Hands-On ORCID API: Getting Authenticated ORCID iDs & Permissions Through Your IdP (Separate registration required)
Time 09/25/16 01:00PM-05:00PM
SEPARATE REGISTRATION REQUIRED: Register Here
ORCID iDs are persistent, unique, person identifiers. Authenticated iDs are being collected by funders and publishers who are propagating them with successful grant and publication submissions. They are being used in repositories and databases throughout the world associated with contributor’ names, to attribute work to the correct person. And research institutions are associating them with faculty and students during onboarding. As of February 2016 nearly 500 organizations globally are members of ORCID, over 60% of which are research institutions that also serve as IdPs.
In February 2016, ORCID enabled IdP SSO for all eduGAIN member institutions, allowing the first direct connection between the systems. More recently, ORCID introduced a process that enables IdPs to request authenticated ORCID iDs and user permissions to access their ORCID record, using a process that requires little programming or custom code for institutions. In this hands-on tutorial each participant will set up such a connection in the ORCID test sandbox site (https://sandbox.orcid.org/signin).
WHO SHOULD PARTICIPATE?
This session is designed for individuals interested in exploring how to collect authenticated ORCID iDs, and use the ORCID API to enable authenticated assertions of affiliation. Each participant will need a computer to participate. While the topics discussed are technical, no programming experience is required.
CURRICULUM AGENDA (4 hours)
PRESENTATION: WHAT IS ORCID? (30 min)
Learn about ORCID and ORCID iDs and how they work. Understand how organizations are using the ORCID registry to collect and display ORCID iDs, and connect and sync information between ORCID records and their own system.
ACTIVITY: EXPLORE THE ORCID REGISTRY (20 min)
Set up an ORCID iD in our test environment, and explore signing in with your IdP. Understand ORCID’s provenance model and its implications. Learn about the components of an ORCID record, how they get populated, and how they get used.
PRESENTATION: ABOUT THE ORCID APIs (30 min)
Discover ORCID API types and features, and understand ORCID’s test environment and the technologies that ORCID uses.
ACTIVITY: OAUTH BASICS (30 min)
ORCID’s API uses OAuth 2.0 as its protocol for a system client to obtain user permission to access the information stored in his/her ORCID record. In this section you will obtain system client credentials, and execute basic commands to request permission using a basic OAuth 2.0 3-legged flow. (Don’t know what that is? don’t worry! It will be covered in the session.)
PRESENTATION: THE CROSS-LINK BREAKDOWN (15 min)
Breakdown of the functionality that we are about setup.
BREAK (10 min)
ACTIVITY: API CREDENTIAL SETUP (30 min)
Set up ORCID Member API credentials to enable IdP cross linking. We will try it out, using Google OAuth playground to simulate the IdP website.
ACTIVITY: THE USER EXPERIENCE (30 min)
The technical connection is only part of the overall solution. What should you display to users when they authorize your system to connect with their ORCID records? What you should tell them if they deny your request? Using an ORCID template as a starting point, workshop participants will work together to craft messages and customize templates that will resonate with their audiences.
ACTIVITY: POST AN AFFILIATION TO YOUR UNIVERSITY (50 min)
Format data about the person’s relationship to your institution and post it to his/her ORCID record. Update the data that you’ve already posted to simulate updating data when an affiliation relationship changes..
Primary track Trust and Identity
Secondary tracks Information Security