[Moims-rac] Authenticity - additional findings

Barbara Sierman Barbara.Sierman at KB.nl
Mon Oct 15 09:41:18 EDT 2007 

In 2002 the IBM/KB long-term preservation Study on "Authenticity in a
digital environment"was published, this report can be found on
http://www.kb.nl/hrd/dd/dd_onderzoek/dnep_ltp_study-en.html

Some interesting remarks are made in this report, which may help us in
defining authenticity

 

Kind regards,


Barbara Sierman
Digital Preservation Officer

Koninklijke Bibliotheek
PO Box 90407
2509 LK Den Haag, The Netherlands

+31 70 3140109
barbara.sierman at kb.nl

www.kb.nl

________________________________

Van: moims-rac-bounces at mailman.ccsds.org
[mailto:moims-rac-bounces at mailman.ccsds.org] Namens Mark Conrad
Verzonden: donderdag 11 oktober 2007 22:01
Aan: MOIMS-Repository Audit and Certification BOF; D.L.Giaretta at rl.ac.uk
Onderwerp: Re: [Moims-rac] Authenticity - additional findings

 

Hello,

 

I have completed part of my assignment. Here are the definitions that I
propose that we use for the terms identified during our meeting on
October 1 and in prior meetings.

 

Adapted from ISO 15489-1:

 

 

Authenticity

 

Authentic information is information that can be proven

 

a) to be what it purports to be

 

b) to have been created or sent by the person purported to have created
or sent it, and

 

c) to have been created or sent at the time purported.

 

To ensure the authenticity of information, organizations should
implement and document policies and procedures which control the
creation, receipt, transmission, maintenance and disposition of
information to ensure that information creators are authorized and
identified and that information is protected against unauthorized
addition, deletion, alteration, use and concealment.

 

 

Reliability

 

Reliable information is information whose contents can be trusted as a
full and accurate representation of the transactions, activities or
facts to which they attest and can be depended upon in the course of
subsequent transactions or activities. Information should be created at
the time of the transaction or incident to which they relate, or soon
afterwards, by individuals who have direct knowledge of the facts or by
instruments routinely used within the business to conduct the
transaction.

 

 

Integrity

 

The integrity of information refers to its being complete and unaltered.


 

It is necessary that information be protected against unauthorized
alteration. Information management policies and procedures should
specify what additions or annotations may be made to information after
it is created, under what circumstances additions or annotations may be
authorized, and who is authorized to make them. Any authorized
annotation, addition or deletion to information should be explicitly
indicated and traceable.

 

 

Useability

 

Useable information is information that can be located, retrieved,
presented and interpreted. It should be capable of subsequent
presentation as directly connected to the business activity or
transaction that produced it. The contextual linkages of information
should carry the information needed for an understanding of the
transactions that created and used them. It should be possible to
identify information within the context of broader business activities
and functions. The links between information that document a sequence of
activities should be maintained.

 

 

 

NESTOR definition

 

Trustworthiness 

 

The capacity of a system to operate in accordance with its objectives
and specifications (that is, it does exactly what it claims to do). The
trustworthiness of a digital repository can be tested and assessed on
the basis of a criteria catalogue.

 

 

SAA A Glossary of Archival and Records Terminology definitions:

 

Authentication  

 

    n., ~ 1. The process of verifying that a thing is what it purports
to be, that it is acceptable as genuine or original. - 2. Computing *
The process of establishing a user's identity.

 

 Authenticate

 

 v. ~ 3. To verify that a thing is what it purports to be. - 4.
Computing * To establish an individual's identity.

 

 

Once we reach consensus on what definitions to use, I will complete my
analysis of the document to see what changes will have to be made to the
working document to make it self-consistent.

 

 

Mark 



>>> mark.conrad at nara.gov 9/28/2007 4:35 PM >>>

Hello,

 

I think I now have a little better idea of why TRAC does not address
authenticity as we might like it to. The OAIS Reference Model barely
addresses issues of authenticity.

 

>From the Reference Model for an Open Archival Information System (OAIS),
CCSDS 650.0-B-1, BLUE BOOK, January 2002
(http://public.ccsds.org/publications/archive/650x0b1.pdf):

 

"A conforming OAIS archive shall fulfill the responsibilities listed in
3.1. Subsection 3.2
provides examples of the mechanisms that may be used to discharge the
responsibilities
identified in 3.1. These mechanisms are not required for conformance."
(pg 1-3) (pg 12 of the pdf)


Section 3.1 says:

 

"Follow documented policies and procedures which ensure that the
information is
preserved against all reasonable contingencies, and which enable the
information to
be disseminated as AUTHENTICATED COPIES OF THE ORIGINAL, or as traceable
to the original."(emphasis added)
(pg 3-1) (pg 33 of the pdf)

 

Section 3.2 does not include an example of a mechanism to "enable the
information to
be disseminated as authenticated copies of the original, or as traceable
to the original."

 

Section 5.1.3 does not directly address reproducing authentic copies of
a digital object, but it does discuss not changing the essential message
of the information content.

 

The glossary in Section 1.7.2 does not define authenticated copy,
authentic, authenticity, reliability, usability, integrity, or
trustworthy(iness). Perhaps some members of this group who also
participated in the development of the TDR and TRAC documents can talk
about the progression from this one reference in the OAIS Reference
Model to the frequent use of these terms in the TRAC.

 

Don't get me wrong. As an archivist I am very interested in having a
trustworthy digital repository that can reproduce authentic copies of
electronic information (particularly records). I am just curious as to
how we assess conformance to the OAIS by assessing the authenticity of a
repository's holdings since this topic is barely mentioned in the OAIS
Reference Model.

 

Per our discussion at last Monday's meeting, I have examined the
definitions of authenticity, reliability, usability, and integrity in
ISO 15489-1. I do not believe that adopting these definitions as they
exist will work for our purposes. The definitions are all
"records-centric." Again, as an archivist I have no problem with this,
but if the document we are working on is to be relevant beyond the
traditional archival community these definitions would have to be
modified.

***************************************************************

7.2 Characteristics of a record

 

7.2.1 General 
 
A record should correctly reflect what was communicated or decided and
what action was taken. It should be able to support the needs of the
business to which it relates and be used for accountability purposes.
 
As well as content, the record should contain, or be persistently linked
to, or associated with, the metadata necessary to document a
transaction, as follows:

 

a) the structure of a record, that is, its format and the relationships
between the elements comprising the record, should remain intact;
 
b) the business context in which the record was created, received and
used should be apparent in the record (including the business process of
which the transaction is part, the date and time of the transaction and
the participants in the transaction);
 
c) the links between documents, held separately but combining to make up
a record, should be present. 

 

Records management policies, procedures and practices should lead to
authoritative records which have the characteristics given in 7.2.2 to
7.2.5. 

 

7.2.2 Authenticity

 

An authentic record is one that can be proven

 

a) to be what it purports to be

 

b) to have been created or sent by the person purported to have created
or sent it, and

 

c) to have been created or sent at the time purported.

 

To ensure the authenticity of records, organizations should implement
and document policies and procedures which control the creation,
receipt, transmission, maintenance and disposition of records to ensure
that records creators are authorized and identified and that records are
protected against unauthorized addition, deletion, alteration, use and
concealment.

 


7.2.3 Reliability

 

A reliable record is one whose contents can be trusted as a full and
accurate representation of the transactions, activities or facts to
which they attest and can be depended upon in the course of subsequent
transactions or activities. Records should be created at the time of the
transaction or incident to which they relate, or soon afterwards, by
individuals who have direct knowledge of the facts or by instruments
routinely used within the business to conduct the transaction.

 


7.2.4 Integrity

 

The integrity of a record refers to its being complete and unaltered. 

 

It is necessary that a record be protected against unauthorized
alteration. Records management policies and procedures should specify
what additions or annotations may be made to a record after it is
created, under what circumstances additions or annotations may be
authorized, and who is authorized to make them. Any authorized
annotation, addition or deletion to a record should be explicitly
indicated and traceable.

 


7.2.5 Usability

 

A useable record is one that can be located, retrieved, presented and
interpreted. It should be capable of subsequent presentation as directly
connected to the business activity or transaction that produced it. The
contextual linkages of records should carry the information needed for
an understanding of the transactions that created and used them. It
should be possible to identify a record within the context of broader
business activities and functions. The links between records that
document a sequence of activities should be maintained.

************************************************************

I believe that many of the underlying principles of these definitions
could be used in developing definitions for the document we are working
on, but they should not be used as they are currently written.

 

Mark

 

 

 


 

 

Mark Conrad
Electronic Records Archives (ERA)
NHER 
The National Archives and Records Administration
Building 494 Second Floor
310 State Route 956
Rocket Center, WV  26726

 

Phone: 304-726-7820
Fax: 304-726-7361
Email: mark.conrad at nara.gov 
ERA Website: http://www.archives.gov/era/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/moims-rac/attachments/20071015/11abfe06/attachment-0001.html

More information about the Moims-rac mailing list