sfu.ca
Home/PKP Copenhagen 2023 Sprint Notes released: User invitation Process
  • News

PKP Copenhagen 2023 Sprint Notes released: User invitation Process

By PKP Copenhagen Sprint Working Group "User Invitation Process" / PKP Communications
Thirty plus community members from around the world gather at the PKP Copenhagen 2023 Sprint to work on PKP software. The group is spread out into three rows with some people standing in the back, and some people sitting in the front. The group is highly diverse, coming from different countries, backgrounds, expertise, and organizations. The photo is in black and white, with the projector screen in the background and the springing tables with chairs in the foreground. The Crossref (sponsor) and Royal Danish Library (host) logos are in the lower right; the PKP 25 year anniversary logo is in the lower left. The main message is about the PKP Copenhagen 2023 sprint notes about the User Invitation Process being released.

The sixth set of sprint notes is now available from the PKP Copenhagen Sprint, hosted by the Royal Danish Library in June 2023.

Sprints involve PKP community members coming together in diverse groups to work on PKP software and support. The Royal Danish Library hosted eight working groups at the PKP Copenhagen Sprint last June. This is a summary of one such group’s work.

Group Members

  • Kay Pepping, Editor Support at Open Journals (Netherlands)
  • Cath Jex, Editor in Chief at GEUS Bulletin
  • Ipula Ranasinghe, TIB 
  • Dulip Withanage, TIB
  • Devika Goel, UX/UI at Public Knowledge Project

Background

The default OJS cookie handling and user invitation methods are not GDPR-compliant and require a customized local solution to comply with GDPR policies for hosting facilities.

Goals

To recreate the process of inviting users to take up a role in OJS to make it more GDPR compliant and intuitive and release it as a part of 3.5 update. The following journeys will be redone as a part of the process:

  1. The dashboard of Users under Settings > Users & Roles > Users will be redone and a new “Invite user to take a role” action will be added
  2. The journey of inviting reviewers and users via Settings > Users & Roles > Users and the workflow
  3. An ORCiD prerequisite will be added to the journey
  4. Invitation instances for multiple hosted journals will be considered

Results

Since it was a mammoth task to conquer within the two days of the sprint, the team first identified GDPR-compliant information with respect to single and multiple hosted journals. This includes the bifurcation of the user’s data into what the user can view and edit, the journal manager can view and edit, and the system administration view and edit. A summary of what was decided can be viewed in the table below. Next, the following ground rules were put in place:

  • Even if the user information is publicly available, the editor cannot input the information without consent 
  • Co-author reauthorization is required even if the user is an existing OJS user
  • The welcome email should include all the information users can configure in the profile 

Post this, some members of the team had already created a draft of how the new journey could look like. This information was shared with the other group members who gave their consent and feedback on this.

The following next steps were agreed on to make this process come to life and announced during the sprint:

  • All insights and information are to be compiled by Devika (PKP’s UX/UI designer) and presented to all stakeholders namely those involved in development along with CRAFT OA 
  • Once approved, a process needs to be created and then user-tested before it is launched as a part of the 3.5 release dev cycle.

GDPR Compliant Information

In the context of Single Hosted Journal

User Inputs/ModifyJM / Editor / Section Editor InputsUser SeesJournal Manager / Editor in chief  / Section Editor SeesSystem Administration Visible in Invitation User Email
Email ID
(Can modify the email address at the time of registration from the email ID they received the invitation from )
(However, the user can keep modifying their email address from the profile after registration)		Email ID
(Users can change the email ID when registering themselves as a user)
(The editor cannot modify the email address in the future only the user can)		Everything is seen and everything is editableEmail ID (non-editable)With a written contract gets access to all information as per GDPR
ORCiD ID Verification
(Non-editable even by user)		ORCiD ID (Authorization purpose only since you cannot rely on information in the portal. Makes the process easier for the user)More information in their profile ORCiD ID (non-editable)Based on a written publication contract
Full Name Define Roles for Invitation along with the starting date.
The starting date should be present or future. A separate use case for past		Roles (Editable)Hosting has authority 
Affiliation
ROR Organisation		Full Name (non-editable)Other than username
Country of Affiliation
Check the political implications of the countries we will mention		Affiliation (non-editable)
Password and UsernameCountry of Affiliation
(non-editable)
Username
(non-editable even for system administrators)
  • Anchor Links related to information change so that JM don’t get requests to change information on the user’s behalf 

In the context of Multiple Hosted Journal

  1. Same as the behavior described for Journal Manager when inviting a user to the system
  2. As a user, logins can be used for all the journals that are part of the same institution