Infrastructure

Users that are denied access to a resource currently have no recourse. Need a system that provides the following features:

1) Allow users to request access (read, write, ownership) to a resource
2) Resource owners are notified of request
3) Resource owners have a UI for granting or denying this access (ideally, via a web UI linked from the notfication), with explanation
4) Requesting user is notified of decision

A use case here is where someone has been given the ID for a dataset (perhaps in an R script), but lacks permission to access the data. A possible resolution (from a UI perspective) is to provide the user with a query that returns the (readable) resource maps that contain that object, which would potentially lead the user to the science metadata (if that's readable as well). DataONE does return a Forbidden result where the user has access, acknowledging that the object exists (as opposed to always returning not found). Acknowledging existence is a desired behavior and should not change. If the user has no authorization to the resource map or the science metadata, then there is no recourse.

BEW: My opinion is that if the user has no read access to the data object or the resource map that contains it, that case needs to be a "won't fix". The user needs to work through the chain by which they got the reference. It may be possible to create a process that allows the user to request that the authoritative member node be notified of a request for access. This needs to be something that the user initiates, but that's also hard to handle from an automated process perspective.