Notes from Megameeting 1st October 2007

Attendees:

DavidGiaretta STFC
BruceAmbacher UM
JohnGarrett NASA
KatiaThomaz INPE, Brazil
MarkConrad NARA
RobertDowns Center for International Earth Science Information Network (CIESIN), U Columbia
NancyMcGovern  
Perla  

All the discussion at this meeting was conducted by chat, so the following transcript of the meeting (with a few typos corrected) is complete.

ACTIONS:

  • ACTION: Mark to add something to the Glossary on "AUthentic", Katia to do the same for the other terms she noted and everyone to comment
  • ACTION 2 - me to draft some text about evidence on authenticity
  • ACTION 3 - Don to think about levels of authenticity demanded by archives (and users)

A number of people are not available next week - we should meet in 2 week's time

David Giaretta >> : Hi, I've turned off ther video streams as usual
David Giaretta >> : Hi Brude - I cannot use audio so if you said something I did not hear
David Giaretta >> : ...sorry Bruce not Brude
David Giaretta >> : Hi Mark - I can hear now but not speak
David Giaretta >> : I Helen joining us? 
David Giaretta >> : Sorry - Is Helen joining us?
Mark Conrad >> (All): Hello, All! I heard Bruce speaking for a few seconds. Did anyone hear me when I spoke?
David Giaretta >> : I heard you Mark
Mark Conrad >> (All): Is anyone there?
David Giaretta >> : There were quite a few emails about authenticity
David Giaretta >> : Yes i heard you Bruce
David Giaretta >> (All): I responded to you Mark
David Giaretta >> (All): AH-ha
BruceAmbacher >> (All): all
BruceAmbacher >> (All): Mark, Did you get my reference for ISO 15489-1?
David Giaretta >> (All): There is a blank entry at the top of the table which seems to be throwing things off.
BruceAmbacher >> (All): Who could that be?
Mark Conrad >> (All): Make sure you click "All" before sending a chat message.
BruceAmbacher >> (All): Should we sign out and re-enter?
David Giaretta >> (All): As Mark said, make sure the "All" is highlighted beside the window you type into
Mark Conrad >> (All): No need to sign out.
David Giaretta >> (All): Looks as if things are working now
David Giaretta >> (All): What section are we on?
NAncyMcGovern >> (All): I can hear Mark but not Bruce so well
BruceAmbacher >> (All): I will increase my volume
Mark Conrad >> (All): Robert and John can you see the chat?
BruceAmbacher >> (All): David, Last week we were focusing on authenticity, reliability, etc.  I think we are at B6.  Do others agree?
Mark Conrad >> (All): Bruce,
JohnGarrett >> (All): I don't think we ever discussed B5
Mark Conrad >> (All): I beleieve that is where we left off. I would like to have a little more conversation about where we go with the authenticity piece 

given the lack of direction in OAIS on this topic.
JohnGarrett >> (All): That was on schedule last week, but we never moved off the authenticity questions.
David Giaretta >> (All): Did we finish the authenticity discussion? Did people see my email about Technical vs Social aspects of authenticity?
Katia Tomaz >> (All): we have some notes in B5.
Katia Tomaz >> (All): yes, david.
JohnGarrett >> (All): I think some people still had issues with authenticity.  Are others happy now with what is there?
David Giaretta >> (All): There were various definitions of authenticity - I don't think we came to a conclusion
NAncyMcGovern >> (All): about David's technical vs. social - I think there are aspects of organizational context (section A) that can be audited - apart 

from the technical and the social - is the repository trusted
David Giaretta >> (All): Nancy - goo point
David Giaretta >> (All): ...sorry "good"
David Giaretta >> (All): DO we need to put in a definition of authenticity?
David Giaretta >> (All): Or rather do we need to put in our own definition? 
Mark Conrad >> (All): How much about authenticity do we want to include in this document given the OAIS relative silence on this issue?
BruceAmbacher >> (All): David, repositories are always best at the "technical" and rely upon the creator (process, reputation, accuracy of other data, 

etc,.) to establish the social authenticity
JohnGarrett >> (All): Yes, I think we need the definition
David Giaretta >> (All): Mark - the issue with OAIS may be improved in the revision process
NAncyMcGovern >> (All): I think we should have an authenticity definition - and we should leave it to repositories to demonstrate their approach to 

authenticity.  In TRAC, we talked about approaches and relevant standards mapping to OAIS and TRAC - I'm happy with that
JohnGarrett >> (All): I agree I think it should be addressed in OAIS revision process, but we still need to ensure it is.
BruceAmbacher >> (All): TRAC, while "derived" from OAIS, is not totally dependent upon it.  As David just said, the OAIS revision may strengthen their 

statements.  Perhaps pull from us?
Mark Conrad >> (All): If this document is to be used to judge OAIS compliance and the OAIS RM is relatively silent on this topic how why do we address it 

here?
David Giaretta >> (All): John - perhaps we can put in a couple of definitions then point out those aspects of the metrics which contribute to it.
Perla Innocenti >> (All): I think we need the definition as well. We might take a look at the state of the art for the definition of "Authenticity", i.e. 

http://www.archivists.org/glossary/term_details.asp?DefinitionKey=9
Mark Conrad >> (All): The SAA glossary is not state of the art on authenticity.
Perla Innocenti >> (All): I know, but it is one of the sources to be considered I think
Mark Conrad >> (All): David, I believe that having multiple definintions only further muddies the water.
David Giaretta >> (All): Well we can choose one existing one (unless we make up our own)
JohnGarrett >> (All): For a standard, we need to get consensus on definition.  People need to at least be comfortable enough with the definition that they 

won't feel a need to oppose using whatever definition we choose.
NAncyMcGovern >> (All): The SAA glossary brings together a number if citations for authenticity, including InterPARES - it seems like a good source.  
JohnGarrett >> (All): I would like to pick the definition from some existing one that everyone resonates with.
Mark Conrad >> (All): The definitions in the SAA Glossary are contradictory.
Perla Innocenti >> (All): That's because the concept of authencity is contradictory according to the contetx, Mark
David Giaretta >> (All): Then we have a problem!
Perla Innocenti >> (All): And this is why it it is important to select the appopriate source and state it
JohnGarrett >> (All): Maybe this is why it wasn't included in detail in OAIS if it is hard to get agreement on what it is.
NAncyMcGovern >> (All): there's the definition (a single statement), the notes, and the citations (which have nuances) - not all are contradictory
RobertDowns >> (All): We might consider stating or adopting a definition that addresses both receiving the genuine object and maintaining it.
BruceAmbacher >> (All): I thought/hoped that was what we did in TRAC.  So lets see where TRAC is deficient and strengthen it
David Giaretta >> (All): SOrry Mark - I missed the start of that
BruceAmbacher >> (All): I have only glanced at what Mark sent out regarding the use of authenticity and reliability
Mark Conrad >> (All): I think this discussion gets more to the question of the scope of the document we are trying to develop.
BruceAmbacher >> (All): An ISO document must have broad scope and applicability and consensus.
Mark Conrad >> (All): Are we concerned with the chain of custody prior to ingestion?
JohnGarrett >> (All): I think TRAC probably addresses it, but did the TRAC document include definitions?
NAncyMcGovern >> (All): agreed, Bruce. a core principle of TRAC
David Giaretta >> (All): I hope we don't have to produce yet another definition of authenticity
Perla Innocenti >> (All): Helen Tibbi and Claude Huc sent emails with useful indications on authenticity definition. And the Interpares definition is a 

widely approved one.
Perla Innocenti >> (All): Hele Tibbo, sorry
NAncyMcGovern >> (All): If TRAC is not sufficient and needs a bit of oomph, we could take a look at the SAA defintiion statement for authenticity and rule 

it out if we want to: "The quality of being genuine, not a counterfeit, and free from tampering, and is typically inferred from internal and external 

evidence, including its physical characteristics, structure, content, and context."  
BruceAmbacher >> (All): InterPARES may be widely accepted but "approved"?
JohnGarrett >> (All): I think we are just a bit interested in what happened before it came to archive, but not much we can check about that.
David Giaretta >> (All): In my email I was leading towards saying that the current TRAC doc addresses a number of technical issues, but social issues are 

external 
David Giaretta >> (All): There is also the pont that an archive can MAINTAIN the evidence about authenticity but not absolutely prove it from the point it 

was created
David Giaretta >> (All): SO TRAC can point to the evidence that contributes that evidence
Katia Tomaz >> (All): an archive can maintain the integrity
BruceAmbacher >> (All): Exactly, a repository can only "prove" what it has done to maintain the object since it received it.
David Giaretta >> (All): What we are missing is (probably) a definition of authenticity (or maybe more than one) and a piece of text which collects 

together the evidence
Mark Conrad >> (All): In the TRAC document as currently written chain of custody prior to ingest is optional. Depending on the definition of authentic you 

adopt it would not be optional.
David Giaretta >> (All): Katia - yes, I was including integrity as part of authenticity
Katia Tomaz >> (All): i think we should define integrity, authenticity, readability, reliability and so on
Perla Innocenti >> (All): agree
Mark Conrad >> (All): agreed
RobertDowns >> (All): agreed
David Giaretta >> (All): Sounds like you just volunteered
Mark Conrad >> (All): I will attempt to prepare definitions for these terms based on ISO15489-1 for next time.
BruceAmbacher >> (All): The repository must rely on the producer.  The transfer documents and Producer-Archive agreement should address authenticity.  The 

other concepts are within the repository's domain.
Katia Tomaz >> (All): remember authentication too
David Giaretta >> (All): katia - that's another area that OAIS is a bit hazy on
Mark Conrad >> (All): Which authentication?
NAncyMcGovern >> (All): We tried really hard to be inclusive of the range of trusted repositories.  ISO 15489 would be a good place to start and we need 

to make sure we are still inclusive.
BruceAmbacher >> (All): The current glossary is only 15 items.  Clearly that can/should be expanded.
Mark Conrad >> (All): authentication as in access controls, information assurance? or as in judging the authenticity of an information object?
David Giaretta >> (All): Authentication as in knowing that someone is who they claim to be
David Giaretta >> (All): ...although I think OAIS used "authenticated" in a funny way which has some people confused
Mark Conrad >> (All): that is the former definition. TRAC and OAIS RM also use the latter without making a distinction.
BruceAmbacher >> (All): David's version does nothing to ncrease confidence in the object.
David Giaretta >> (All): Bruce - what do you mean?
Mark Conrad >> (All): Yes it does. You have to be able to prove no one can tamper with the digital objects.
BruceAmbacher >> (All): We clearly need to sefine the role/actions of the producer and those of the repository
Mark Conrad >> (All): agreed!
BruceAmbacher >> (All): David's version merely addresses whether the potential user has the right to be a user.
Mark Conrad >> (All): or administrator or auditor.
David Giaretta >> (All): Sorry - I seem to have let a wild goose loose
BruceAmbacher >> (All): Let's use the pate.
David Giaretta >> (All): I really just meant that OAIS uses the work "authenticated" in a funny way
NAncyMcGovern >> (All): This is an interesting discussion of authentication, authorization, and accounting: 

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci514544,00.html - this seems a good 3-legged stool for us.
Mark Conrad >> (All): We need to clearly distinguish the two uses of the term.
JohnGarrett >> (All): Archives need to be concerned with both authentication and authenticity - i.e. ensuring people are who they say they are and objects 

are what the are purported to be.
David Giaretta >> (All): COming back to maintaining authenticity - presumably the archive must be sure that the producer is who he/she says they are, and 

that the evidence they provide for the authenticity of the object is acceptable
Mark Conrad >> (All): John, Yes, archives do. What about other repositories covered by the TRAC document?
BruceAmbacher >> (All): John Yes, but you have the order reversed.  An archives could have authentic records and never allow any user access - whether 

authenticated or not.
NAncyMcGovern >> (All): It is a common problem and people (such as the source indicated) have addressed it in ways that address our requirements - 

possibly with some tweaking.
Katia Tomaz >> (All): the archive must authenticate digital objects, not judge their authenticity
BruceAmbacher >> (All): I always thought the same concepts/approaches/rules applied to all.  One vagueness (to me) comes from web capture.
JohnGarrett >> (All): I think other repositories need to address the issue.  Some repositories may decide all the authentication they need is that someone 

can say who they are and no other checking is needed.
JohnGarrett >> (All): But all repositories must maintain the authenticity (at least as received by the archive)
David Giaretta >> (All): In terms of authenticity the issue with authentication of people is to help decide on that "social" issue i.e. is that someone 

whom I trust?
BruceAmbacher >> (All): Katia, archives attest to authenticity through the chain of custody.
JohnGarrett >> (All): Bruce, I agree you may have authenticate records that may not allow any access.
Mark Conrad >> (All): Katia, Can you rephrase your sentence without using authenticate and authenticity so I can understand how you are using the terms?
BruceAmbacher >> (All): David, would you allow access to someone you cannot trust?
David Giaretta >> (All): Bruce - sure, but I might not accept something from them as authentic objects
BruceAmbacher >> (All): David, I am coming from the perspective of an open archives whose designated user community is everyone.
Mark Conrad >> (All): Bruce,
BruceAmbacher >> (All): David, I was referring to tham as a user not as a producer.  I agree regarding an unauthenticated producer.
Mark Conrad >> (All): What kind of access are we providing this person, read only?
RobertDowns >> (All): Some archives might work with a producer, via email, and ask for the object. When they receive the object by email, they might not 

have a reason to suspect foul play.
David Giaretta >> (All): Bruce - I thought that we could separate authenticity from understandability/ designated community/ access
David Giaretta >> (All): Robert - I assume this is a question of degree. Most science archives take a fairly loose view of authenticity
BruceAmbacher >> (All): David, agreed.  You have three distinct issues - authenticity of objects, understandability/useability and access
NAncyMcGovern >> (All): This thread seems to make a good case for providing definitions - accepted definitions from ours or other domains given that these 

are also some core IT issues - and not be specific about how, leaving that to repositories during an audit
BruceAmbacher >> (All): David, if you take a loose view of authenticity, how do you give credence to secondary analysis of such data?
David Giaretta >> (All): Bruce/Nancy - so coming back to authenticity I saw an ACTION - katia (I think) was going to provide a number of definitions.
BruceAmbacher >> (All): Isn't Mark already engaged in that?
David Giaretta >> (All): Bruce - the level of trust is judged acceptable in the science community
Mark Conrad >> (All): Yes. and I am the one who volunteered to continue the work on definintions.
Katia Tomaz >> (All): i have problems with the language...
David Giaretta >> (All): Bruce - about the definitions - Katia mentioned some other terms that needed definition, in addition to Mark's action on 

authenticity
BruceAmbacher >> (All): Of courseseveral can ferret out definitions and we can create our synthesis of those that fill our needs and create anything where 

there is a gap.
Mark Conrad >> (All): I am working on those other terms as well. See my message from Friday.
David Giaretta >> (All): I was just trying to note some actions before the end of the meeting (1) COllect those definitions (2) write some text to point 

out where the existing metrics contribute to the evidence
BruceAmbacher >> (All): Mark, is next Monday the Columbus Day holiday?
David Giaretta >> (All): ...and maybe (3) a discussion of authenticity - and the levels of trust one might expect e.g. government archive vs science 

archive
Mark Conrad >> (All): Bruce, Yes. I will have something ready for October 15th.
NAncyMcGovern >> (All): The TDR document has a nice appendix on trust
David Giaretta >> (All): ACTIONS: I think Mark is leading on Authenticity definition - perhaps we can add to the Glossary 

http://wiki.digitalrepositoryauditandcertification.org/bin/view/Main/GlossaryOfTerms which everyone can add to
BruceAmbacher >> (All): David, that s one definition I want to see you develop.  I never thought science archives had a lower standard of confidence in 

their sources.  I do understand some lack of confidence in the reliability of their raw data.
David Giaretta >> (All): Bruce - I think that it is just a level of trust - DOn may have something to add about this
RobertDowns >> (All): Since science archives know their producers individually and have worked with the same individuals for years, they can trust them.
Mark Conrad >> (All): I think this discussion needs a definition of archives.
David Giaretta >> (All): ...Bruce (continued) I don't think scientists have a lower standard of confidence - just a higher level of trust
BruceAmbacher >> (All): To some extent I was just baiting you.
David Giaretta >> (All): Maybe this brings us around to a discussion of Risk related to authenticity
David Giaretta >> (All): Anyway, is there an interest in action (2) - the collection of pointers to metrics which add authenticity evidence?
JohnGarrett >> (All): And it all comes down to what the Designated Communities are willing to accept (and put up with at the Producer end)
Mark Conrad >> (All): David,
David Giaretta >> (All): ...mark - yes
Mark Conrad >> (All): I think that we will need to agree on definitions, then adjust the TRAC text to fit the definitions, then we can look at metrics 

which add authenticity evidence.
David Giaretta >> (All): Mark - yes, that makes sense
Mark Conrad >> (All): The TRAC document does not currently use the terms we are talking about consistently.
NAncyMcGovern >> (All): agreed
David Giaretta >> (All): Mark - and that may relate to issues with OAIS
Mark Conrad >> (All): Yes. That is why I was raising the questions about the relationship between this document and the OAIS RM.
BruceAmbacher >> (All): And to each of us feeling a different part of the elephant and seing what we wanted to see/feel.
David Giaretta >> (All): So definitions first
RobertDowns >> (All): makes sense
BruceAmbacher >> (All): We did start very closely to OAIS, then tried to gain some distance/separation/greater universality
Mark Conrad >> (All): If we don't define terms and scope we can't build this standard and no one will be able to use it either.
David Giaretta >> (All): Agreed
Perla Innocenti >> (All): agreed
Katia Tomaz >> (All): agreed
NAncyMcGovern >> (All): Though remember we did have an agreed scope and definitions for TRAC and people find it useful already. And agreed that we need to 

tighten the definitions.
David Giaretta >> (All): The problem is that that sounds as if we need to come up with a composite definition - or else choose just one that is adequate
JohnGarrett >> (All): I'm happy if this document is self-consistent and doesn't stray too far from OAIS
BruceAmbacher >> (All): Mark, take a look at the crosswalk to see if nestor has any applicable (universal) definitions.
Mark Conrad >> (All): I will try to disseminate a straw man for definitions before the meeting on October 15th. I will not be here next week.
Mark Conrad >> (All): Bruce, I will look at Nestor and other sources.
David Giaretta >> (All): ACtually, we can make a start on the collection of evidence for authenticity right now. I can volunteer for that - at least to 

produce a straw man
Mark Conrad >> (All): John, the document is not currently self-consistent.
BruceAmbacher >> (All): I need to sign off
JohnGarrett >> (All): I agree and we need to clean that up
Mark Conrad >> (All): David, How do you come up with evidence for a term that has not been defined?
NAncyMcGovern >> (All): So definitions and evidence then see where we are.  Week after next then - I'm away next week, too.  
David Giaretta >> (All): SO ACTION: Mark to add something to the Glossary on "AUthentic", Katia to do the same for the other terms she noted and everyone 

to comment
David Giaretta >> : ACTION 2 - me to draft some text about evidence on authenticity
David Giaretta >> : ACTION 3 - Don to think about levels of authenticity demanded by archives (and users)
David Giaretta >> : A number of poeple are not available next week - shall we say that we meet in 2 week's time?
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2008-02-13 - KatiaThomaz
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback