We are sometimes asked “Why are researchers asked to sign in to their ORCID account when they make a connection?”, or “Why can’t users just copy and paste their ORCID iD into a system?”. There are two reasons why signing in is so important. Firstly, when a researcher signs in (or “authenticates”), they can choose what happens to their account - it keeps them in control of their own information. Secondly, once a researcher has signed in, the connections they make to their ORCID iD are more useful - to them and to anyone else who wants to see those connections.
Let’s start by looking at what information a connection actually contains. We’ll use an example of a common connection: a link between an author and a journal article.The author is identified with their ORCID iD, and the article is identified with a DOI. A simple ‘back of an envelope’ sketch might help to explain what is going on...
When the author has signed into their ORCID account to make the connection, they can choose to add their iD to the article. They can give permission (or ‘authorize’) for the journal to add information to their ORCID record, and they can give the journal permission to update their record if information about the publication changes. Anyone who looks at this connection can see how the connection was made, and who made it.
This information is what we mean when we talk about ‘provenance’.
Without signing in, there is no provenance information, as shown in the following sketch.
With no provenance, there is no way of knowing if you can trust the connection between (in this case) the researcher (the iD) and her/his work (the DOI). It may contain errors, or it may not belong to the author. Worse, this connection is closed - it cannot be used to add information to an ORCID record or supporting systems, nor can the publisher update it in the future if the information changes.
Signing in ensures the researcher has control over what connections are made to their iD and what happens to their ORCID record. We have worked hard to ensure researchers have this control; researcher control is one of our main principles. This means that organizations must ask for permission to use the individual’s iD or to add and update information in their record, or ask for access to read data available to trusted parties in their record.
In addition to managing what is connected to their iD, researchers also decide how to share that information.
Information researchers mark as visible to "everyone" is available to the public. Other information can be made visible to "trusted parties" only, which means organizations must ask for permission to see it. Finally, researchers also have the option to mark items as visible to "only me" -- private. They can do this for each individual item in their ORCID record, or set a default visibility for all their items.
Asking for explicit permission to interact with a researcher’s record is best practice in data protection. You can find out more about what that means here. Researchers know who is asking for permission, and what exactly they are asking for permission to do. This means that they are giving informed consent before any information moves between systems. Researchers can see what permissions they have granted by looking at their account settings, and they can cancel permissions at any time. For more information, please see Granting Access to Third-Party Organizations.
We mentioned trust already. Trust is very important to ORCID. In fact, it’s so important, we built a whole program around it. Researchers need to be able to trust us to look after their information, and to make it easy for them to control their record. Organizations need to be able to trust the iDs that they use and to ensure the information they’re connecting to an ORCID record is trustworthy. In turn, this will mean that everyone can trust this information.
The provenance information that is created when a researcher signs in (authenticates) is an essential part of trust. It shows which connections have been made. It means that the iD itself has been passed directly from one computer to another (using our API - you can find out more about the technical details of that here), so there are no typos or mistakes. Plus, iDs can only be authenticated by a researcher with the correct username and password for that iD, so you can be confident that permission was given by the account owner.
By using authentication, and connecting systems to ORCID using the API, our members protect researchers (by doing the right thing under data protection law, and by helping them to understand why and how their iD is being used) and they protect themselves by using secure, trusted connections. It helps everyone to be able to see if information about an article has come from the journal that published it, or if information about someone’s employment has come from their employer. We all have a responsibility to help make sure that the information we share is accurate, and that it is shared in a way that is useful to the community.
At ORCID, we think a lot about how we can help our members, and the more than 3 million researchers who have registered for an iD, to stay in control of their information. Authentication is one of the best tools we have to deliver that control to you, our community.
In this interview Rob Peters, ORCID's Director of Technology, introduces ORCID's new API – launched on February 14, 2017Before we start talking about the new API, can you tell us a bit about ORCID’s Technical Team and your role as Director?
At first glance, the ORCID team looks much like any other technical team. We have five developers, a server administrator, a quality assurance analyst, and, of course, a manager (me). However, where it gets interesting is our different geographical, cultural, and work backgrounds. Three of us are US-based, three are based in Costa Rica, and two are based in the UK, so geographically we get a lot of perspective. In addition, some of us are from traditional software consulting, others come from the publishing industry, “Silicon Valley” startups, and library sciences.
My personal role as Director of Technology is managing the day-to-day software development. That boils down to helping my team communicate with each other and the rest of the organization, as well as managing which tasks the team takes on (and which get put off). I also get the opportunity to have a lot of input on higher-level strategic decisions ORCID makes.Moving onto API version 2.0 – why do we – ORCID, as well as the ORCID community – need this upgrade?
The first ORCID API, which launched in October 2012, was inevitably based on many assumptions that later proved wrong and/or required refining. To better serve the research community, we have to continuously examine those assumptions. Using feedback, asking questions, and looking at evidence that wasn’t available before we launched has given us new insights into what the ORCID API should and shouldn’t be. As you’ll see from my answer to the next question, Version 2.0 represents a major break from the assumptions that 1.0 was built on, while still being pragmatic enough to provide continuity between the two APIs.What are the main differences between 1.2 and 2.0 and how will they benefit members?
In developing 2.0, we wanted to both address the roadblocks that members have been hitting with 1.2 and also introduce new functionality that we know the community wants.
So as well as tackling known issues such as scalability in managing hyper-authored publications, and challenges with implicit behavior that were causing confusion for members, we have also added new functionality to support peer review recognition, improved notifications for users, and the ability to support almost any persistent identifier.
To explain why some of these changes were needed, I'm going to get a bit technical. Before we set out to code a single new line, we made a list of things we wanted to see improved, with the following "manifesto":
- Stop thinking of the ORCID record as a monolithic (large single) document. Multiple institutions writing to an ORCID record means recognizing the record is multi-tenant. Additionally, researchers often produce such vast amounts of research that even summaries of it won't fit in a monolithic document.
- Simplified scopes. The granularity of permissions scopes in the 1.0 API is overwhelming for all parties involved; simplifying them will make life easier for developers and users alike.
- Explicit RESTful behavior. Implicit behaviors are bad for implementers since they lead to unexpected behavior which, in turn, confuses end users. By using RESTful behavior, our new API avoids these problems.
- Shortest reasonable urls. A good example would be /works/1234 is better than /orcid-works/1234.
- Calls to list only return summaries. In order to make calling a record faster, API 2.0 only returns summaries for lists. Doing one call for every piece of information about a researcher doesn’t work for hyper-authored articles, where there are tens, hundreds, or even thousands of authors.
- Common names and structures for common elements. 2.0 enables us to make sure common elements in the XML/JSON have the same names.
- Error codes. We now include error codes in the response body when the error is not fully described by a standard HTTP code.
At the end of the day, an API should be seamless to users. Unexpected 1.0 behaviour bubbles up and affects the user's experience while at the same time frustrating the developers who are implementing the API. On a practical level the new API enables streamlining each section in the ORCID record to consistently provide application of visibility settings, source, and creation date for items in each section.Will this affect the Public API as well? How?
Yes. Changes to the Member API and Public API are always in lockstep. Although we appreciate and rely on member support we also are committed to our larger vision “of a world where all who participate in research, scholarship, and innovation are uniquely identified and connected to their contributions across disciplines, borders, and time.” We see the Public API as a means of helping achieve that goal.What do you think will be the main challenges in rolling out the new version, and what support will ORCID be providing?
The hardest issue is putting aside resources to do the work to upgrade. For some organizations it might be as little as a couple of days and other might require a full month. Regardless of the timeframe, don’t be afraid to reach out and ask for help, even for a little detail that is stopping your progress. Full documentation is available now on members.orcid.org and ORCID member organizations can also contact firstname.lastname@example.org. Posting to the API Users Forum can be useful, bringing in comments from across the ORCID community. I’m also a firm believer in being directly available, so feel to email me directly.Who is currently using API 2.0 and what sort of feedback have they provided?
We put a lot of effort into making release candidates available in order to get feedback. CrossRef, Datacite, CERN, and PTCRIS are just a few of the ORCID members who’ve implemented a release candidate and provided feedback. In addition, several organizations have implemented peer review functionality using 2.0, including early adopters, the American Geophysical Union, F1000, and Publons. Feedback has included the usual “techie” suggestions such as names used in schema, endpoint naming, or debates about efficiency. Those kind of details can have big implications for members. However release candidates implementers also provide feedback from the researcher's perspective, which we find invaluable.How long will ORCID continue to support the old API?
We are aiming to sunset 1.2 in late 2017. Regardless of the sunset date, if you agree with ORCID’s mission and care about researchers interact with ORCID you’ll want to move to 2.0 now.Anything else we should know about this change?
We hope 2.0 proves to be durable and we can focus on other parts of the ORCID technology stack for a good while!
For a fun and handy summary of API 2.0 features, see this slide deck!Blog
For many researchers, their first encounter with ORCID is seeing a green iD icon beside an author’s name in a journal article. As more publishers integrate ORCID into publication systems, and some requiring ORCID in publication workflows, more researchers are encountering iDs as they submit their work. At the same time, we have been receiving more requests from publishers about appropriate display of ORCID iDs in published works.
In July 2016, we formed a community working group on the display of ORCID iDs in articles to review and update our existing display guidelines. The working group has collected questions, recommendations, and use cases from the community, taking into consideration that styles and spacing concerns will differ between publishers, journals, and individual articles. We are now releasing the draft guidelines in an open Google document for public comment. Following the public comment period, the working group will review and, as appropriate, incorporate feedback and release the final guidelines.
The draft guidelines set three clear goals: to help promote the use of ORCID iDs by authors by increasing visibility in the publishing process; to provide clear display options to support consistency in implementation and use; and to provide criteria so publishers can assess display effectiveness.
IDs must be clearly associated with their respective authors. The iD display should always include an active hyperlink to the ORCID URI. The guidelines encourage that ORCID iDs be included with Crossref submissions (which, in turn, allows researchers to benefit from automated updates to their ORCID record) and in CrossMark deposits. Finally, they also give recommendations on the display of ORCID iDs in hyper-authored articles – those with 50 or more authors.
There are two specific areas where the guidelines would benefit from community feedback:
- Display effectiveness assessment: What is effective iD display, and how should publishers measure it? Is it clearly marking the ORCID iD in some form? Providing a full display of the iD icon and http(s) URI, both hyperlinked? Displaying the iD in all forms – html, pdf, and in metadata? Should display be assessed in tiers based on a combination of elements?
- Encouragement of HTTPS: ORCID is moving toward the use of HTTPS when displaying iDs for more secure browsing. While we haven’t yet made this change, we recognize that it would be a significant change for those organizations using ORCID APIs. The HTTP display is the version most commonly used by publishers and others when displaying ORCID iDs – particularly in the metadata deposited in Crossref. Your input on challenges this change would cause for your organization or community would be very helpful.
We invite you to submit your comments, questions, and concerns in the shared Google document or by email to email@example.com. The open period for input is February 10 - March 31, 2017. We look forward to hearing from you!Blog
We have two big milestones coming up in 2017: celebrating ORCID Pi Day (our 3,141,593rd registrant - coming soon!) and the fifth anniversary of the ORCID Registry launch in October. We are also planning to launch our first community awards, for excellence in integrations.
We wouldn’t be here without your support. We are built by and for the community, and we rely on your trust and continued involvement. Trust, transparency, and inclusiveness are at the core of everything we do - all of our guiding principles relate back to one or more of them.
It’s more important than ever to expose how information is connected, involve individuals in managing their information, ensure that we have a reliable infrastructure and transparent governance. For us, that means using persistent identifiers for people, places, and things.
Building trust requires the active participation of everyone involved - the individual innovators and the organizations providing innovation infrastructure. That means using your ORCID iD. Integrating ORCID iDs. Ensuring implementation of best practices: authorization, authentication, and automation.
In solidarity, we will be eating our own dog food. Practicing what we preach. Demonstrating through our actions. Being an exemplar for best practice. ORCID team members will have authenticated affiliations. We will be collecting ORCID iDs from workshop participants and connecting these activities to their ORCID record. We will be embedding ORCID iDs and DOIs in our blog posts, presentations, and white papers. We are participating in a broad community effort on organization identifiers.
Another part of trust is making sure that ORCID services are here for the long term. We have begun work on our five-year strategic plan, and will be engaging you for input and feedback throughout the year. Please join us at our regional workshops, member meetings, and on our regular webinars. Share your ideas!
But that is not all! We will also be working on improvements for users, including making password reset much much easier! (I can hear a collective sigh of relief!)
We have a lively dance card for 2017. In past years we shared our technical development goals; this year we have expanded our public roadmap to include goals across the organization, now available on our public Trello board. Organized around our three guiding pillars - Sustain, Lead, Mature - all members of the ORCID team (that includes you) will be working on these goals.Sustain
- Financial breakeven: Achieve the point of financial break even - when monthly accrued revenue is equal to the monthly expenses
- Improve support for our Ambassadors and partners: To enhance the effectiveness and cohesiveness of ORCID community outreach programs
- Expand Collect & Connect: Build on the momentum created in 2016 to establish Collect & Connect at the heart of all current and future ORCID integrations; improve support for member integrations; publicly recognize the best of those integrations; and encourage the sharing of best practices and other learning points
- Improve quality of Registry and services: Improve functionality and services that already exist, with each department focusing on ongoing pain points to solve for 2017
- Ensure prudent, community-based decision-making: Track KPIs, re-examine why we are collecting them, and think about the health of ORCID in the context of the health of the larger research ecosystem
- User/member interface improvements: Improve data management interfaces for Registry and API users, with a specific focus on member self-management and Registry UI improvements
- Eat our own dog food: Implement Collect and Collect processes for ORCID staff and in our interactions with our members and users, such as ORCID meetings, membership contact management, and how we share information externally
- ORCID milestones: Celebrate our milestones! Use ORCID's own Pi Day and our fifth anniversary to take stock of our progress, look to the future, and engage with our community
- Build momentum across policy bodies and sectoral influencers: Shape conversations in key sectors about PIDs and scholarly communications more generally to ensure that our vision is influencing the widest possible audience
- Explore new user communities: Further develop the diversity in our member communities, and expand the base from which future memberships will be realized
- Develop and roll out ORCID curriculum and training resources: Transform our approach to outreach and training to be more strategic, proactive, and forward-looking
- Improve consortia onboarding and sharing of effective practices: Strengthen the ability to share ideas and effective strategies within and between consortia
- Improve resilience of ORCID services: Build a resilient organization, using multi-tiered approaches to buffer against the unexpected and ensure longevity of the Registry and associated services
- Lead in developing and implementing trusted researcher-centric infrastructure: : Continued leadership in privacy practices, including developing policies, updating practices, and rolling out staff training and external services
You may track our progress on the Trello board throughout the year, and we will be reporting back regularly via our blog, Twitter, at ORCID events, and more. I welcome your ideas, comments, and support!Blog
We are delighted to announce that KoreaMed, a service of the Korean Association of Medical Journal Editors (KAMJE), now allows researchers to search, select, and link KoreaMed articles directly from the ORCID interface to their ORCID record.
Since its launch in 1999, KoreaMed has focused on providing global access to Korean medical journals by preparing all the metadata in English and aggressively adopting global publishing standards such as PubMed XML, JATS, and DOI. “It was only natural to integrate ORCID in KoreaMed, considering the difficulty of name disambiguation in our country,” said Dr. Tae-Il Kim, Professor and Vice Dean of the School of Dentistry at Seoul National University and Vice Chairman of the KAMJE Information Management Committee.
The three most common Korean last names - Kim, Lee, Park - account for nearly half of the Republic of Korea’s population, and these names can have multiple transliterations. Soon after the ORCID Registry started in October 2012, KAMJE introduced ORCID to its journals, and made it possible to search authors by their iDs in KoreaMed and Synapse, KAMJE’s digital archive and DOI landing platform. KoreaMed indexes more than 200 journals, many of which already facilitate the ORCID auto-update by Crossref so that newly published articles are added to ORCID records automatically once granted permission by the author.
“KoreaMed's archives go back to the 1950’s. Previously, adding these old articles to ORCID records was difficult as they don’t have DOIs and are not searchable in Crossref Metadata Search or other tools provided by ORCID,” said Dr. Choon Shil Lee, Sookmyung Women’s University professor and KAMJE Committee member. With the new KoreaMed Search & Link wizard, however, researchers publishing in Korean journals can easily add their past publications and make their ORCID records more complete. Once an article is claimed, it will be searchable by ORCID iD (as well as by researcher name), providing a more accurate author search in KoreaMed. The works added to ORCID records from KoreaMed will retain their KUID, a unique article identifier in the database, making it possible for other ORCID integrators to match articles easily by known KUIDs.
For a step-by-step introduction to this new tool, please see Dr. Lee’s slides presented at the KAMJE Editor’s Academy on December 9, 2016.
“KAMJE is operated by a group of researchers and journal editors. We are all enthusiastic to improve the accessibility and visibility of our own work. Local journals in any country would be less visible from the rest of the world unless we in the research community make the effort ourselves,” said Dr. Oh Hoon Kwon, KAMJE Vice President and Information Management Committee Chairman. Their volunteer spirits resonate well with ORCID’s community-driven approach, and we welcome the addition of KoreaMed Search & Link Wizard.
Dr. Choon Shil Lee, presents KoreaMed's Search & Link Wizard at the KAMJE Editor’s Academy, December 9, 2016Blog