...
- User visits Synapse page for sensitive data (e.g. the Bridge data).
- User sees that data is Controlled (tier 3)
- User opens dialog, showing text for the access restriction, e.g. "Please become 'verified' (following instructions on your home page), and send a description of how you intend to use this data along with the Synapse ID of this data to SynapseAccessandComplianceTeam@synapse.org".
- User visits home page. Instructions say, "Fill out your user profile and link to your ORCID then click 'get verified'.
- User fills out their user profile, links their ORCID, clicks link "Become Verified".
- Form Page opens with slots for showing first name, last name, organization, location, country and ORCID, prefilled from user profile. Form also prompts , as well as email addresses and ORCID. Prompts for verification document. Form highlights fields which will become publicly visible (e.g. name and affiliation are visible, emails and attached doc's are not).
- User completes form and links ORCID (if necessary) and uploads uploads/attaches verification document, clicks "Submit."
- ACT receives notification of verification submission.
- ACT visits page listing pending submissions, clicks on one, opening up a display of the submission. This page also shows user's email address(es).
- ACT may reject submission: Submission is deleted; rejection notification is sent to user (including reason?); User may repeat "Become verified..."
- ACT may accept submission:
- Submission is marked as accepted.
...