[Moims-rac] Authenticity - additional findings

Giaretta, DL (David) D.L.Giaretta at rl.ac.uk
Mon Oct 1 08:17:18 EDT 2007 

Hi
 
Yes, it's clear that OAIS does not deal with authenticity well, and does
use some terminology in a confusing or even an incorrect way. 
 
In the OAIS 5-year review there were comments about this, especially
from InterPARES people, and it needs to be clarified.
 
..David


________________________________

	From: moims-rac-bounces at mailman.ccsds.org
[mailto:moims-rac-bounces at mailman.ccsds.org] On Behalf Of Mark Conrad
	Sent: 28 September 2007 21:36
	To: MOIMS-Repository Audit and Certification BOF; Giaretta, DL
(David)
	Subject: [Moims-rac] Authenticity - additional findings
	
	
	Hello,
	 
	I think I now have a little better idea of why TRAC does not
address authenticity as we might like it to. The OAIS Reference Model
barely addresses issues of authenticity.
	 
	From the Reference Model for an Open Archival Information System
(OAIS), CCSDS 650.0-B-1, BLUE BOOK, January 2002
(http://public.ccsds.org/publications/archive/650x0b1.pdf):
	 
	"A conforming OAIS archive shall fulfill the responsibilities
listed in 3.1. Subsection 3.2
	provides examples of the mechanisms that may be used to
discharge the responsibilities
	identified in 3.1. These mechanisms are not required for
conformance."
	(pg 1-3) (pg 12 of the pdf)

	Section 3.1 says:
	 
	"Follow documented policies and procedures which ensure that the
information is
	preserved against all reasonable contingencies, and which enable
the information to
	be disseminated as AUTHENTICATED COPIES OF THE ORIGINAL, or as
traceable to the original."(emphasis added)
	(pg 3-1) (pg 33 of the pdf)
	 
	Section 3.2 does not include an example of a mechanism to
"enable the information to
	be disseminated as authenticated copies of the original, or as
traceable to the original."
	 
	Section 5.1.3 does not directly address reproducing authentic
copies of a digital object, but it does discuss not changing the
essential message of the information content.
	 
	The glossary in Section 1.7.2 does not define authenticated
copy, authentic, authenticity, reliability, usability, integrity, or
trustworthy(iness). Perhaps some members of this group who also
participated in the development of the TDR and TRAC documents can talk
about the progression from this one reference in the OAIS Reference
Model to the frequent use of these terms in the TRAC.
	 
	Don't get me wrong. As an archivist I am very interested in
having a trustworthy digital repository that can reproduce authentic
copies of electronic information (particularly records). I am just
curious as to how we assess conformance to the OAIS by assessing the
authenticity of a repository's holdings since this topic is barely
mentioned in the OAIS Reference Model.
	 
	Per our discussion at last Monday's meeting, I have examined the
definitions of authenticity, reliability, usability, and integrity in
ISO 15489-1. I do not believe that adopting these definitions as they
exist will work for our purposes. The definitions are all
"records-centric." Again, as an archivist I have no problem with this,
but if the document we are working on is to be relevant beyond the
traditional archival community these definitions would have to be
modified.
	***************************************************************
	7.2 Characteristics of a record
	 
	7.2.1 General 
	 
	A record should correctly reflect what was communicated or
decided and what action was taken. It should be able to support the
needs of the business to which it relates and be used for accountability
purposes.
	 
	As well as content, the record should contain, or be
persistently linked to, or associated with, the metadata necessary to
document a transaction, as follows:
	 
	a) the structure of a record, that is, its format and the
relationships between the elements comprising the record, should remain
intact;
	 
	b) the business context in which the record was created,
received and used should be apparent in the record (including the
business process of which the transaction is part, the date and time of
the transaction and the participants in the transaction);
	 
	c) the links between documents, held separately but combining to
make up a record, should be present. 
	 
	Records management policies, procedures and practices should
lead to authoritative records which have the characteristics given in
7.2.2 to 7.2.5. 
	 
	7.2.2 Authenticity
	 
	An authentic record is one that can be proven
	 
	a) to be what it purports to be
	 
	b) to have been created or sent by the person purported to have
created or sent it, and
	 
	c) to have been created or sent at the time purported.
	 
	To ensure the authenticity of records, organizations should
implement and document policies and procedures which control the
creation, receipt, transmission, maintenance and disposition of records
to ensure that records creators are authorized and identified and that
records are protected against unauthorized addition, deletion,
alteration, use and concealment.
	 

	7.2.3 Reliability
	 
	A reliable record is one whose contents can be trusted as a full
and accurate representation of the transactions, activities or facts to
which they attest and can be depended upon in the course of subsequent
transactions or activities. Records should be created at the time of the
transaction or incident to which they relate, or soon afterwards, by
individuals who have direct knowledge of the facts or by instruments
routinely used within the business to conduct the transaction.
	 

	7.2.4 Integrity
	 
	The integrity of a record refers to its being complete and
unaltered. 
	 
	It is necessary that a record be protected against unauthorized
alteration. Records management policies and procedures should specify
what additions or annotations may be made to a record after it is
created, under what circumstances additions or annotations may be
authorized, and who is authorized to make them. Any authorized
annotation, addition or deletion to a record should be explicitly
indicated and traceable.
	 

	7.2.5 Usability
	 
	A useable record is one that can be located, retrieved,
presented and interpreted. It should be capable of subsequent
presentation as directly connected to the business activity or
transaction that produced it. The contextual linkages of records should
carry the information needed for an understanding of the transactions
that created and used them. It should be possible to identify a record
within the context of broader business activities and functions. The
links between records that document a sequence of activities should be
maintained.
	************************************************************
	I believe that many of the underlying principles of these
definitions could be used in developing definitions for the document we
are working on, but they should not be used as they are currently
written.
	 
	Mark
	 
	 
	 

	 
	 
	Mark Conrad
	Electronic Records Archives (ERA)
	NHER 
	The National Archives and Records Administration
	Building 494 Second Floor
	310 State Route 956
	Rocket Center, WV  26726
	 
	Phone: 304-726-7820
	Fax: 304-726-7361
	Email: mark.conrad at nara.gov 
	ERA Website: http://www.archives.gov/era/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/moims-rac/attachments/20071001/e6afa0e9/attachment.html

More information about the Moims-rac mailing list