--- title: Identifier Minting subtitle: Supporting identifier minting in iSamples --- ## Identifier minting Minting identifiers is the process of creating a new identifier and associating it with some resource. Workflow for iSamples identifier minting support. In this case, iSB is acting as an allocating agent for a researcher. The metadata associated with the sample is only persisted with DataCite and the Researcher: ```plantuml actor Researcher participant iSB participant ORCID participant DataCite == Authentication == Researcher -> iSB: getToken activate iSB iSB --> Researcher: authenticate with ORCID Researcher -> ORCID: authenticate ORCID --> Researcher: verification Researcher -> iSB: verification iSB --> Researcher: token deactivate iSB == Minting == Researcher -> iSB: mintIdentifier(token, metadata) activate iSB iSB -> iSB: verify token, metadata iSB -> DataCite: createIdentifier(credentials, metadata) note left of DataCite These credentials are for the iSB instance with DataCite. Use of these credentials is protected by the need for a user to authenticate with ORCID. end note DataCite --> iSB: OK, identifier iSB --> Researcher: identifier deactivate iSB ``` --- Workflow for iSB (SESAR) as an allocating agent, with metadata persisted at iSB (SESAR) and DataCite. It is assumed that authentication has ocurred: ```plantuml actor Researcher participant SESAR as iSB participant DataCite Researcher -> iSB: token, metadata note right Metadata here is a complete record for SESAR, which may be a superset of the metadata required by iSamples end note activate iSB iSB -> iSB: verify token iSB -> iSB: verify metadata iSB -> iSB: store provisional metadata iSB -> DataCite: createIdentifier(credentials, metadata) note right metadata is an excerpt of the SESAR metadata end note DataCite --> iSB: OK, identifier iSB -> iSB: update record iSB -> Researcher: notify deactivate iSB ``` --- ### Provisional Identifier Minting ```plantuml actor Researcher participant SESAR as iSB participant DataCite == Namespace Allocation == Researcher -> iSB: requestNamespace(shoulder) activate iSB iSB -> iSB: lookupUserPrefix(creds) iSB -> iSB: allocateNamespace(shoulder) iSB --> Researcher: SHOULDER deactivate iSB ``` Authentication Flow ```plantuml actor User participant iSB participant ORCID == Browser == User -> iSB: getToken() iSB --> User: redirect orcid.org/oauth/authorize(client_id, redirect_page, ...) User -> ORCID: oauth/authorize(client_id, redirect_page, ...) ORCID --> User: login page User -> ORCID: login ORCID --> User: redirect iSB redirect_page?code=XXX User -> iSB: rediect_page?code=XXX iSB -> ORCID: /oauth/token(client_id, client_secret, code=XXX, ...) ORCID --> iSB: TOKEN iSB --> User: page with token info note over User User can then use the token info with their command line client end note == CLI == User -> iSB: cli.mintIdentifier(token) iSB -> ORCID: /read(orcid-id, token) ORCID --> iSB: OK iSB -> iSB: mint identifier iSB --> User: identifier ```