Manage Collaborators#
A collaborator is a relationship between a Skalio ID person and a Drive space.
A collaborator has access to a space and the objects stored within it, according to the assigned privileges.
A person can be invited to join a space as a collaborator, or if their Skalio ID is known, they can be directly assigned to it. A collaborator can leave a space again, or they can be removed from it.
Invitation of new collaborators#
A space collaborator can invite other persons to collaborate with them in a space, provided they have the required admin privilege. The server will then prepare an invitation that is bound to the space and the email address of the other person (the invitee).
The space collaborator issuing the invitation is called inviter.
The invitee must login or signup and present their ID token to accept the invitation. This completes the process; the invited person is now a collaborator.
Note: The email address used during login or signup must match the email address from the invitation. The person must have verified their email address beforehand.
Notification#
An invitation is sent via email to the intended person. If the email bounces, the invitation is removed and the inviter is informed about the delivery failure.
An invitation notification contains a URL to a frontend web-page. To improve conversion, the frontend can fetch and render some information about the invitation and the space without Skalio ID authentication. The invitation can contain an optional "personal note" from the inviter, intended to build trust into the legitimacy of the invitation.
Accepting the invitation#
An invitation can be accepted only once, by the intended person only. When accepting an invitation, the invitee must present their ID token, or sign-up at Skalio ID to obtain one. At this point, the server will clear the invitation and associate the person with the space as a collaborator.
The invitation timeline is recorded in the statistics of a collaborator.
Rejecting the invitation#
The invitee can reject an invitation. When accepting an invitation, the invitee must present their ID token, or sign-up at Skalio ID to obtain one. This removes the invitation permanently.
Resolving information about the inviter#
An invitation contains the UID of the person who issued it, the inviter. The new collaborator can fetch the information about this person by requesting the public profile for the inviterUid at Skalio ID (api doc).
List open invitations#
Space administrators can view the list of open invitations of a space and cancel individual invitations.
An authenticated person can view their open invitations.
Assign new collaborators#
A space administrator can assign existing Skalio ID persons to be collaborators of a space. This process is more specific than inviting someone, since
- the collaborator must already have a Skalio ID,
- which the space administrator selects as the new collaborator.
The Skalio ID of a person can be found by searching the public Skalio ID directory. Identity can be confirmed through the persons public information (name, avatar, selected email addresses) or their fingerprint.
The newly assigned collaborator is in a pending state until they confirm the action. They are notified via email as well as the event-stream. The email message contains the name and description of the space and a URL to the space details. It does not include a personal note (compared with an invitation message).
After authenticating, a person can see the "pending collaborator" state in their list of accessible spaces.
Assigned collaborators stay in "pending" state indefinitely until they either accept or reject the assignment. While in pending state, the assigned collaborator can only view the description, name, and avatar (Note: avatar currently requires an access token!) of the space, but not access any data stored in it.
The assignation timeline is recorded in the statistics of a collaborator.
Rejecting an assignment permanently removes it. This action is not recoverable.
API mapping#
| Usecase | API interaction | Comment |
|---|---|---|
| List assignments | Fetch list of spaces | These actions require an ID token, but no access token for individual spaces. |
| Accept assignment | Request access token for space | Implicitly converts a pending collaborator into a collaborator. |
| Reject assigment | Reject access token for space Note: not yet implemented! |
Explicitly removes a pending collaborator. Has no effect if the person is not a pending collaborator. |
Organization admin override#
Persons with organization admin privileges on the organization of the space can execute this operation without being a space administrator first.
Note: Not yet implemented
Update or remove collaborators#
Any person can remove themselves as a collaborator of a space.
Any space administrator can change the privilege of existing or pending collaborators or remove the collaborator completely from the space.
Removing collaborators can lead to abandoned spaces or spaces without administrators. Such cases can be recovered by an organization-admin who can assign collaborators again.
List collaborators, invitations, spaces#
Collaborators of a space can fetch a list of all other collaborators and their privilege on the space.
For space administrators, this list includes pending collaborators, invitations, and the respective administrators reference text.
Note: Since Drive does not manage a person's profile information, the list contains only references to the persons behind each collaborator in the form of the
personUid. This unique ID can be used to look up the public profile of the person at Skalio ID.
Similarly, a person can list all spaces they are a collaborator of and all invitations that are issued to them. This includes pending space assignments, which need to be confirmed by the person.
Restrictions on unverified persons#
A person must prove to Skalio ID that they have control over their registered email addresses. Until the person has verified their Skalio ID, they are barred from interacting with other people. As a result, an unverified person cannot
- invite other persons to collaborate on his space,
- accept an invitation to collaborate on another space,
- assign collaborators to his space,
- accept an assignation to collaborate on another space.
Other functionality is not affected.