ORCID private information for encryption

76 views
Skip to first unread message

Chris Rookyard

unread,
Oct 1, 2020, 10:50:44 AM10/1/20
to ORCID API Users

Hello all,

I am creating a web application that would, among other things, store a user's credentials for a number of other sites.  For an idea of what I mean, it will be in the manner of a password manager; in fact, I will probably be incorporating some sort of password-management application/library into my application, so as not to re-invent the wheel.  

My problem is that I would like users to be able to sign-in to the application via ORCID, and once they've signed in, my application would use something private from the ORCID sign-in process to then decrypt the various credentials in my application's database.  Are there any standard, private-but-available-to-trusted-parties entries in an ORCID ID?  All help gratefully received.

Many thanks,

Chris

Simpson, Will

unread,
Oct 1, 2020, 11:48:41 AM10/1/20
to Chris Rookyard, ORCID API Users
Hi Chris,

There's nothing in the ORCID Record that you could use for that.

I think you could use ORCID as a sign in mechanism, but then prompt the user for a strong passphrase to decrypt their stuff, ideally doing everything on the client side so that the passphrase is not sent over the network.

Best regards,

Will



--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orcid-api-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orcid-api-users/6c79d9ba-45d1-4bed-a79d-ade5466eb52cn%40googlegroups.com.


--
Reply all
Reply to author
Forward
0 new messages