Assumptions

In order to create the API for the automatic and user-defined minting of DOIs/DataPublications, certain assumptions were made in order to progress:

  1. That investigations is the entity that creates an automatic DP/DOI

  2. There is no current provision to approve DOI requests

  3. That ROR is used to search for institutes

  4. That the API will be called as part of a script to automatically mint DOIs (not provided)

  5. That the user can only see open data or their own data.

  6. The API can take up to 10 seconds to mint a DOI, due to the calls needed to pythonICAT, and that this is ok.

  7. A set of Investigations / datasets and datafiles are allowed for user-defined DOIs

  8. Request Rules:

    1. At least one Investigations / datasets or data files has to be provided

    2. creator is mandatory and all its subfields:

      1. "name": "James T Kirk", "givenName": "James", "familyName": "Kirk", "nameType": "Personal", "email": "jtk@starfleet.org", "affiliation": "Starfleet Academy"
    3. relatedIdentifiers are optional but each must be unique if provided

    4. title and description are mandatory

    5. full details can be found at /docs

Authentication

Point 5 above has the following implications:

  • The front end must provide a valid ICAT session token which the API checks is valid. This means that theoretically, it would be possible for a user to create a DOI for guessed Investigation, datasets or datafile entities, as long as they are logged in and have a valid session token.

  • As there is no direct user authentication in the API, there is no way of knowing exactly who the user is. A user does not have to list themselves as a creator, nor does the API add any users related to the icat entities. This means:

    • a user could take sole credit for work which involved others

    • a user could create a doi given a fake name

  • A new user doiminter was created to assign to the DataPublication to