Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ORCID icon to contributors grid row for authenticated ORCID ids #116

Open
nils-stefan-weiher opened this issue Nov 29, 2018 · 15 comments
Open

Add ORCID icon to contributors grid row for authenticated ORCID ids #116

nils-stefan-weiher opened this issue Nov 29, 2018 · 15 comments

Comments

@nils-stefan-weiher
Copy link

Hi everyone,

during the work for pkp/pkp-lib#2818 and testing the new additions @alainna suggested, that it would be nice for editors to see at a glance which Authors have an authenticated ORCID id stored.

I talked with @NateWr in the pkp-dev Slack channel about this. He suggested something like this:

selection_079

What would be the condition for the display to come?

As per the ORCID display guidelines (https://orcid.org/trademark-and-id-display-guidelines#02-b) the icon should only be displayed for authenticated ORCID ids. I could check for the plugin specfic Author setting "orcidAccessToken", which is only stored after successful authorization by the owner of the ORCID id.

Edit: Added link to ORCID display guidelines
@NateWr
Copy link

NateWr commented Nov 29, 2018

As per the ORCID display guidelines the icon should only be displayed for authenticated ORCID ids.

This is interesting. Currently we display an ORCID icon whenever an ORCID URL has been entered for a contributor.

Removing them from the frontend display will likely effect a lot of journals who won't know about the authentication, and won't have any way of getting some contributors (who in many cases are not users in the system) to authenticate. Emailing a contributor who has not registered a user account would be a breach of GDPR. Has there been any discussion about what happens to existing ORCID ids that have not been authenticated?

If we are moving to a model where ORCID ids have to be entered and authenticated by the owner, that will probably disrupt our contributors-not-connected-to-a-user approach. And in that case we'll need to track status in the contributors grid -- similar to how Primary Contact and In Browse Lists is handled.

I'd like to get some more feedback on this and how we expect to manage this change.

@alexxxmendonca
Copy link

alexxxmendonca commented Nov 29, 2018
edited
Loading

If we are moving to a model where ORCID ids have to be entered and authenticated by the owner, that will probably disrupt our contributors-not-connected-to-a-user approach.

I see benefits in having contributors/authors associated with user accounts. One of the great things about ORCID is that it adds a layer of authentication, preventing fraud. When you allow someone to add ORCID IDs for anyone, that authentication is lost. By only allowing the owner of that ORCID ID to be one associating it with their account, you are certifying that that person really is who they are claiming to be.

I might be mistaken but I think ORCID doesn't recommend anybody else including ORCID IDs except the researcher owner of that ORCID ID.

Other benefits of having contributors/authors associated with user accounts: ability to track down submissions by co-authors; allowing co-authors to check on their submission status.

@nils-stefan-weiher
Copy link
Author

@NateWr , you wrote:

Emailing a contributor who has not registered a user account would be a breach of GDPR.

Is this true? Because that's what I have implemented for the OrcidProfile Plugin in the member-api Branch. The idea was that the submitting author or an editor could enter the contributor's email and request the ORCID authorization by ticking a checkbox in the metadata form.

@NateWr
Copy link

NateWr commented Nov 29, 2018

Is this true?

My understanding is that technically, yes, it is a breach. But there has to be a carve-out of some kind for one-off emails. Think about a forgotten password form, which allows you to enter any email address in and an email is sent off. So there must be an exception allowed for cases where one person asks for another person to be emailed. What that exception is, and how we can use it properly, I'm not sure.

@nils-stefan-weiher
Copy link
Author

Thinking about this, as this would be part of the publishing process, there has to be a prior agreement between the journal and the authors, so that the e-mail address can be used for communication purposes. This would only be a problem if an author uses the submission form and enters the other contributors e-mails without checking with them.

@asmecher
Copy link
Member

We should be treating ORCIDs as an opportunity to counterbalance our author/user account split: when both a user account and author record share the same ORCID, that's currently the only reliable way of knowing they're the same person.

I do worry about a shift in requirements for authentication basically sidelining all the ORCID data that's been entered until this point. But I see what ORCID's trying to achieve and think we should help facilitate that as much as possible.

The ORCID guidelines restrict the use of the orcid badge to authenticated users. How about if we still display/use ORCIDs that are not ithenticated, but without the badge? (IMO better still would be a different badge for unauthenticated uses, but I don't think ORCID has that.)

@heike-r
Copy link

heike-r commented Dec 3, 2018

Just a short note from an editor's side regarding this:

This would only be a problem if an author uses the submission form and enters the other contributors e-mails without checking with them.

Although it is best practice to contact all co-authors and have them agree to a publication, it is sometimes not possible for the submitting author to track down everyone who has contributed to a paper. Think about the student, who did measurements several years ago and has long left the lab. The submitting author then either enter their own email address along with the co-author's name or they omit the names on the submission form but still have them on the document. The editorial staff has then to enter the names into OJS afterwards, but without valid email address.
If I had to estimate, I would say this happens in about 10-15 % of all submissions to our journals.

@nils-stefan-weiher
Copy link
Author

The ORCID guidelines restrict the use of the orcid badge to authenticated users. How about if we still display/use ORCIDs that are not ithenticated, but without the badge? (IMO better still would be a different badge for unauthenticated uses, but I don't think ORCID has that.)

@asmecher Yes, this approach also came to my mind, while developing. I would prefer this as well.
Would it be a problem if there exists code in the core, which would check the accessToken field from the orcidProfile Plugin? I would prefer to have the display of the ORCID icon in the plugin, but that would be much harder to implement.

If I had to estimate, I would say this happens in about 10-15 % of all submissions to our journals.

@heike-r
Yes, this happens for our own journals as well, but because of digitalisation of back issues. Different cause but same effect.
As the ORCID id is not needed to submit, it could always be authorized at a later time, if the contributor contacts the publishing journal or primary author?

@heike-r
Copy link

heike-r commented Dec 3, 2018

@isgrim
Yeah, adding back issues is the other case, where we enter fake email addresses during submission. I was just a bit concerned about the general comment from @alexxxmendonca about the contributers-not-connected-to-user approach:

I see benefits in having contributors/authors associated with user accounts.

I think the current system is the most convinient one and if ORCID is not necessary on submission, everything should be fine.

However, I agree with @alexxxmendonca comment on the

ability to track down submissions by co-authors; allowing co-authors to check on their submission status.

If a submission in progress could be seen (but not altered) by co-authors, who have an account at the journal too, it would be nice (maybe an additional role 'co-author'?). The submitting author would have to indicate upon submission, that this specific account is his/her co-author. Since the unique identifier is the OJS username, but the submitting author most probably does not know that one, he/she would have to resort to another, publicly accessible unique identifier, which is associated with an OJS account. That could be a validated ORCID.

@alexxxmendonca
Copy link

IMO better still would be a different badge for unauthenticated uses, but I don't think ORCID has that.

How about a red "x" for not validated and a green "check" for validated?

@alainna
Copy link

alainna commented Dec 3, 2018

@asmecher :

The ORCID guidelines restrict the use of the orcid badge to authenticated users. How about if we still display/use ORCIDs that are not ithenticated, but without the badge? (IMO better still would be a different badge for unauthenticated uses, but I don't think ORCID has that.)

A different badge for non-authenticated iDs was also raised in the comments of the ORCID for Repositories discussion document, but to date ORCID does not have one. Perhaps something to be raised / suggested in the ORCID iDeas Forum?

@alexxxmendonca :

IMO better still would be a different badge for unauthenticated uses, but I don't think ORCID has that.

How about a red "x" for not validated and a green "check" for validated?

ORCID recommends the green iD icon for validated/authenticated iDs. Some systems use the red X for those iDs which haven't been authenticated -- but only internally, for example to an author in their personal profile or a journal admin in the metadata profile, as an indication that the author should authenticate their ORCID iD.

When displaying iDs non-authenticated publicly, we've previously suggested displaying the identifier only, hyperlinked, with an [unauthenticated] notice next to the identifier and "authenticated=false" in relevant metadata.

@alexxxmendonca
Copy link

Right. I meant internally indeed.

When displaying iDs non-authenticated publicly, we've previously suggested displaying the identifier only, hyperlinked, with an [unauthenticated] notice next to the identifier and "authenticated=false" in relevant metadata.

I see. That works both internally and externally.

@withanage withanage transferred this issue from pkp/pkp-lib Apr 7, 2020
@felixhelix
Copy link

felixhelix commented Jan 24, 2023
edited
Loading

@nils-stefan-weiher @withanage I just came upon this thread because I was not sure what the intended behavior of the ORCID profile plugin should be: I noticed that, in our case (using OJS 3..3.0.8, ORCID Profile 1.1.3.4), the plugin also displays already existing but not authorized ORCID IDs with the green badge on the article page: Is this the intended behavior?
Yours
Felix

@withanage
Copy link
Member

withanage commented Feb 2, 2023
edited
Loading

Hi Felix,
it should not be, that the green-badge should be only displayed, when authentication data is provided.
Could you open a issue for that, may be with a screen-shot or a link too. I will then come-back to that, as soon as I do a next release.

@felixhelix
Copy link

Thanks @withanage!

#232

@withanage withanage reopened this Mar 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@asmecher @withanage @nils-stefan-weiher @NateWr @alexxxmendonca @felixhelix @alainna @heike-r