...
- User visits Synapse page for sensitive data.
- User sees that data is Controlled.
- User opens dialog, showing text for the access restriction, e.g. "Please become 'verified' (following instructions on your home page), and send a description of how you intend to use this data along with the Synapse ID of this data to SynapseAccessandComplianceTeam@synapse.org".
- User visits home page.
- User clicks link "Become Verified" which displays instructions, "Complete your user profile including name, organization and ORCID, then email SynapseAccessandComplianceTeam@synapse.org, including a completed ID verification document."
- User completes user profile and emails ACT, including ID verification document and data use statement.
- ACT receives email. From the user's Synapse user name (the prefix of the 'from' email address) ACT member determines user's home page. ACT member can go to https://www.synapse.org/#!PeopleSearch:<username> to quickly find the user's home page.
- ACT reviews ID verification document and user profile.
- ACT member clicks 'Verify Identity' on user's home page.
- Synapse captures snapshot of user profile, records that user is verified, sends notification to user.
- "Verified" now appears on user's page. "Verify Identity" changes to "Remove ID Verification."
- User receives verification notification.
- ACT visits page for sensitive data, clicks "Grant access", finds the user based on their user name, and clicks "OK".
- User is notified that they are now granted access.
Portal changes
On user profile page:
- Alert for unverified users with link to new help page (wiki).
- UI to show user is verified.
- ACT Verify/Remove Verified button
- Changes to support new profile field(s).
Entity page:
- Ability for ACT to "grant access". This command needs to prompt for a user id, and then find an ACT terms of use for the currently shown entity. If successful, then it should create an access approval using this pair.
Services
Open questions
...