little material available for those, such as repository managers, who fall somewhat between the two audiences. They require more information about how ORCID works behind the scenes but without needing the detailed technical underpinnings. As a result, members of the group will be working to turn Will’s informal overview into a suitable form for posting online for others.