Discuss Refinement of Project Permission Controls

​Projects currently are able to access all sources you’ve linked to your account regardless of the information being public or not. Not an immediate need, but something to think about architecturally for the information someone may not have made public.

Granular control of what data is accessed by a project would also be good for those evaluating and testing projects not yet approved and for those who have data that they have not made public and may not want to share with an app. The permissions behaviour could act more like Android and iOS as revocable permissions that must be granted in context. If a particular data source is required, ask for the permission in when the action requires the data instead of upon joining.

Open doesn’t need to mean all or nothing. Take the example below, this shows both 23andMe and Imputer are available data when joining a project. Either I join and provide both data sources to the project or don’t join the project. There is no just give 23andMe data, but hold back on the imputer until i know what is going on or why it needs one or both of the sources (Just to be clear, imputer is ok by me on these). Being able to explore a project before granting one or more data sources would allow a user to be more informed about their decision and how data that is not public might be used.

Access to these data sources:
23andMe Upload (joined)
AncestryDNA Upload
FamilyTreeDNA integration
Imputer (joined)

I wanted to open this permission structure up for discussion and weigh the cost and benefits.

Hi @wolfgang8741!

We did start architectural changes for something different: to describe data files with “DataType” rather than according to data source. The reasons for this are documented here: https://github.com/OpenHumans/open-humans/issues/981

But not supporting pick-and-choose authorization for each project was a decision made in favor of simplicity, and I think it’s still preferred. I don’t think adding it would add more incentive for projects to explain themselves – they should regardless, prior to someone authorizing data sharing. But I’m open to other reasons for it, maybe others would like to see it…?

I’m thinking on that problem too. One thing that could help the user to join a project is that the project designers show some kind of template with fabricated data so the user understands data use. I imagine that such an option may be illustrative and help to transparency. But researchers may not be able to provide such example in all type of projects, maybe for some apps make sense. Researchers may need participants who provide data for all those required projects and may discard participants with partial data.

Researchers may need participants who provide data for all those required projects and may discard participants with partial data.

Yeah… this was one of my concerns with enabling someone to join a project without sharing all requested sources. But I think … it would probably be nice to enable this, even if I worry about the added complexity.

It’s great to hear what it should look like if we did something – so please feel free to describe design ideas.