- From: Gudmundur A. Thorisson <gthorisson@gmail.com>
- Date: Sun, 5 Jul 2009 11:13:29 +0100
- To: Helena Deus <helenadeus@gmail.com>
- Cc: marshall@science.uva.nl, shared-names@googlegroups.com, Jonathan Rees <jar@creativecommons.org>, Tim Clark <tim_clark@harvard.edu>, W3C HCLSIG hcls <public-semweb-lifesci@w3.org>
Hi all. Our group has done some work to explore the issues surrounding online identity for researchers, originally from perspective of controlling access to sensitive biomedical data. Some months ago we put up a website which may be useful to the discussion, with a primer (intended for a non-tech audience) and a collection of background materials in the wiki section: http://www.gen2phen.org/groups/researcher-identification Apart from setting up this site as an information resource and discussion forum (feel free to join the group!), we recently organized a workshop held last May, with attendees from CrossRef, Thomson- Reuters, Elsevier and others, including Barend Mons (from WikiPeople, which Scott mentioned). Presenter slides from the workshop are available here (minutes not yet compiled, apologies): http://www.gen2phen.org/event/irbw2009-workshop-may-13-14-toronto Also, if I may throw in a couple of comments. Firstly, to add to what Lena said, OAuth is emerging as a delegated authorization protocol supported by many big Web 2.0 players (see e.g. ). OAuth combined with OpenID (http://openid.net) for authentication is sort of like an open-source version of Facebook Connect, for single sign-on. OpenID as an auth technology may be a 'sweet spot' , i.e. 'secure enough' for many practical purposes and extensible, while still being relatively easy to use (compared to 'heavyweight' Grid security solutions). The technology has support from large swaths of the Web 2.0 social web - Google, Facebook, Yahoo and other major players back it - and there's now tens of thousands OpenID-enabled sites, including our own (see [2] for more on this). For this reason, we feel that piggy-backing on this technology for scientific application will be key to wide user adoption. Examples of existing or upcoming use of OpenID in the scientific domain include the International Cancer Genome Consortium which will use OpenID for controlled-access data, and MyExperiment.org. We ourselves have several smaller pilot projects in the pipeline where OpenID and friends will be leveraged in a similar way. Secondly, whether an OpenID or some other identifier (URI or otherwise) is the actual 'person identifier' used in e.g. SemWeb documents is an open question (e.g. see discussion here: http://ff.im/GbM8 and ref [3]). But for scientists, CrossRef's upcoming CrossReg contributor ID service would seem to meet Scott's definition of "authoritative and neutral source" (they already run the DOI system), and looks poised to become at some stage the primary source of long- term, stable identifiers, at least in the context of scholarly literature and authorship-related domains. Hope this was helpful. Best regards, Mummi, Leicester [1] http://www.readwriteweb.com/archives/google_plaxo_openid_oauth_usability.php [2] http://www.gen2phen.org/researcher-identification-primer/openid-common-authentication-system [3] Bourne PE, Fink JL (2008) I Am Not a Scientist, I Am a Number. PLoS Comput Biol 4(12): e1000247. http://dx.doi.org/doi:10.1371/journal.pcbi.1000247 ----------------------------------------------------------- Gudmundur A. Thorisson, Brookes lab Department of Genetics University of Leicester University Road Leicester, LE1 7RH, UK Tel: +44 (0)116 229 7273 On 3 Jul 2009, at 18:38, Helena Deus wrote: > Hi Scott, > > Well said!! > Regardless of how we chose to identify ourselves, either using a > Wikipeople profile, a purl, or a university url to identify both > ourselves and our credibility bound to the institution where we > work, I agree it will be extremely important to chose the > authentication authority wisely. > The current web 2.0 approach seems to be forcing the users to create > a new account everywhere where they want have access to tools or > data. But we can already see some web applications, such as > sourceforge or google, that delegate the authentication to other > authorities - a protocol that describes how such interaction between > applications could occur has indeed been proposed, called OAuth (http://oauth.net/ > ). > Web applications using OAuth, instead of asking the user to create a > new account by inputting a password, redirects the user to a trusted > website, for example google or paypal, and that is where the > authentication happens. Once the user is authenticated, google or > paypal send the user back to the web application where > authentication was required, along with some token that can be > verified with google, which indicates that the user has or has not > been authenticated. > > Lena > > > On Fri, Jul 3, 2009 at 12:09 PM, M. Scott Marshall <marshall@science.uva.nl > > wrote: > Jonathan Rees wrote: > > Thanks to Kaitlin Thaney for the following. > > > > http://www.flickr.com/photos/kaythaney/3592177513/ > > Jonathan's post reminds me of an issue that is important to > knowledge sharing and has been on my mind lately: Scientists are > often just as concerned about *who* said something as they are about > *what* was said. The need to unequivocally identify a person is a > requirement that comes about when we share knowledge because we need > to know who has provided an assertion, and often, under what > circumstances (i.e. with what evidence, measurements, etc.). Such > 'knowledge provenance' is becoming increasingly important because > systems are being developed that would make use of both manually > curated facts and those computationally generated or 'mined'. This > has been coming up in many different groups and events, including > the HCLS Scientific Discourse and BioRDF task forces, myExperiment, > HypER http://hyp-er.wik.is/ , and likely Sage[1]. Apparently, this > topic also came up at the International Repositories Infrastructure > Workshop where Jonathan was present[0]. > > The similarity between the requirements for shared names, in > general, and 'people identifiers', in particular, is readily > apparent: we would like unambiguous and permanent URI's to be > provided from an authoritative and neutral source. I don't know > about you but if Shared Names offered people identifiers, it would > be my preferred approach. However, Shared Names has limited the > scope to GO dbx records for the moment. > > Are there alternatives to the DIY do-it-yourself approach for those > who need people identifiers *today*? The only thing that I can think > of is WikiPeople[2] (which could create an awkward situation if > someone else with the name Michael Scott Marshall creates a page, > who wants to be M. Scott Marshall 2?). Oh wait, there's more at a > Crossref blog [3], although I don't think that sharing hypothetical > information with other scientists shouldn't require you to have an > 'author number'. > > One thing that I like about WikiPeople is that it puts identity in > the hands of the owners of the identity. Unfortunately, I think that > a code is required instead of a name to truly scale. Also, I suppose > that the most surefire way to ensure that an identity system doesn't > get messy is to require authentication e.g. a certificate from a > Certificate Authority that has high requirements for authentication > such as presenting a passport. Such levels of authentication are > currently required for European and Dutch grid certificates > (finally, a use for such seemingly exaggerated grid-burocracy!). > > -Scott > > [0] > http://maurice.vanderfeesten.name/blog/2009/03/20/international-repositories-infrastructure-workshop-persistent-identifiers/ > [1] http://blogs.bbsrc.ac.uk/index.php/2009/05/sage-has-its-time-a-large-scale-open-access-resource-for-systems-biologists/ > [2] http://proteins.wikiprofessional.org/index.php?title=%20WikiPeople&action=edit > [3] http://www.crossref.org/crweblog/2009/04/the_buzz_around_people_identif.html > > -- > M. Scott Marshall (still have to get a PURL ;) ) > http://staff.science.uva.nl/~marshall > http://adaptivedisclosure.org > > > >
Received on Sunday, 5 July 2009 20:45:22 UTC