[Moims-rac] Authenticity

claude Huc claude.huc at free.fr
Mon Sep 24 11:53:19 EDT 2007 

Helen Tibbo a écrit :
>
> Dear WG members,
>
> Sorry I couldn’t connect last week but I, too, have been looking at 
> definitions. Here’s what I have so far:
>
> *Authenticity*
>
> “The quality of being authentic, or entitled to acceptance. As being 
> authoritative or duly
>
> authorized, as being what it professes in origin or authorship, as 
> being genuine.” (p. 1)
>
> -/InterPARES Glossary/, 2001. 
> http://www.interpares.org/display_file.cfm?doc=ip1_glossary.pdf
>
> Authenticity – the quality of being authentic – allows digital assets 
> to be reliably reused. An authentic
>
> digital resource is one that is what it purports to be, is free from 
> corruption, and is intact in
>
> all essential respects. Authenticity should be a consideration in all 
> digital preservation activities.
>
> Maureen Pennock, “Digital Preservation: Continued access to authentic 
> digital assets.”
>
> /DCC Briefing Paper/* *( 28 November 2006). 
> http://www.jisc.ac.uk/media/documents/publications/digital-pres-bp-v1-04-ab_web.pdf
>
> “The authenticity of a digital object refers to the degree of 
> confidence a user can have that the object is the same as that 
> expected based on a prior reference or that it is what it purports to be.”
>
> “Authenticity.” PADI. Preserving Access to Digital Information. 
> National Library of Australia. http://www.nla.gov.au/padi/topics/4.html
>
> “Authenticity: of a document, that is is the same as that which a user 
> expected based on a prior reference. (see also INTEGRITY)”
>
> Working Definitions of Commonly Used Terms (for the purposes of the 
> Cedars Project) http://www.leeds.ac.uk/cedars/documents/PSW01.htm
>
> “Underpinning authenticity and integrity and their preservation over 
> time are the concepts of fixity, stabilisation, trust, and the 
> requirements of custodians and users.”
>
> Seamus Ross*/, /*/Integrity* *and Authenticity of Digital Cultural 
> Heritage Objects/, Digicult, p. 7.
>
> *Integrity*
>
> * *
>
> “Reliability and authenticity” of electronic records (p. 4)
>
> The integrity of a record refers to its wholeness and soundness: a 
> record has integrity when it is
>
> complete and uncorrupted in all its essential respects. This does not 
> mean that the record must
>
> be precisely the same as it was when first created for its integrity 
> to exist and be demonstrated.
>
> Even in the paper world, with the passage of time, records are subject 
> to deterioration, alteration
>
> and/or loss. In the electronic world, the fragility of the media, the 
> obsolescence of technology, and
>
> the idiosyncrasies of systems likewise affect the integrity of 
> records. When we refer to an
>
> electronic record, we consider it essentially complete and uncorrupted 
> if the message that it is
>
> meant to communicate in order to achieve its purpose is unaltered. 
> This implies that its physical
>
> integrity, such as the proper number of bit strings, may be 
> compromised, provided that the
>
> articulation of the content and any required elements of form remain 
> the same. (p. 20)
>
> InterPARES Authenticity Task Force Final Report 
> http://www.interpares.org/display_file.cfm?doc=ip1_atf_report.pdf
>
> “Integrity: of documents, to ensure that it is complete and unaltered 
> from the time of creation.”
>
> Working Definitions of Commonly Used Terms (for the purposes of the 
> Cedars Project) http://www.leeds.ac.uk/cedars/documents/PSW01.htm
>
> *Reliability*
>
> * *
>
> “Reliability refers to the authority and trustworthiness of the 
> records as evidence, the ability to stand for the facts they are 
> about…. A record is considered reliable when it can be treated as a 
> fact in itself, that is, as the entity of which it is evidence. For 
> example, a reliable certificate of citizenship can be treated as the 
> fact that the person in question is a citizen.
>
> Reliability is provided to a record by its form and procedure of 
> creation. The form of a record is the whole of its characteristics 
> that can be separated from the determination of the subjects, persons, 
> or places the record is about. A record is regarded as reliable when 
> its form is complete, that is, when it possesses all the elements that 
> are required by the socio-juridical system in which the record is 
> created for it to be able to generate consequences recognized by the 
> system itself.” (p. 6)
>
> Luciana Duranti, “Integrity and Authenticity of Digital Cultural 
> Heritage Objects” /Archivaria/* *39 (1995)
>
> Dr. Helen R. Tibbo, Professor
> School of Information and Library Science
> 201 Manning Hall
> University of North Carolina at Chapel Hill
> Chapel Hill, NC 27599-3360
> tibbo at ils.unc.edu
> Tel: 919.962.8063
> Fax: 919.962.8071
>
> *From:* moims-rac-bounces at mailman.ccsds.org 
> [mailto:moims-rac-bounces at mailman.ccsds.org] *On Behalf Of *Mark Conrad
> *Sent:* Monday, September 24, 2007 10:48 AM
> *To:* moims-rac at mailman.ccsds.org; D.L.Giaretta at rl.ac.uk
> *Subject:* [Moims-rac] Authenticity
>
> Hello!
>
> As promised at last week's meeting, I have begun exploring what is 
> meant by the terms authentic and authenticity. Here is what I have 
> found so far:
>
> Use of the term "authentic" and "authenticity" in the TRAC document
>
> B. Digital Object Management
>
> . B6: The repository's ability to produce and disseminate accurate, 
> authentic versions of the digital
> objects. (pg 21)
>
> B6.10 Repository enables the dissemination of authentic copies of the 
> original or objects
> traceable to originals.
>
> Part of trusted archival management deals with the authenticity of the 
> objects that are disseminated. A
> repository's users must be confident that they have an authentic copy 
> of the original object, or that it is
> traceable in some auditable way to the original object. This 
> distinction is made because objects are not
> always disseminated in the same way, or in the same groupings, as they 
> are deposited. A database may
> have subsets of its rows, columns, and tables disseminated so that the 
> phrase "authentic copy" has little
> meaning. Ingest and preservation actions may change the formats of 
> files, or may group and split the
> original objects deposited.
>
> The distinction between authentic copies and traceable objects can 
> also be important when transformation
> processes are applied. For instance, a repository that stores digital 
> audio from radio broadcasts may
> disseminate derived text that is constructed by automated voice 
> recognition from the digital audio stream.
> Derived text may be imperfect but useful to many users, though these 
> texts are not authentic copies of the
> original audio. Producing an authentic copy means either handing out 
> the original audio stream or getting
> a human to verify and correct the transcript against the stored audio.
>
> This requirement ensures that ingest, preservation, and transformation 
> actions do not lose information that
> would support an auditable trail between the original deposited object 
> and the eventual disseminated
> object. For compliance, the chain of authenticity need only reach as 
> far back as ingest, though some
> communities, such as those dealing with legal records, may require 
> chains of authenticity that reach back
> further.
>
> A repository should be able to demonstrate the processes to construct 
> the DIP from the relevant AIP(s).
> This is a key part of establishing that DIPs reflect the content of 
> AIPs, and hence of original material, in a
> trustworthy and consistent fashion. DIPs may simply be a copy of AIPs, 
> or may result from a simple
> format transformation of an AIP. But in other cases, they may be 
> derived in complex ways from a large
> set of AIPs. A user may request a DIP consisting of the title pages 
> from all e-books published in a given
> period, for instance, which will require these to be extracted from 
> many different AIPs. A repository that
> allows requests for such complex DIPs will need to put more effort 
> into demonstrating how it meets this
> requirement than a repository that only allows requests for DIPs that 
> correspond to an entire AIP.
> A repository is not required to show that every DIP it provides can be 
> verified as authentic at a later date;
> it must show that it can do this when it is required at the time of 
> production of the DIP. The level of
> authentication is to be determined by the designated community(ies). 
> This requirement is meant to enable
> high levels of authentication, not to impose it on all copies, since 
> it may be an expensive process.
>
> Evidence: System design documents; work instructions (if DIPs involve 
> manual processing);
> process walkthroughs; production of a sample authenticated copy; 
> documentation of community
> requirements for authentication.
> (pp 41-42)
>
> C1.6 Repository reports to its administration all incidents of data 
> corruption or loss, and
> steps taken to repair/replace corrupt or lost data.
>
> Having effective mechanisms to detect bit corruption and loss within a 
> repository system is critical, but is
> only one important part of a larger process. As a whole, the 
> repository must record, report, and repair as
> possible all violations of data integrity. This means the system 
> should be able to notify system
> administrators of any logged problems. These incidents, recovery 
> actions, and their results must be
> reported to administrators and should be available.
>
> For example, the repository should document procedures to take when 
> loss or corruption is detected,
> including standards for measuring the success of recoveries. Any 
> actions taken to repair objects as part of
> these procedures must be recorded. The nature of this recording must 
> be documented by the repository,
> and the information must be retrievable when required. This 
> documentation plays a critical role in the
> measurement of the authenticity and integrity of the data held by the 
> repository.
>
> Evidence: Preservation metadata (e.g., PDI) records; comparison of 
> error logs to reports to
> administration; escalation procedures related to data loss.
> (pg 45)
>
> Use of the term "authenticate" in the TRAC document
>
> B1.3 Repository has mechanisms to authenticate the source of all 
> materials.
>
> The repository's written standard operating procedures and actual 
> practices must ensure the digital objects
> are obtained from the expected source, that the appropriate provenance 
> has been maintained, and that the
> objects are the expected objects. Confirmation can use various means 
> including, but not limited to, digital
> processing and data verification and validation, and through exchange 
> of appropriate instrument of
> ownership (e.g., submission agreements/deposit agreement/deed of gift).
>
> Evidence: Submission agreements/deposit agreements/deeds of gift; 
> workflow documents; evidence of
> appropriate technological measures; logs from procedures and 
> authentications.
>
>
> Use of the term "authentic" and "authenticity" in the OAIS Reference 
> Model (Blue Book, January 2002)
>
> The term "authentic" is not used in this document.
>
> The term "authenticity" is used twice in this document.
>
> 2 OAIS CONCEPTS
> The term 'archive' has come to be used to refer to a wide variety of 
> storage and preservation
> functions and systems. Traditional archives are understood as 
> facilities or organizations
> which preserve records, originally generated by or for a government 
> organization, institution,
> or corporation, for access by public or private communities. The 
> archive accomplishes this
> task by taking ownership of the records, ensuring that they are 
> understandable to the
> accessing community, and managing them so as to preserve their 
> information content and
> authenticity. Historically, these records have been in such forms as 
> books, papers, maps,
> photographs, and film, which can be read directly by humans, or read 
> with the aid of simple
> optical magnification and scanning aids. The major focus for 
> preserving this information has
> been to ensure that they are on media with long-term stability and 
> that access to this media is
> carefully controlled.
> (pg 2-1)
>
> Table 4-1: Examples of PDI Types
> (pg 4-29)
>
>
> The TRAC document uses the term "authenticate" in two different ways:
>
> 1. To authenticate a user of the archive (i.e., to verify the 
> credentials and authorizations of a person attempting to use the 
> repository).
>
> 2. To verify the authenticty of an object in the repository.
>
>
> Neither document offers a definition of authentic or authenticity.
>
> Based on its usage in the TRAC document one could deduce:
>
> Authenticity and integrity are separate concepts.
>
> An object may be traceable to an original without being an authentic 
> copy of the original.
>
> An authentic copy of a digital object is one that has not lost any of 
> the information (the message) conveyed by the original.
>
> One must maintain the chain of custody (referred to in the TRAC 
> document as the "chain of authenticity") of the original object to be 
> able to produce authentic copies of that original or objects traceable 
> to that original..
>
>
> Mark Conrad
> Electronic Records Archives (ERA)
> NHER
> The National Archives and Records Administration
> Building 494 Second Floor
> 310 State Route 956
> Rocket Center, WV 26726
>
> Phone: 304-726-7355
> Fax: 304-726-7361
> Email: mark.conrad at nara.gov <mailto:mark.conrad at nara.gov>
> ERA Website: http://www.archives.gov/era/
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Moims-rac mailing list
> Moims-rac at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/moims-rac
>   
Dear WG members

There is another definition of the authenticity in the ISO 15489 
standard (Records Management) :

An authentic record is one that can be proven
a) to be what it purports to be,
b) to have been created or sent by the person purported to have created 
or sent it, and
c) to have been created or sent at the time purported.
To ensure the authenticity of records, organizations should implement 
and document policies and procedures
which control the creation, receipt, transmission, maintenance and 
disposition of records to ensure that records
creators are authorized and identified and that records are protected 
against unauthorized addition, deletion,
alteration, use and concealment.

Claude Huc

More information about the Moims-rac mailing list