When I tried to link my ScholarOne to my ORCID account, I was redirected to ORCID where it asked me to authorize ScholarOne to get permission to read and modify my ORCID data, both bibliographical and other contents. I rejected this because I do not want ScholarOne to be able to mess with my ORCID record, and it seemed they were requesting to many permissions. Only when reading the ORCID API call specification did I find out this means they can modify only records they have added themselves. I would suggest to make it clearer in the authorization request dialog that a third party can only modify records they added themselves, maybe in small print, just for the overly security conscious people like me.
Please sign in to leave a comment.