Why ORCID and Higher Ed Identity and Access Management


Published on

Panel discussion: Why ORCID? Perspectives from the university community

Moderator: Barbara Allen, Executive Director, Committee on Institutional Cooperation


Karen Butler-Purry, Associate Provost for Graduate and Professional Studies, Texas A&M University
Keith Hazelton, Senior IT Architect the University of Wisconsin-Madison/Chair of Internet2 MACE-Dir working group
Neil Jacobs, Programme Director, Digital Infrastructure, Jisc
Yan Shuai, President, Society of China University Journals (CUJS)

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Why ORCID and Higher Ed Identity and Access Management

  1. 1. Why ORCID and Higher Ed Identity and Access Management (IAM) ORCID Outreach, Chicago, May 21, 2014 Keith Hazelton, Internet2, Univ. of Wisconsin-Madison
  2. 2. • ORCID adoption team—level of coordination with campus Identity and Access Management (IAM) team • Look at possibilities and limitations of two extremes – No coordination or integration – High level of coordination with joint planning and execution ORCID Adoption Projects: Contrasting Models
  3. 3. • Why this might be the case – Campus IAM infrastructure is low on maturity scale – IAM team has few resources for collaborative projects – Lack of buy-in from IAM leadership • This is a viable path but one with limitations ORCID Project in Isolation from Campus IAM
  4. 4. • A campus-based clinical and translational research Center • Authors of research publications include – Campus researchers – Practicing MDs at associated Clinics where clinical trials are run • Center wants all authors to have ORCID iDs – carried in the Center’s research network system – Included when manuscripts are submitted to external journals for publication – Included in grant proposals to NIH, CTSA Hypothetical Single-unit ORCID Initiative
  5. 5. • Center obtains ORCID membership • Has to maintain a registry of researchers/clinicians/authors – Including (automated) registration processes – Assignment of a local registry identifier to each person – Assignment of ORCID iDs – Storage of ORCID iDs as an additional data element in the registry • Has to provision ORCID iDs into VIVO or other researcher networks Hypothetical Single-unit ORCID Initiative
  6. 6. • Decide on the ORCID assignment/intake process – E.g., Is it all in-coming faculty? – Plus all entering grad students? • Build the assign/claim/register process for ORCID iDs to feed directly to the IAM “master data” store, aka “identity registry” as an additional person data element • What does a mature IAM infrastructure provide? Coordinated IAM / ORCID Team Project
  7. 7. • For each individual carrying a relationship to the campus, the IAM infrastructure provides – An institutionally maintained single digital identity – To which the individual’s possibly multiple roles and affiliations are linked – A unique campus identifier that can be cross-walked to various IT system-specific identifiers • IAM also provides a service to manage permissions for access to variety of resources to individuals or groups – Management can be delegated to the appropriate role Campus IAM: Characteristics of a Mature System
  8. 8. • Build processes to verify the association of – ORCID iD xxx with IAM person ID yyy – Carry verification status in metadata – Best done by a self-service process • Authenticate with campus-issued credential • Once in the application, send user off to ORCID to authorize release of their “official” ORCID iD to the app. • If the two match, mark as verified Coordinated IAM / ORCID Team Project
  9. 9. • How do other campus centers or units leverage the IAM-registered ORCID iDs? • 1) Provide an identifier cross-walk service to other campus systems • 2) Promote app design where users authenticate with campus credentials and the login service sends back ORCID iD along with other attributes – This can be extended to external services via federation (InCommon) • In either case, local systems can associate their native identifiers with corresponding ORCID iDs Coordinated IAM / ORCID Team Project
  10. 10. • Extends readily to support additional uses of ORCID • E.g., Initial adoption by Clinical/Translational Research Center • Follow-on projects: – Integrate with an institutional repository project – Integrate with a faculty effort reporting system – Integrate with research and sponsored programs services – Integrate with data management services Advantages of a Coordinated Approach
  11. 11. • By offering IAM as a shared service, frees up local unit staff to focus on mission-supporting services • In cases where one individual has more than one ORCID iD – Resolution process done once in IAM identity registry – Facilitates provisioning of single resolved ORCID across distributed data repositories • Investments are leveraged: Enhancements to ORCID support in shared IAM infrastructure are available to all participating local units Advantages of a Coordinated Approach
  12. 12. • Any cross-unit coordinated approach will bring challenges in communication and governance • The long-run benefits make it worth the effort Advantages of a Coordinated Approach