Silvio Salza silviosalzauniroma1it Maria Guercio mariaguerciouniroma1it CINI Università di Roma La Sapienza Authenticity Authenticity is a central concept ID: 605805
Download Presentation The PPT/PDF document "Managing Authenticity" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Managing Authenticity
Silvio Salza,
silvio.salza@uniroma1.it
Maria
Guercio
,
maria.guercio@uniroma1.it
CINI -
Università
di
Roma “La
Sapienza
”Slide2
Authenticity
Authenticity is a
central concept
in Digital Preservation
A Digital Resource (DR) is authentic if it is actually what it pretends to be
and that it is free from tampering or corruption
Clearly authenticity depends on the competence and the reliability of the keeper of the resource
Ensuring authenticity implies the capacity of
controlling:
the identity of the DR
: that means the
reference
, the
context
and the
provenance
the integrity DR
: that means
that its original content has not been corrupted
. Slide3
Integrity
The
integrity
of a resource means that the preserved resource is
complete and uncorrupted in all its essential components
.
An evident property for
material objects
, since in this case
the original object is preserved
Digital resources are preserved as
copies of the original object
, and undergo
transformations
(e.g. format and/or physical support migrations) due to technological obsolescence
Checking the integrity
becomes a
far more complex process
:
even if
the original
bitstream
may be compromised
.....
the content
, i.e. the essential components,
may still be preservedSlide4
Identity
The
identity of a resource
primarily refers to its
unique designation and/or identification
, but is more than that
It refers to
the whole
of the characteristics
of a resource
that
uniquely identify it and distinguish it from any other resource
This
heavily depends on the environment
and includes:
The
internal conceptual structure
of the resource
The
general context
(administrative, legal, documentary, technological, some could even add social)
The
provenance
: where does it come from? How did it get to usSlide5
Why is authenticity crucial ?
The need to preserve
authentic information content
(not tampered and able to prove its persistency) cannot be questioned:
it is firmly based on common sense
To understand the
central role of authenticity
in the digital preservation process we must concentrate on two aspects:
the
dynamic nature of the preservation process
which endangers the integrity of the information content; and
the need
to be able to assess the identity, integrity and provenance
of resources, that have undergone during their lifecycle a series of transformationsSlide6
Authenticity in a digital environment
In a traditional environment an
uninterrupted chain of custody
is generally sufficient to guarantee the authenticity of the preserved
resorces
Digital Resources (DR) are instead
very vulnerable
and can be easily
forged or corrupted without leaving any evidence
Transmission
of digital object along the chain of custody is a very delicate process:
transmission channels are quite vulnerable
Authenticity of digital resources can be therefore affected by:
transformations
(due to technological obsolescence)
changes of custody
the DR undergoes during its lifecycle.
As a consequence, authenticity
cannot be recognized as given once and for ever
within a digital environmentSlide7
Authenticity in OAIS and InterPARES
OAIS
(2012 version):
“The degree to which a person (or system) may regard an object as what it is purported to be. The degree of authenticity
is judged on the basis of evidence
”
InterPARES
:
The
authenticity
has no degree in itself
The
presumption of the authenticity
is graduated
The assessment is supported by:
the preservation system
the evidence collected during the lifecycle
(both before and after preservation begins)Slide8
Authenticity in CASPAR
The
CASPAR
project (2006-2009) provided a crucial contribution to the problem of managing authenticity in Long Term Digital Presentation (LTDP) repositories:
has provided a
model based on OAIS and InterPARES principles
for managing authenticity in order to allow to assess it at a later time
has identified a
set of attributes
that allows to capture evidence along the DR lifecycle and to collect it
has developed
specific procedures
to
manage authenticity
: authenticity management protocolsSlide9
The APARSEN contribution
APARSEN
proposes a
methodology for the management of the authenticity of Digital Resources (DR)
:
Formal authenticity model
: to represent the DR lifecycle and the management of authenticity evidence
Operational guidelines
: to guide the process of instantiating the model in a specific environment
Case studies
: carried out to tune the methodology and test its effectiveness in a set of heterogeneous environmentsSlide10
Authenticity and the DR lifecycle
Transformations relevant to the DR authenticity may occur even
before preservation begins
The authenticity management process must encompass
the whole DR lifespan since its creation
Interoperability becomes a crucial requirement
to be supported by the authenticity management policy
Authenticity is affected by
transformations
and
changes of custody
the DR undergoes during its lifecycle. To assess authenticity one needs to
collect and preserve appropriate evidence
in order to be able, at a later time,
to trace back these transformations Slide11
Modeling the digital resource lifecycle
PRE-INGEST PHASE
: from the creation of the DR to the beginning of the Long Term Digital Preservation (LTDP) process
LTDP PHASE
: encompasses all the transformations and the changes of custody the DR goes though along the LTDP processSlide12
Collecting authenticity evidence
The first step is to
identify the relevant lifecycle events
These are typically of two kinds:
Changes of
custody
: the DR is moved to a different repository
Transformations
: the format, or more in general the way the DR is recorded and preserved, is changed
In both cases
authenticity evidence must be collected
, to allow assessing the authenticity at a later time.
For each event one must specify
:
Which
evidence
should be
collected
How should it be organizedSlide13
Authenticity Evidence Records (AER)
Authenticity Evidence Record (AER):
structure containing the evidence collected in connection with a specific event
Authenticity Evidence History (AEH):
incremental structure of AERs
At any moment, scanning the AEH allows to trace back all the transformation the DR has undergone, and therefore to establish the authenticity and the provenance of the DR Slide14
Authenticity Protocols
Authenticity
Evidence Record (AER):
defines which
Authenticity Evidence Items (AEIs)
must be collected (
data level
)
Authenticity Protocol (AP)
defines which sequence of actions should be performed in order to collect these items (
procedural level
)
Authenticity Protocol (AP):
the procedure to be followed,
in connection with a given lifecycle event
, to perform the controls and to collect the authenticity evidence which is preserved in the Authenticity Evidence RecordsSlide15
The need for interoperability
Typically, a DR undergoes several
changes of custody
along its lifecycle
Systems have
to deal with evidence collected by other systems
Proper definition and standardization of
AERs
are crucial steps towards interoperability
The hearth of the problem is:
Organize the authenticity evidence within the AERs in such a way that it can be reasonably interpreted by a system different from the one that collected itSlide16
Achieving interoperability
Interoperability
should be achieved through
standardization
: notably standardization of the AER structure and format
It is the final goal, but it may be a very long process and requires a large consensus
Providing
guidelines
that could be
reasonably
implemented
is an important preliminary step
The APARSEN has developed a set of
operational guidelines
The guidelines have been
successfully tested
to instantiate the APARSEN authenticity management model
in several different environments
(case studies)Slide17
The operational guidelines
STEP 1
.
Understanding the needs of the Designated Community
STEP 2
.
Identifying relevant lifecycle events
STEP 3
.
Defining the policy and the Authenticity Evidence Record
STEP 4
.
Formalizing Authenticity Protocols
Systematic procedure to be followed when instantiating the model in a specific environment to get to the definition of an appropriate authenticity management policySlide18
1 – Understanding the Designated Community
This is
a crucial preliminary step
The
Designated Community
is a central concept in the
OAIS reference model
It includes both the
Producers
and the
Consumers
, i.e. those
interested in maintaining long term access to the DRs
Authenticity may have quite a
different meaning to different communities
One needs to understand
which kind of evidence is important
for a given community, to
define the policy accordinglySlide19
2 – Identifying the lifecycle events
The approach is especially effective in environments with
systematic workflows
:
large
and
stable
flows
of DRs
each DR undergoes the
same
transformations
and
changes of custody
during its lifecycle
Only
events relevant to authenticity
, according to the needs of the designated community, must be considered
The lifecycle is clearly identified according to the APARSEN modelSlide20
3 – Defining the policy
First compare the
current practices
and
what should be done
according to the best practices
What if
some checks are not performed
, and
some evidence items are not collected
?
There may be good reasons to do that
For instance in some environments restricted access and enforced security policies
may guarantee for the integrity of DRs
Once the appropriate evidence and actions have been selected, the policy
should specify for each relevant lifecycle event
:
The
checks
that have to be performed
The evidence items to be collected and preserved in the AERSlide21
4 – Formalize the authenticity protocols
APARSEN
has extended and brought to concrete implementation a concept originally introduced by
CASPAR
, a seminal project in digital preservation
An
AP
has to be defined for each event in the lifecycle model
The
AP
is organized as a sequence of
Authenticity
steps (AS)
.
Each
AS
is a set of elementary actions meant to:
perform a specific
control
and/or collect one or more Authenticity Evidence Items (AEI)The execution of the AP for a given lifecycle event generates the Authenticity Evidence Record (AER) for that eventSlide22
Case study: Vicenza Health Care system
Regional
repository of the Italian Public Health Care
System
Complies with complex and demanding Italian regulations on LTDP
Authenticity
is a crucial requirement in the Health Care environment:
Scientific relevance of the data
Attribution of legal responsibilities
Manages
several kinds of digital resources: test results, diagnostic images, medical
reports.
Several systematic workflows, for instance the
Radiology Information System (RIS)
workflow:
Reports digitally signed (crucial authenticity and provenance evidence)
G
o through several transformations and changes of custody Slide23
The RIS lifecycle modelSlide24
Example: AER for INGEST
AEI-1. Event type
: INGEST
AEI-2. Original identifier
:
identifier from the report metadata.
AEI-3. Identifier in the LTDP system
:
ID-DOC generated by Scryba
AEI-4. Context information
:
DICOM identifier of the study to which the report refers.
AEI-5. Date and time of the ingestion
:
from the certified timestamp
AEI-6. Identification and authentication data of the LTDP system administrator
:
generated by Scryba
AEI-7. Assessment on the authenticity and provenance
:
outcome of controls on the digital signature
AEI-8. Digest of the AIP
: from the certified timestamp.Slide25
Example: AP for INGEST
25
Agent
:
Administrator of the LTDP repository
AER
: (as defined above)
Authenticity Step (AS) sequence
:
AS-1
: check provenance
AS-2
: check integrity
AS-3
: check context
AS-4
: generate internal identifier
AS-5
: generate timestamp
AS-6
: generate
AEI
:
Original identifier
AS-7
: generate
AEI
:
Internal identifier
AS-8
: generate
AEI
:
Context information
AS-9
: generate
AEI
:
Date and time
AS-10
: generate
AEI
:
Administrator data
AS-11
: generate
AEI
:
Assessment of authenticity and provenance
AS-12
:
generate
AEI:
Digest of the AIPSlide26
Example: Authenticity step
26
AS-1 for INGEST: check provenance
AS-1.1
: get the digital signature certificate from the pkcs#7 file
AS-1.2
: get the original digital certificate from the Certification Authority
AS-1.3
: check the certificate in the pkcs#7 file against the original certificate
AS-1.4
: check the expiration date in the digital certificate against the current date
AS-1.5
: get the revocation list from the Certification Authority and check it
AS-1.6
: if any of the checks in
AS-1.3
,
AS-1.4
and
AS-1.5
fails
then abort ingestion Slide27
Conclusions
Authenticity of Digital Resources
is affected by
relevant
lifecycle
events
:
transformations
and
changes of custody
Authenticity Evidence
should be systematically collected
along the whole DR lifecycle
APARSEN
proposes a
systematic methodology
:
Formal model
of the DR lifecycle: identify relevant eventsSpecifiy controls to be performed and evidence to be gatheredAuthenticity Evidence Records to ensure interoperabilityOperational guidelines to guide implementation of the modelThe methodology has been tested on several case studies, by successfully implementing it in a variety of environmentsSlide28
Guide to further reading - 1
APARSEN Project: Deliverable 24.1.
Report on Authenticity and Plan for Interoperable Authenticity Evaluation System
(2012).
http://www.alliancepermanentaccess.org/wp-content/uploads/downloads/2012/04/APARSEN-REP-D24_1-01-2_3.pdf
[visited 22 June 2014].
APARSEN Project: Deliverable 24.2
. Implementation and testing of an authenticity protocol on a specific domain.
(2012).
http://www.alliancepermanentaccess.org/wp-content/uploads/downloads/2012/04/APARSEN-REP-D24_2-01-2_2.pdf
[visited 22
une
2014].
Authenticity Task Force, Appendix 2
: Requirements for assessing and maintaining the authenticity of electronic records.
In: The long-term preservation of authentic electronic records: findings of the InterPARES Project, Luciana
Duranti
, (ed.), San
Miniato
, Italy,
Archilab, pp 204–219 (2005). http://www.interpares.org/book/interpares_book_k_app02.pdf [visited 22 June 2014].Briguglio L., Salza S., Guercio G.: Preserving Authenticity Evidence to Assess Provenance and Integrity of Digital Resourcesin. In Information Technologies for Performing Arts, Media Access, and Entertainment. In: Nesi P., Santucci R.: Information Technologies for Performing Arts, Media Access, and Entertainment. LECTURE NOTES IN COMPUTER SCIENCE, vol. 7990, p. 66-77, Berlin Heidelbereg:Springer-Verlag (2013)Slide29
Guide to further reading - 2
CASPAR conceptual model of authenticity
(CASPAR-D1201-TN-0101-1_0).
http://www.slidefinder.net/c/caspar_authenticity_position_paper/32860963
[visited 22 June 2014].
Giaretta
, D.:
Advanced digital preservation
(specifically
chapt
. 13 and sect. 17.11). Springer-
Verlag
, Berlin-Heidelberg (2011).
Guercio
M.:
La notion d'authenticité en conservation numérique
. In Musique et technologie. Préserver - Archiver -
Re-produire
: musique et technologie, jeux vidéo, Paris, Institut national de l’audiovisuel: 75-92 (2013)
Guercio M., Salza S.: Managing authenticity through the digital resources lifecycle. In: Agosti M. et al.(eds), Digital Libraries and Archives, 8th Italian Resarch Conference, IRCDL 2012, Bari, Italy, February 2012. Revised Selected Papers. Communications in computer and information science - CCIS", 354 , © Springer-Verlag Berlin Heidelberg: 249-260 (2013)Salza S., Guercio M.: Authenticity management in long term digital preservation on medical records. In: I-Pres. Proceedings of the 9th International Conference on preservation of digital objects. Toronto, October 1 – 5, 2012, University of Toronto: 171-179 (2013) http://ipres.ischool.utoronto.ca/sites/ipres.ischool.utoronto.ca/files/iPres%202012%20Conference%20Proceedings%20Final.pdf [visited 22 June 2014].Slide30
Network of Excellence