Change of DOI and Associated URL

The Digital Object Identifier is special service introduced with aim to advance indexing, searching, publishing and distribution of publications. It is accepted by the International Organization for Standardization as ISO26324 .

DOI services and registration are provided by the International DOI Foundation (IDF) which is a not-for-profit membership organization.  IDF is governance and management body for the federation of Registration Agencies providing DOI services and registration.  Detailed information about DOI system is published on the site of IDFResources about DOI including video materials are free to download on the site of IDF so those interested to learn more about DOI can check materials and clarify their dilemmas about use and management of DOIs.

One of very important features of DOI is that it is unique and that metadata associated with it can be updated if necessary. Option to update metadata is very important since DOI once registered can be updated so it can easily accommodate all changes related to that digital object (article, issue of journal, book, conference proceedings, supplementary files etc.) that can take place in reality.

Let me describe one situation that I have had recently in work with one editorial board which may in similar form occur in the process of development of any scientific journal or publishing of any publication.  In our case, the editorial board due to changes of partner organizations, establishment of NGO that will support some journals and some technical reasons had to change servers and domains pointing to those servers. In addition, they publish their journals in three installations of the Open Journal Systems that had three domains and two DOI prefixes.  They moved those installations on new servers and they use three installations of Open Journal Systems now on two domains  (URLs) and DOIS created using two DOI prefixes.

Due to flexibility of options to manage DOI numbers in the Open Journal Systems editors can create efficient and easy to use pattern to create DOI numbers or create custom DOI for each article or other digital object they publish.

DOI options in OJS

The editorial board I work with decided that DOI number for each article of their scientific journal should be created like this:


Such a DOI number will have associated the URL that is created by the following principle:


Thus, it is easy to associate each article DOI to unique URL. That URL will point to the page with metadata of article and downloadable article. If URL change there will be change only in the part of URL “journaldomain”. The rest will remain the same.  That enables editorial board and system administrator to update easily any change of URL.

Well, that is fine. But, how to accomplish that task without programming skills?  And, we do not have funds to buy software to accomplish that.  Thus, solution will be to use free software in a way that programming skills are not needed.  Imagine that editor is expert in veterinary medicine for sheep and goats. Very important for local village population. The most probably, editor did not receive any training in PHP, SQL, JavaScript.  So, we have to manage this issue without programming skills.

We will use the following software:

phpMyAdmin that is free and usually preinstalled on server

LibreOffice – advanced office suite with spreadsheet, text writing, presentation and drawing capabilities

Geany – text editor (You can use Notepad ++ or other similar text editor)

Download LibreOffice and Geany on your computer and you are powered with powerful software without proprietary licensing limiting your work.

Firstly, we need to export table from the database in which we can find DOI numbers and after that sort out those DOIs and associate proper URLs to them. Your hosting company will give you link to phpMyAdmin. It is usually part of your cpanel. You will find it in section Databases like on image below:

phpmyadmin icon

When you click on icon phpMyAdmin it will direct you to the screen that display on the left side a list of databases. Click on proper database and phpMyAdmin will direct you to the screen with a list of tables and you will see that there is table called submission_settings like on image below.

submission settings

When you click on that table the system will prompt you with the following screen:

rows in database table

In some cases you will see that such a table consists of 2500 or more rows. You can select how many rows you will see and export data in page by page.  Image above shows that we selected 25 rows, that we are on the page one, we checked all of them. Since table submission_settings contains a lot of rows please feel free to choose that you see 250 or 500 rows. We have to click on Export that you see on the right side below the rows.  When we click on Export the system will direct us to the page that will perform export in desired format. In our case we will choose OpenDocumentSpreadsheet  format as on image below by clicking on little drop down arrow right from the format of export file.

selecting format of export

We have to click on Go button.  So far, we are only clicking, no programming skills required.  After we click on Go button we will be prompted with the screen that will offer us to open file with LibreOfficeCalc which we installed previously on our computer.

selecting LibreOfficeCalc


When you click on OK button your computer will open rows that you exported and it will look like on image below:

LibreOffice opened rows

Well, although this looks abstract please notice that we still stick with clicking. But, now some logic we have to apply, not programming skills.  We have to filter out DOI numbers we need and copy them in a separate file. Click on menu Data/More Filters, Standard Filter and you will be prompted with the following screen that will handle what to do with data in columns.  In our case we know that in Column C should be value as displayed on image below and that in Column D should be value that contains your DOI prefix that you have got from CrossRef or other authority that can provide DOI services.

DOI filter

After that you will see table with DOI numbers exported from that number of rows. You can copy those numbers in a separate spreadsheet and repeat this process until you come to the last row of submission_settings table. It can sometimes have 4500 or more rows, but if you follow this procedure and choose let say 500 rows on the first step you will finish that easily.

After you copy all those DOI numbers and put them in one column you will have all DOI numbers.  If you follow pattern that we mentioned above you will easily generate URLs and put all those URLs in second column.  You can write URLs in software Geany which we mentioned  and put them neatly one below each other. We can copy that and paste in the second column in your spreadsheet. After you finish that you can send that file to support in CrossRef and they will manage for you deposits so the proper file will be easily associated with proper URL.  So, we accomplished task only by clicking and at the end applying some logic. Well, it is needed sometimes.







SSL, TLS-Security

Developers of applications for open access publishing and repositories are aware that the users will have sometimes very long interactive sessions while doing their work.

Author may spend considerable time while uploading his submission, completing metadata forms, checking various criteria such as copyright policy, privacy policy, conflict of interests, exchanging messages with editor and reviewers. After acceptance of submission author selected as principal contact person may need to realize the payment of submission fee through open access publishing web application. High level of security is needed for the payment especially having in mind that money transferred is sometimes part of the project budget given by some donor, ministry or (inter)state agency. Reviewers may spend a lot of time writing their reviews, completing review form. Readers and librarians may spend a lot of time being logged in while reading, paying subscription, collecting metadata of articles related to some specific topic. The journal secretaries, subscription managers may need to upload data on the user’s payments or information that should be private. Editors may spend a long time checking reviews, respect of privacy concerns that may be important for various supplementary files (predominantly valid in humanities, medicine, health science) various preview and review discussions, communications from the journal management on subscription and submission fee financial statements.

During the interaction various bad things can happen. Passwords may be stolen, credit card numbers can be stolen and later used for illegal purposes, malicious code can be injected and server used for various illegal purposes. Risk of that is higher if the user’s computer is infected and not properly maintained, cleaned and if it is used irresponsibly.

Security measures are not invented only for military, police and special purpose computers. Security should be principle not optional feature. The system administrators should take prevention measures seriously and help editorial boards, librarians and other organizations and persons while preparing their projects for open access publishing and repositories. We cannot control who will at some point try to intercept our interaction with web application and perform activities that may do damage to our work and work of many other scholars, scientists, general public. CrossRef and some other organizations involved in open access publishing especially if the payments are being realized using web platform required implementation of security standards in web applications. Several editors told me that they are requested to put “s” after “http” and add icon of green padlock there.

green padlock and https

Letter “s” after http means that http (Hypertext Transfer Protocol) is secure.  HTTPS is extension of HTTP. Green padlock is a small icon which is put there after performing various checks whether content and communication on respective site is secure. Many companies, international organizations gathering IT security scientists and engineers dedicated considerable amount of time and resources to establish standards, technologies, protocols and software tools to make internet communications secure and check level security.

Many people use term SSL for all security measures although, strictly speaking SSL stands for Secure Sockets Layer. SSL was the standard security technology for establishing an encrypted link between a web server and the users’ browser. The link protected by SSL ensures that all data passed between the web server and browsers remain private and integral. SSL technology was furthermore developed and after version 3.0 new technologies are being used. The Inernet Engineering Task Force published their statement in which they request that SSL should be deprecated. The users currently use on servers use TLS version 1.3. TLS  stands for Transport Layer Security. The version 1.2 of TLS was deprecated in August 2018.

The basics of functioning of the protocol can be learned from this video:

Owners of sites should purchase or get free TLS certificate from CA-Certificate Authority.  Some states established their own certificate authorities.  Indeed, many companies are involved in sale and technical support for installation and maintenance/support of certificates.  Depending on required security level you should make decision which security certificate you should install on your server. For example, if you maintain repository of primary data related to humanities and they might have private information on people involved in medical, psychological, social research you should consider use of stronger certificate which is more expensive and implementation of additional measures and policies that should keep some of data private.  If you manage a lot of payment transactions you should also consider to purchase certificate aimed for higher security level. If you do not have payments and special privacy related concerns you can consider some basic certificate or getting some certificate from open certificate Authority such as Let’s Encrypt.

Installation of certificate is sometimes process in which CA or its seller guides you and during that process they may have some security and identity checks.  That process is usually short but for some more expensive certificates it may take some time depending on checking procedures.  You maybe asked to check mail a coupe of times, click on confirmation links.  Some hosting companies and CAs such as Let’s Encrypt prepared on line instructions that is easy to follow.  However, editors who are not familiar with IT technologies and standards should ask hosting company or their system administrator to install certificate properly.  After installation of security certificate green padlock should appear on the left side in status bar in browser. If there is not green padlock or you see padlock with exclamation sign please check Why No Padlock site and use their testing tool in order to fix potential issues.  Output of test may show results like on image below:

checking ssl certificate

Some people use SSL Tools or other on line certificate checkers in order to check validity of certificate.

Some CAs offer additional checks of installed certificates since there are know attacks on certificates.  After I installed one relatively expensive certificate for one site that manage on line payments I noticed that their server still had active TLS 1.0 which was vulnerable to so called BEAST attack.  Although latest versions of TLS are not vulnerable to BEAST attack it is always good to check whether your hosting company or institutional servers are updated to the latest versions of security protocols.  Additional information on some other attacks on certificates are described on one very interesting security oriented blog. 

Note: Despite popularity of mobile phones I would not use mobile phone  for work on very important data or administering web application or server with all kind of important information. 




Spellcheck-Scientific Texts

The Open Journal Systems users use embedded TinyMce editor to enter various information during publishing their articles in journals.  Some users may need for various reasons spellcheck in order to make sure that texts they enter are spelled correctly.  TinyMce developers  developed one very simple spellchecker plugin that is not configured by default in the Open Journal Systems. There is free version and Spell Checker Pro version. TinyMce developers stated on the web page for Spell Checker pro that: A TinyMCE Enterprise subscription includes the ability to download and install a spell check as-you-type feature for the editor.

If you are editor, editorial board member or administrator of the site of your journal various payment schemes for spellchecking might not be affordable.

For general purpose texts you can use spellcheck capability of your browser.

But, if you need free, easy to install TinyMce spellchecker capable to spellcheck medical, scientific and legal terms you can consider using Nanospell spellchecker.  The developers of Nanospell stated on their site  that: It is perfect for secure applications and websites where user experience counts:

  • Guaranteed dictionary availability across all browsers, including medical, scientific and legal words.
  • Never sends your secure data to any remote servers: everything is done locally.
  • Works in older browsers which do not have spellchecking capabilities of their own.
  • No popup Ads

I supported some members of editorial boards to install it and configure properly in their Open Journal Systems installations. That is very easy and straightforward process which should not last more than 5 minutes and its icon should appear in toolbar of TinyMce editor in your Open Journal Systems installation.  It is easy to install its dictionaries which can meet your editorial and authoring needs.  However, please be aware of their licensing policy.