Provide clearer feedback on authorization requests

Completed
Follow
Jaap Eldering
When I tried to link my ScholarOne to my ORCID account, I was redirected to ORCID where it asked me to authorize ScholarOne to get permission to read and modify my ORCID data, both bibliographical and other contents. I rejected this because I do not want ScholarOne to be able to mess with my ORCID record, and it seemed they were requesting to many permissions. Only when reading the ORCID API call specification did I find out this means they can modify only records they have added themselves. I would suggest to make it clearer in the authorization request dialog that a third party can only modify records they added themselves, maybe in small print, just for the overly security conscious people like me.
1

Comments

1 comment

Sort by Date Votes
  • Official comment
    Alainna Wrigley

    Thanks for your message.

    The permissions requested by ScholarOne are determined by ScholarOne itself. ORCID provides a description of each permission requested clearly on the OAuth sign in/registration/authorisation form. The layout is standard for each OAuth form.

    A general description of the layout :
    ----

    [NAME OF ORGANISATION] {? icon: click to get more info about the org]
    has asked for the following access to your ORCID Record:

    [List of requested permissions -- see all possible ones here: https://members.orcid.org/api/orcid-scopes ] [Mouseover textbox for each permission to provide further detail]

    This application will not be able to see your ORCID password, or other private info in your ORCID Record. [Privacy Policy link]

    Example image: https://members.orcid.org/sites/default/files/oauth-form.png
    ----
    Each permission itself has further information, for example:

    /activities/update:
    Create or update your activities (mouseover: Will allow this organisation or application to add or update activities in your ORCID record)

    /read-limited
    Read limited information from your record (mouseover: Will allow this organisation or application to read limited access information in your ORCID record)

    /orcid-bio/update (/person/update):
    Update your biographical information (mouseover: Will allow this organisation or application to add or update biographical information in your ORCID record)

    --

    As above, who is requesting what and what they will do is clearly noted. Let us know at https://orcid.org/help/contact-us if you have any further questions.

    Warm regards,
    ORCID Community Team

    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post