Link to the User Module

[cgendreau]

When applicable (when the agent is also a user of the system), the agent should be linked to an identifier in the user module (Keycloak). The initial agent data could be populated from the information coming from the user module when possible (information in Active Directory).

[dshorthouse]

And when/if there is a need to remove a user (eg summer student), the data will continue to persist in the agent module.

[cgendreau]

This is probably upside down. The user module will have the identifier of the agent module so it can be injected as the value of the "current user identifier" on all requests. Identifiers in the agent modules will be persistent as opposed to Keycloak where a user can removed and be recreated later (summer student hired for a second time).

[dshorthouse]

Identifiers in the agent modules will be persistent

I question that statement. In time, there will be many agent records that require reconciliation (C. Gendreau, Christian Gendreau, etc.). It is too much to ask people transcribing specimen data to resolve ALL human names while entering data & so dirt begins to accrue. Although there ought to be incrementing primary keys, there will be a need to turn some records into aliases of others & to declare one of them the canonical record. In effect, this would be a merge. Should those original, pre-merge identifiers persist?

Nonetheless, I do agree that the User record should point to something in the Agent module. My statement here merely flags the likelihood that this link will not be a clean 1:1 as much as we might desire it to be. So, is it the User module's responsibility to link to the 5 Agent records that are all variants of me or is it the Agent module's responsibility to know enough about my identity to correctly bundle those same 5 aliases so that a single link is made from my User record? I suppose the answer to this depends on whether or not the Agent module merely stores dirty bucket strings of names or if it also stores reconciled clean bucket strings. Clean buckets will require many incoming links from other modules that define the identity of a reconciled Agent. In that sense then, a link from the User module would be no different than a link from a catalogued specimen module.

[cgendreau]

I agree, it was a questionable statement.

[dshorthouse]

This is a ropy issue. How much of an Agent is a User and how much of a User is an Agent? Your original statement:

the agent should be linked to an identifier in the user module (Keycloak)

...might be the source of my confusion. What do you mean by "identifier" in this context? If "identifier" here is nothing more than an internal, primary key / foreign key relationship then I agree. But, if "identifier" is public and resolvable then I do not agree. It's the Agent module's responsibility to store those external, 3rd party identifiers because they act to define identity (as do incoming links from other modules). Am I correct in assuming that the User module is merely responsible for coordinating sessions, not also responsible for storing attributes that define the identity of a user?

[falkogloeckler]

In my opinion the agent module is the component where the information of the people lives, so they can be referred to in several places in the system (e.g. as owner, collector, determinator, donor etc. The agents module is not called persons module because groups of people and organizations can be an agent as well (e.g. when they act as donors of collections and no individual can be referenced). See also #18

Thus, an agent record should not have a strong dependency on the user module and vice versa. Instead, the agents module should only have an attribute isUser and if isUser==TRUE then a reference to the user module could be set as one of the several other (internal and external) references like ORCID, VIAF, Bloodhound, Scopus, ResearchGate, personal website etc. can be set.

Summary: The agents module holds all the information we know about the agents. The user module should be for authentication etc. If the user is also an agent, that's fine, so put a reference.

[falkogloeckler]

Instead, the agents module should only have an attribute isUser...

Actually, this is how it is also realized in Specify, so we don't need to reinvent the wheel ;-)

[cgendreau]

I will close this ticket since it`s getting old but for the record:

The user-api holds the agentId (optional).