The support.orcid.org website is on a UserVoice platform that has a different privacy policy from our other sites. You may view the details at http://support.orcid.org/tos
X

ORCID iDeas Forum

Thanks for your ideas. The process to turn an idea into an active part of the ORCID Registry is described in the article How are new features decided? (see link) While we want to get to every suggestion, our limited staff time means that some features will have to wait until future development cycles. We look forward to reading your ideas.

I suggest that...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Implement API for token revocation

    At present, tokens can be issued using ORCID's OAuth API but they can't be revoked except by a user manually going to their Account settings on the main orcid.org website (https://orcid.org/account).

    OAuth providers such as Google provide the ability for a token holder to revoke the token via an API. For example, see https://developers.google.com/identity/protocols/OAuth2WebServer#tokenrevoke

    One current suggested flow of an application simply deleting the token from its database is unsafe, as the token is still valid (for up to 20 years) and is at risk of being found/brute-forced and abused. The other suggested flow of instructing the user…

    8 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for your suggestion to improve the ORCID Registry. This is a great idea, and it’s something that is possible to do using refresh tokens by revoking the original token. This will render the original token invalid and remove the active permissions in the user’s Trusted Organizations list.

      You can find our page on refresh tokens and example calls at our member support centre:
      https://members.orcid.org/api/oauth/refresh-tokens

      For the time being, we’re also going to mark this as under review, as having a specific call for token revocation may be something that we would like to implement in the near future also.

      Warm regards,
      ORCID Community Team

    • API v2.0 be allowed to update the biography as API v1.2 currently can

      We're beginning a project asked for by our academics to allow them to have an on campus "research hub" that can then push details of their publications, funding, etc out to the myriad of different third party services they use, including ORCID. As part of the early stage development of this I've got some code running the successfully updates a user's biography in ORCID via the v1.2 API in the sandbox. Works well.

      I've now read that API v1.2 will be retired later in 2017, so tried to move my code to API v2.0 in the sandbox. Unfortunately in v2.0…

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

        Thanks for your suggestion to improve upcoming versions of the ORCID API.

        Unlike most other parts of the ORCID record, the biography is a single field — it hasn’t a put code as it exists only in the singular. So to update it, your system would need to fully overwrite the biography, potentially removing what the user has already input.

        The rationale behind not having the biography field be editable by any party other than the user is the same as why users cannot edit data that a client application has added: only the source of the data should be able to edit that data.

        Could you provide some suggestions for consideration of how this could benefit users and workflows that could work for all parties?

        Thank you.

        Warm regards,
        ORCID Community Team

      • Allow users to grant organizations permissions granularly

        Currently when an ORCID member organization requests permission to access an individual's ORCID record, the user can only authorize all permissions for the long term, for a single instance, or not at all. A user also has the ability to revoke granted permissions from their personal account settings.

        It would be great if users could instead grant permissions granuarly, e.g. with checkboxes or sliders. Users could authorize the organization to read their ORCID iD and trusted party-visible data on their ORCID records, but not grant access to update their biographical or activities sections of their ORCID records.

        In addition, it…

        7 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

          Thanks for your suggestion to improve the ORCID Registry. We are going to put the idea under review by our team.

          Regarding granular permissions: It would be great if you could provide additional suggestions on how this might work, or examples of similar practice by other systems.

          Regarding panel to set defaults: This may be better for a new iDea. If this were implemented, it would likely be less granular than proposed as there are now only two permission scopes for an organization to add or edit data on ORCID records: /person/update (add/edit biographical details) and /activities/update (add/edit activities e.g. affiliations, funding, works, peer review). In addition, reading data on the ORCID record has record-wide permissions: /read-public or /read-limited.

          Warm regards,
          ORCID Community Team

        • Console to manage API credentials

          Managing API credentials, redirect URIs etc is cumbersome work for both ORCid Support in making changes and integrators and software developers requesting for changes. Google-style console to manage API credentials and properties associated to them would ease workflows for both parties.

          https://console.developers.google.com/apis/

          Sure, Google has a lot of functionalities added, but a simple list of API IDs for each consortium member and management interface to update API redirect URIs would be a good start.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

            Thanks for your suggestion to improve the ORCID Registry. We’re glad to hear that this is something that you’d like to see, as it’s something that we’d like to see too!

            Currently individual ORCID record holders can manage their ORCID Public API credentials by clicking Development Tools on the registry navigation (direct link: https://orcid.org/developer-tools).

            We have as goal to allow members to do the same on with the Member API credentials. You can keep a track of progress on this by following our public Trello boards: https://trello.com/orcid2

            Warm regards,
            ORCID Community Engagement and Support

          • develop more sophisticated workflows to reduce the chance of duplicate ORCIDs

            ORCiD should provide the domain names of all known email addresses during “Record Creation with API”, to reduce duplicate ORCiDs.

            for e.g:- I am “Tom Smith” working with AAF and creating a new record. Once I go through the registration process I would see
            ORCID iD Email First Name(s) Last name Institution
            0000-0001-0152-676x ****@qut.edu.au Tom Smith
            0000-0001-0182-8781 ****@latrobe.edu.au Tom Smith
            0000-0003-1552-634x ****@csiro.au Tom Smith
            This would at least allow me as a researcher to recognise the domains and decide if there is a record already belonging to me. As none of the domains are familiar to me, I would click…

            7 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              under review  ·  0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →
            • Add a version indicator to work XSD.

              A work's source provider needs to know what meta-data version of the was used. Add a version indicator to a work XSD. This indicator can be visible to the author, but it would not be displayed in the brief view.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

                Thank you for your suggestion to improve the ORCID Registry.

                Could you suggest where one would expect a version indicator to appear?

                Thank you.

                Warm regards,
                ORCID Community Engagement and Support

              • Enable .dev and other new TLDs in redirect URIs

                We need to use domain.dev for development on local environment. Otherwise we have to add 127.0.0.1 domain.com to hosts file for development. But .dev domains could not pass the url validator for redirect URIs

                9 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

                  Thanks for your suggestion to improve ORCID.

                  We’ve added this to the list of new features to be considered in the near future and shall update this thread accordingly when a decision is made.

                  Warm regards,
                  ORCID Community Engagement and Support

                • Offer JSON-LD representation

                  JSON-LD provides a nice combination of a simple syntax format while being linked data at the same time. Being able to get JSON-LD for an ORCID identifier would help both semantic web use cases as well as simpler one-off uses.

                  16 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                  • Provide exact matching for the search API

                    In case completed issues do not get any attention from ORCID, I would like to draw attention to the "completed" issue http://support.orcid.org/forums/175591-orcid-ideas-forum/suggestions/3656307-the-search-api-uses-partial-matching-for-fielded-s

                    As explained in that thread, API searches should provide _exact_ matching for certain fields, like identifiers.

                    13 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                    • Oauth2 scope to allow ORCID/end-user to grant field level access to an API

                      Currently ORCID end-users must grant an API either all/none access to their data based on pre-existing security/privacy settings. Please allow the Oauth2 "scope" parameter to "request" access to specific data elements which the ORCID/end-user could then say yes/no to on a per-request (authorization) basis.

                      This is successfully done in the Facebook Oauth2 implementation:

                      https://developers.facebook.com/docs/reference/dialogs/oauth/

                      scope: A comma separated list of permission names which you would like people to grant your app. Only the permissions people have not already granted your app will be shown

                      7 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →

                        Just to give an update on this:
                        We are still working on the process to request piecemeal access to scopes.

                        In the meantime, to address a question raised in comments about email access:

                        The majority of email addresses on ORCID records are set to private, meaning that even obtaining /read-limited access would not allow the client to read email addresses on an ORCID record.

                        We are currently working on a process to allow clients to request read access to email addresses, even if they are set to private on the ORCID record. The researcher will be able to uncheck this box to deny the client permission to read their email address, whilst allowing other permissions.

                        You can follow our developmental progress on this at our Current Development Trello:
                        https://trello.com/c/W9rPpV4v/2501

                        As always, let us know your feedback here or at support@orcid.org

                        Warm regards,
                        ORCID Community Team

                      • Improve delivery of the public data file

                        The public data file is currently published as an uncompressed tar file that contains two copies of the data: one in XML and one in JSON.

                        To save on bandwidth I suggest that you:

                        * Publish two separate files, one for each format. Users then only need to retrieve the data file they need, its very unlikely someone will want both formats.
                        * Compress the tar file using gzip

                        I'm not sure what your plans for updating the file, but I'd suggest that you keep some historical copies to allow some analysis, e.g. on growth of number of ORCIDs, etc.

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                        • Implement client-side OAuth authentication

                          So that client-side (usually Javascript) applications can interact with the ORCID API, please support client-side OAuth authentication.

                          Google's developer site has a good overview of how it should work: https://developers.google.com/accounts/docs/OAuth2UserAgent

                          11 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  API Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                          • Don't see your idea?

                          Feedback and Knowledge Base