Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Background

Synapse allows the option of user anonymity.  Email addresses are hidden.  Completing ones user profile (name, title, organization, bio) is completely optional.  However to allow  to access certain sensitive data we must have more complete information about the user requesting access.  It will be the job of the Synapse Access and Compilance Team to "verify" a user, based on reviewing information beyond that needed to create an account in Synapse.  The approach is:

  • Verification instructions on user's home page will instruct them to contact ACT (SynapseAccessandComplianceTeam@synapse.org).
  • User profile will have additional fields (ORCID, anything else?)
  • Other information will be included in the email.
  • After reviewing information, ACT clicks "Verify" on applicant's home page.
  • Synapse stores a snapshot of the user profile at the time of verification.
  • User's home page will show verification status.

 

Notes

In the proposed approach there's no batching of verification. there's no dashboard to show who is / isn't verified. The information in Synapse is on the user's page. The work list is the ACT email inbox.

 

Workflow details

  • User visits Synapse page for sensitive data.
  • User sees that data is Controlled.
  • User opens dialog, showing text for the access restriction, e.g. "Please become 'verified' (following instructions on your home page), and send a description of how you intend to use this data along with the Synapse ID of this data to SynapseAccessandComplianceTeam@synapse.org".
  • User visits home page.
  • User clicks link "Become Verified" which displays instructions, "Complete your user profile including name, organization and ORCID, then email SynapseAccessandComplianceTeam@synapse.org, including a completed ID verification document."
  • User completes user profile and emails ACT, including ID verification document and data use statement.
  • ACT receives email.  From the user's Synapse user name (the prefix of the 'from' email address) ACT member determines user's home page.
  • ACT reviews ID verification document and user profile.
  • ACT member clicks 'Verify Now' on user's home page.
  • Synapse captures snapshot of user profile, records that user is verified, sends notification to user.
  • "Verified" now appears on user's page.  "Verify Now" changes to "Remove Verification."  
  • User receives verification notification.  
  • ACT visits page for sensitive data, clicks "Grant access", finds the user based on their user name, and clicks "OK".
  • User is notified that they are now granted access.

 

Portal changes

 

 

Services

 

 

Open questions

does verification expire?
what sort of review is required later? E.g. will ACT need later to review the information used to decide to verify someone and, if so, where will that information be stored?

 

 

  • No labels