...
(4) Upon approval of the applicant(s), the token email(s) are sent to a predefined email address. The email includes a digital signature, authenticating it as being sent by from the NIH.
(5) Upon receipt of the email, the digital signature in validated, the tokens are extracted, and their HMACs validated. Since the tokens are time stamped, a time limit can be imposed, ensuring out-of-date requests are rejected. The tokens' contents are used to generate Access Approvals in Synapse, unlocking the data for those approved in NRGR. The applicants are added to the data access group. Email notification alerts the applicants to the completion of the process. The Synapse table record created in step (2) is updated, providing the Synapse Access and Compliance Team (ACT) a dashboard of approval progress. If a token is rejected (e.g. if the data is corrupt, the token is too old, or the signature is invalid), this is noted in the table. If the applicant's Synapse user ID can be discerned from the record, an email notification rejection notice is sent to them.
The NRGR approval process considers an entire lab to be approved once a lab P.I. has completed their process. Thus a new lab member may request access without involving NRGR. In this case we require the new user to perform step (1) and provide the token to the ACT, which is authorized to trigger step (5), bypassing the email from NIH.
...