Extend the editor to support the capability for partners and members to add content to our collections

[brittnylapierre]

Rationale

Allowing partners and members to add content will enhance collaboration and enrich our collections.

Outcomes

• Access Control Implementation

Providing role-based access controls to ensure that only authorized partners and members can obtain write access. this will be achieved through the adoption of a robust API key management system, such as Azure Easy Auth, Azure API Management, Amazon API Gateway, or similar that allows for easy tracking, monitoring, and auditing of API keys issued to partners and members.

• Clear Policy Framework

Development of comprehensive policies governing the issuance, management, and revocation of API keys for partners and members, ensuring secure and controlled access.

• Audit and Compliance

Implementation of auditing mechanisms to regularly review token usage and compliance with established policies, facilitating accountability and security.

• API Key Documentation

Provision of clear and detailed documentation outlining API Key issuing policies and workflows, making it easy for partners and members to understand and comply with the requirements. Training materials and sessions can be held to educate partners and members on the API token process, ensuring they are equipped to utilize the system effectively.

Issues

• Configure ORCID as an OAuth Provider in Azure #3
• Support Token Based Auth for applications to access API using Azure Credential manager #2
• Create a framework for requesting edit-access to API and supporting documentation #4
• Create a public release with write access to API if authenticated  crkn-digirati-editor#36