Upload
amanda-jones
View
214
Download
0
Embed Size (px)
Citation preview
Certification of Trustworthy Digital Repositories
Arnold Rots
Harvard-Smithsonian CfA
2007-09-27 IVOA Interop Sep 2007 - ahr: TDR Certification
2 of 7
The Need for Certification
• Trust level of users is still reasonably high, but is bound to drop
• At some point users will want to know whether a service is “serious” and not fly-by-night
• Serious web services will need a mark of trustworthiness
2007-09-27 IVOA Interop Sep 2007 - ahr: TDR Certification
3 of 7
The Smithsonian Institution
• SI comprises 13 musea and 9 research institutions – and a zoo
• The museum units have discovered the digital world beyond virtual museum tours – for research and preservation purposes
• Issues of authenticity, preservation, and trustworthiness are being pursued
2007-09-27 IVOA Interop Sep 2007 - ahr: TDR Certification
4 of 7
TRAC
• OAIS Reference Model (ISO 14721) contained and item “Accreditation of Archives”
• RLG and NARA set out developing a “Trusted Repository Audit & Certification: Criteria and Checklist” (see also David Giaretta’s talk at ADASS)
http://wiki.digitalrepositoryauditandcertification.org/bin/view
• Covers three main areas:• Organizational Infrastructure• Digital Object Management• Technologies, Technical Infrastructure, and Security
2007-09-27 IVOA Interop Sep 2007 - ahr: TDR Certification
5 of 7
Future Developments
• RAC Working Group: moving TRAC toward ISO standard; there will be changes
• There will likely be levels of certification• User communities – if not funding
agencies – will start asking for certified repositories– NASA and SI already require ISO 17799
certification
2007-09-27 IVOA Interop Sep 2007 - ahr: TDR Certification
6 of 7
Certification and the VO
• My assessment is that many of the major VO repositories will move toward TDR certification
• IVOA has categorically refused to serve as “data police”
• However, TDR certification would give users some level of confidence
2007-09-27 IVOA Interop Sep 2007 - ahr: TDR Certification
7 of 7
Authentication
• Authenticity has a very different meaning depending on whether one deals with physical or digital objects
• Proof of authenticity will become an issue• RXTE archive:
– SHA (NIST FIPS 180-1) message digests of all FITS data products are recorded and made available
– Tool to calculate SHA MD is provided– I am not aware it has ever been used, but it is simple
and cheap to provide this service