...
- User visits Synapse page for sensitive data.
- User sees that data is Controlled.
- User opens dialog, showing text for the access restriction, e.g. "Please become 'verified' (following instructions on your home page), and send a description of how you intend to use this data along with the Synapse ID of this data to SynapseAccessandComplianceTeam@synapse.org".
- User visits home page.
- User clicks link "Become Verified". Portal sends her to the Synapse Terms of Use to re-take oath.
- After re-taking oath, Portal sends user to wiki that contains instructions... "Complete your user profile including name, organization; link your ORCID; then email SynapseAccessandComplianceTeam@synapse.org, including a completed ID verification document."
- User completes user profile and emails ACT, including ID verification document and data use statement.
- ACT receives email. From the user's Synapse user name (the prefix of the 'from' email address) ACT member determines the ACT management page https://www.synapse.org/#!ACTVerify:<username>.
- ACT reviews ID verification document and user profile.
- ACT member clicks 'Verify Identity' on verification page.
- Synapse captures snapshot of reviewed information (VerificationRecordVerificationBundle, below), records that user is verified, sends notification to user.
- "Verified" now appears on user's page. "Verify Identity" changes to "Remove ID Verification" on the ACT Page.
- User receives verification notification.
- ACT visits page for sensitive data, clicks "Grant access", finds the user based on their user name, and clicks "OK".
- User is notified that they are now granted access.
...
- Alert for unverified users with link to new help page (wiki).
- UI to show user is verified.
- New ACT place(page) to show VerificationRecord VerificationBundle and Verify/"Remove Verification" button
- Changes to support new profile field(s).
- Need to verify that a wiki can be created where links are popped up in a new browser window (so that the instructional wiki is a launching point). Need to support a way to link to current user profile page (special token, like "myself" that pushes the correct url into the browser history).
...
Services
| Description | Intended User / Authorization | URI | Method | Request Parameters | Request Body | Response Body | |
|---|---|---|---|---|---|---|---|
| Retrieve the information used to verify a user. | ACT member | /user/{id}/verificationInfo | GET | -- | -- | VerificationBundle | |
| Verify a user. TODO: If called a second time should we update the VerificationRecord? | ACT member | /user/{id}/verification | PUT | TODO: VerificationRecordHash?POST | verificationBundleHash | -- | VerificationRecordVerificationBundle |
| Retrieve verification info | ACT member | /user/{id}/verification | GET | -- | -- | VerificationRecordVerificationBundle | |
| Remove verification | ACT member | /user/{id}/verification | DELETE | -- | -- | -- | |
| Get UserBundle (incl. ORCID) | Public | /user/{id}/userBundle | GET | -- | -- | UserBundle | |
| Add ORCID to account | any authorized user | /auth/orcid | POST | -- | OAuthValidationRequest ORCID | TODO: Do we need to add a service to get the ORCID access token and a user's ORCID? |
...
UserBundle:
- isCertified
- isVerified
- hasSignedTOU
- isACTMember
- isAdmin
- userProfile
- ORCID
VerificationRecordVerificationBundle:
- isCertified
- isVerified
- hasSignedTOU
- first name
- last name
- organization
- email addresses
- ORCID
- verificationBundleHash