Raido users can now login via ORCiD #9
Replies: 1 comment 2 replies
-
|
I think it is reasonable to require users to provide us with an email address. At the very least we need to be able to contact them about service availability and (worst case scenario) security breaches. |
Beta Was this translation helpful? Give feedback.
-
|
I'd assumed we'd contact service-points for those rather than individual users via email. |
Beta Was this translation helpful? Give feedback.
-
|
Could force it to be entered at the initial service-point authorization page (where they select the service point they're requesting access to). |
Beta Was this translation helpful? Give feedback.
-
Feature is available in demo environment.
Note that orcid doesn't force you to make your email public. If it's private, Raido will try to use your name to identify you. If that's not
public, it falls back to identifying you by your orcid id.
This takes us away from being able to rely on any user having an email address we can contact them by.
But we sort of already lost that by jamming api-keys into the app-user table anyway.
Plus, I'm not sure AAF always provides the email address, that might be an assumption that just happens to hold for the ARDC-AAF integration.
We could enforce the user to allow orcid to publish the email (this appears to be what CILogon does, it failed when I tried to login because my orcid email is set to private).
We could also just force the user to provide an email address before they can do any mint/edit operation.
Beta Was this translation helpful? Give feedback.
All reactions