Page Comparison

...

• User's home page (profile) will indicate that user is not verified, and have a link to a wiki that describes why users may want to become verified, and instructions on how to become verified (including for them to email ACT with relevant documents, SynapseAccessandComplianceTeam@synapse.org).
• User profile will have additional fields (ORCID, anything else?) OR (TODO) there will be a separate page for ACT will send verification request via email, along with other supporting information.
• ACT visits a user-specific page to see containing verification information like user profile, email address(es) and ORCID.Other information will be included in the email/profile.
• After reviewing information, ACT clicks "Verify Identity" on applicant's home page or (TODO) on special approval pagethe page.
• Synapse stores a snapshot of the user profile (OR (TODO) the VerificationRecord) verification information at the time of verification.
• User's home page will show if the user has been verified.

...

In the proposed approach there's no batching of verification. there's no dashboard to show who is / isn't verified. The information in Synapse  The information for each user is on the user's page. The a page in Synapse.  The work list is the ACT email inbox.

...

• User visits Synapse page for sensitive data.
• User sees that data is Controlled.
• User opens dialog, showing text for the access restriction, e.g. "Please become 'verified' (following instructions on your home page), and send a description of how you intend to use this data along with the Synapse ID of this data to SynapseAccessandComplianceTeam@synapse.org".
• User visits home page.
• User clicks link "Become Verified".  Portal sends you her to the Synapse Terms of Use to re-verify take oath.  After verification  
• After re-taking oath, Portal sends user to wiki that contains instructions... "Complete your user profile including name, organization and ; link your ORCID, ; then email SynapseAccessandComplianceTeam@synapse.org, including a completed ID verification document." TODO adding ORCID may be separate from editing profile. 
• User completes user profile and emails ACT, including ID verification document and data use statement.
• ACT receives email.  From the user's Synapse user name (the prefix of the 'from' email address) ACT member determines the ACT management page https://www.synapse.org/#!ACTVerify:<username>.
• ACT reviews ID verification document and user profile.  TODO:  Should the page be the user profile or a special page constructed for the ACT having specific info?
• ACT member clicks 'Verify Identity' on user's home verification page.
• Synapse captures snapshot of user profile reviewed information (VerificationRecord, below), records that user is verified, sends notification to user.
• "Verified" now appears on user's page.  "Verify Identity" changes to "Remove ID Verification" on the ACT Page."  
• User receives verification notification.  
• ACT visits page for sensitive data, clicks "Grant access", finds the user based on their user name, and clicks "OK".
• User is notified that they are now granted access.

...

Open questions

does verification expire?

does ACT need to 'update' verification?  I.e. is it possible to verify but later to need to verify again to capture updated information?
what sort of review is required later? E.g. will ACT need later to review the information used to decide to verify someone?

Portal changes

On user profile page:

...

Open questions

does verification expire?
what sort of review is required later? E.g. will ACT need later to review the information used to decide to verify someone and, if so, where will that information be stored?