We've recently updated ORCID'S Privacy Policy to be simple to understand and easy to navigate. We invite you to read it here.

Connecting research and researchers

You are here: Home / Vendors and Service Providers / CSP Criteria: Repository Systems

CSP Criteria: Repository Systems

ORCID encourages all providers of scholarly services to integrate with our Registry AND to become an official ORCID Certified Service Provider (CSP). Certification is a free service for scholarly service providers to increase the visibility and trustworthiness of services and products.

Benefits of Certification

Repository Systems

This document outlines ways in which a typical Repository System must integrate with the ORCID API in order to become an ORCID Certified Service Provider, walking through the processes of receiving authenticated ORCID iDs from researchers, retrieving data from ORCID records, adding works to ORCID records, and updating information the system has previously added to ORCID records. 

Notes

  • Not every process described will apply to every repository system, so not every criteria will need to be met for certification, however systems that do support a given process must meet the criteria in order to be certified. 
  • These criteria are based on extensive analysis conducted on industry best practices for workflows used by various scholarly service provider systems, followed by public review and input from the ORCID community.In order to obtain the best possible value from an ORCID integration it is recommended that all applicable criteria are met, not just the ones that must be met for certification.
  • These criteria apply to the capabilities that are offered by the Service Provider’s platform. It is understood that not all capabilities outlined will be activated by each organization deploying the repository platform depending on their specific needs.
  • In this document, the terms “must”, “should” and “may” follow the definitions specified in RFC 2119

Certified Repository System Providers MUST:

  • Allow sign-in with ORCID iD and authenticate author’s/contributor’s ORCID iD
  • Allow administrators to collect authenticated iDs and permission where metadata includes non-authenticated iDs
  • Collect authenticated ORCID iDs from contributors
  • Make sure ORCID iDs are displayed on hosted research outputs
  • Make sure hosted research outputs are added to authors’ ORCID records
  • Include authenticated ORCID iDs in any metadata passed downstream
  • Enable ORCID member organizations to use their own ORCID membership credentials when configuring the system
  • Document how platform users can use the ORCID functionality offered in training and promotional materials

Certified Repository System Providers SHOULD:

  • Use data from ORCID records to populate researcher profiles (if applicable)

Certified Repository System Providers MAY:

  • Allow administrators to associate ORCID iDs with authors/contributors

Overview

The use of ORCID IDs adds visibility to repository content and authors, facilitates collaborations and networking, and helps organizations with institutional reporting, institutional and national assessment programs, and management of workflows throughout the research cycle.

ORCID is used by repositories to clearly link authors/contributors—and all their name variants—with their publications, other works (e.g software, datasets), affiliations, funding awards and other research activities. Connected ORCID iDs improve search and retrieval and support networking and collaboration. Using the ORCID API, repositories exchange data with the ORCID Registry to populate local author/contributor profiles and update ORCID records with publication information each time a repository deposit is made. 

Repository systems start by integrating ORCID to collect authenticated ORCID iDs and to gain permission to read from/write to authors’ and contributors’ ORCID records, either immediately or in the future. The iDs that are collected are stored and displayed by the repository system and shared with other organizational systems. Research outputs for the researcher are then added to the researchers’ ORCID record as they are deposited. 

Certification Criteria

To certify as an ORCID Certified Service Provider, Repository Systems must meet the following criteria:

  1. Allow sign-in with ORCID iD and authenticate author’s/contributor’s ORCID iD

Repository Systems must obtain authenticated ORCID iDs, and preferably permission to read from/write to authors’ ORCID records. This requires users to sign into ORCID from within the repository system, which then retrieves user data from the ORCID Registry using the ORCID API. It is also essential to provide information about why the repository is collecting authenticated ORCID iDs and why this is beneficial to their authors. 

Using the ORCID icon consistently helps ensure that researchers associate it with being asked to securely provide their iD, which in turn builds trust in ORCID as a reliable identifier. This is achieved by providing a hyperlinked ORCID-branded button for obtaining authenticated ORCID iDs on the sign-in and registration pages, and providing an account linking function for users that already exist in your system. Note that an account linking option within a user settings page or similar is not enough on its own – ORCID should be made available on par with other means of sign-in and registration. 

Authenticated sign-in saves researchers time, reduces password fatigue and provides unique identification of people for submission systems independent of their email address.

Further reading: What’s so special about signing in?

  1. Allow administrators to associate ORCID iDs with authors/contributors

Repositories may allow qualified administrators (e.g. Librarians) to associate unauthenticated ORCID iDs with research outputs. If they do, then these are checked by the repository to make sure they exist, and it is made clear that they are unauthenticated when shared with other systems, or when displaying them as per our display guidelines.

  1. Allow administrators to collect authenticated iDs and permission where metadata includes non authenticated iDs

Repositories must enable administrators to prompt authors/contributors to authenticate a non-authenticated iD that has been associated with their account/profile by an administrator, and grant permission to the repository to update their ORCID record. Repositories send a link via email to unauthenticated users that enable them to link their ORCID with their contribution. Aspects of this functionality, such as whether such notifications are sent automatically or when initiated by an administrator, should be configurable by the administrator. When a non-authenticated iD becomes authenticated, its display should be updated as described in Displaying ORCID iDs.

  1. Collect authenticated ORCID iDs from contributors

Repositories must support collecting authenticated ORCID iDs for all of a work’s contributors,  ensuring that they are recognized for their contribution, identified correctly within repository systems, and within the work’s metadata.

When collecting collaborator data from the depositor, repository systems should collect the email addresses. Upon deposit, it should contact the collaborators and provide a link that asks them to sign in with their ORCID iD and confirm their contribution. 

  1. Make sure ORCID iDs are displayed on published articles

Repositories must display the ORCID iDs of identified authors, formatted as URLs, per our display guidelines. This enables readers to find out more about the authors from their ORCID records in a common and expected manner.

  1. Use data from ORCID records to populate researcher profiles (if applicable)

Researchers expect the data on their ORCID record to be read and used by other systems, to save them the time and effort and reduce the risk of errors. Repositories with profile pages should collect information from ORCID records about researchers’ affiliation, keywords, funding, research resource, and works — including peer reviews, published works, and datasets. They should regularly check for updates and confirm changes with researchers’, to keep their profiles up to date.

  1. Allow administrators to configure settings for importing ORCID data 

Repositories must enable administrators to configure settings for importing information from ORCID, including the ability to:

  • Import information from ORCID for all ORCID iDs known to the platform and update the local database
  • Choose whether to read information for all ORCID iDs stored in the repository platform instance or only for the authenticated iDs
  • Choose to read information on demand (one-time) or automatically, on a regular basis. 
  • Choose which types of information to import (personal information, education/employment affiliations, works, etc.). 
  • For works, it is also desirable to allow administrators to choose specific work types and sources
  1. Make sure research outputs are added to authors ORCID records

Repositories help make life easier for their users by connecting validated information about authors’ contributions to their ORCID records using the ORCID Member API. Repositories must offer users the option of updating [list item types] and keeping it up to date — helping to build trust in scholarly communications. 

Repositories should offer users the choice of automatically adding all new information of a given type to the their ORCID profile, or only adding new information “on demand” when initiated by the user. Automatic update should be the default. 

  1. Include authenticated ORCID iDs in the metadata passed downstream

Authenticated ORCID iDs collected by the repository must be embedded into research output metadata exported by the repository, enabling them to be used throughout the scholarly communication workflow. This means that, for example, when dataset data is submitted to a DOI registration agency or made available via oai-pmh, the downstream systems can automatically update the ORCID record of the associated author(s). It also means that the researchers’ ORCID iDs will be searchable in databases that support searching by ORCID iDs. When passing authenticated ORCID IDs to other systems, the metadata must clearly indicate that the ORCID iD has been authenticated when collected.

  1. Enable ORCID member organizations to use their own ORCID membership credentials when configuring the system

ORCID requires that the organization using the ORCID API use their own ORCID API credentials (similar to an organizational username/password). This clearly indicates who is requesting access to update ORCID records, and is required by ORCID’s membership agreement

Multi-tenant and similar systems must provide the ability for ORCID member organizations to manage their own credentials within the system, or have a secure method of transferring credentials to the system. These credentials should then be used when authenticating users, collecting permissions and interacting with the ORCID API.

  1. Document how ORCID members can use the ORCID functionality offered in training and promotional materials

Multi-tenant and similar systems may share a link to the promotional and training materials on their website with ORCID so we can in-turn share with our community and help our members understand the value the system delivers. ORCID must be mentioned in the system’s setup guide or similar documentation, including outlining the benefits of enabling ORCID functionality.

Taking the integration to the next level

Besides collecting researchers’ iDs and connecting them with their research outputs, In order to provide a superior experience for your users, we strongly recommend that repository systems should also:

  1. Add validated information about researchers’ affiliations with your institution to their ORCID profiles: We strongly encourage research institutions to assert researchers’ affiliation as they are the only party that can do this with authority, and by doing so, they increase the trustworthiness of their researchers’ ORCID profiles. 
  2. Add links to researchers’ profile within your system to the Websites section of the researchers’ ORCID record—this requires additionally requesting the /person/update scope. 
  3. Add researchers’ funding activity to their ORCID record if known: Many research organizations collect and verify information about researchers’ funding information to aid the reporting process. 
  4. Recognize researchers’ peer review activity: Connect information about any peer reviewers’ activities in your system to their ORCID record with as much or little detail as appropriate