To help facilitate the collect-publish-update process, beginning October 2014 ORCID will be extending the timeframe during which ORCID Members may add new items or make updates to ORCID Records for which they have trusted party status granted by an individual. With this change, short-lived access tokens will continue to be valid for one hour, but an option for long-lived permissions which will last 20 years can also be requested.*
As always, user control over privacy, and the edit and maintenance of their record are among ORCID’s Principles. These enhancements include provisions for this user control.
Clearer Information to Researchers
How long will this write/update permission last? ORCID has assumed that each Member integration connecting to the ORCID Registry is recording the permissions granted by individuals, and storing the resulting access token. But, this is not always the case. With this update, Members can tell ORCID if they are storing these access tokens, so that ORCID can better inform individual Record holders about permissions duration. Those Members who store access tokens will be able to ask for long-lived write permissions and will gain additional benefits (see below). Those Members who choose not to store access tokens will benefit from clearer messages to users about the Member’s short-lived permission time horizon.
Members may Read, Add, or Update for a longer time period
Available in October 2014. For those Members who decide to store access tokens, we will be extending long-lived permissions for all interactions with the ORCID Record including:
- Reading the Record
- Adding new information
- Updating items that the Member previously wrote to an individual’s ORCID Record
- Updating biographical information
ORCID Record holders will see an option to provide either short-lived or long-lived permission, when Members request such permission via the Member API. If approved by the Record holder, the default behavior will be to grant a long-lived timeframe for all permissions, until such time as the permission is revoked by the Record holder or the permission expires.
- Members who do not store access tokens, do not use update scopes, and do not need long-lived permission to access records do not need to take any action.
- All Members that are currently storing access tokens, need to notify ORCID Support so that we can enable the long-lived permission for your clients and ensure that your integration will not break.
- Any members currently requesting an ‘update’ permission to add works, funding or affiliation information must migrate to requesting an ‘add’ permission instead. Additionally, you may ask for ‘update’ permissions to make changes to items you have added previously. (Updates to the ORCID bio section will remain the same and do not require using the new process.)
- Formerly, short lived tokens to add and update information would down grade to long lived read tokens. This will no longer happen, all permissions on a token will now expire at the same time.
- All previously issued access tokens will still have the lifespan assigned to them. Current long-lived access tokens for reading records will not be affected.
October 6, 2014: The first stage of this project to enable long-lived permissions will be available in the ORCID Sandbox for testing.
October 26, 2014: Assuming no issues are found, the project will be available in production.
March 2018: Registry updated to only support long-lived tokens.
Additional updates to how records can be updated will be coming in the following months.
Sample use cases
To better explain how this change can improve your ORCID integration here are a few sample use cases using the Automatic Update process
The publication “round trip”: Add a publication to an author’s ORCID Record upon publication WITHOUT asking for more permission!
- When an author submits a manuscript, get his/her ORCID iD through an authenticated method.
- When minting a DOI, include the authors’ ORCID iDs with the “person name” information.
- CrossRef and ORCID are establishing a process for new publications to be added to the author’s ORCID record.
- When an author submits a manuscript, request long-lived permission to add works to their record.
- When the article is published use the access token to post the work to the user’s record.
Keep employment / education information up-to-date.
- When creating a record, include employment or education information to indicate that the user currently works at your institution.
- When the user gets a promotion, changes departments, or leaves your institution, update the employment or education information with an end date without needing to contact the user.
Publish student dissertations even after they have graduated.
- Ask your students for long-lived permission to add things to their ORCID record.
- Once the dissertation is published, use the permission to update their record.
Keep your profile and the ORCID record in sync.
- Request long-lived read, write and update permission when linking an ORCID record to a profile in your system.
- When the profile in your system is updated, use the permission to read new data from the ORCID record and add new information from your system to the ORCID record, keeping your systems and the ORCID Registry in sync.
- Premium members also can subscribe to an update notification for the ORCID record for their system to be notified when the record changes, keeping your profile system in sync.
Add and update funding items on ORCID records
- When a researcher applies for funding, ask for long-lived permission to write to and update funding items on their ORCID record.
- When the researcher accepts funding, post the funding item to their ORCID record.
- If details of the funding change, such as amount or duration, update the funding information on the researcher’s ORCID record.
What do I need to do now?
If you are already storing access tokens, let us know at firstname.lastname@example.org by October 26th. We’ll enable this feature on your sandbox credentials for testing, and your production credentials so there is no impact to your integration.
If you are interested in this feature but not currently storing access tokens, let us know at email@example.com and we’ll enable this feature on your sandbox credentials for testing.
If you are currently using update/put scopes to add information to the affiliations, funding, or works section of ORCID records, you must migrate to requesting an ‘add’ permission for posting new items by 2015.
If you are not storing access tokens, don’t want long-lived permissions, and are not asking for update permissions, you do not need to do anything.
*Timeframes for short- and long- lived tokens are subject to change.