4. What did I say I would say?
• Trust – when we need it & who from
• Depositors
• Consumers – content & services
• Peers
• Funders
• Who do we need to trust ?
• Certification – TRAC, ISO, DSA, etc
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 4
5. Some other reading
• Walters & McDonald, Creating Trust Relationships for
Distributed Digital Preservation Federations
http://hdl.handle.net/10919/10182
• Day, M. (2008). Toward distributed infrastructures for
digital preservation: the roles of collaboration and trust.
International Journal of Digital Curation, 3(1), 2008, 15-28.
http://www.ijdc.net/ijdc/article/view/60/61
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 5
6. In 2000: worried about authentic objects
• Authentication involves chain of trust
• Not just technological, but sociological
• May still be fiscal or related to other issues
• Technology proves identity, but does not
give trust
Ashley, K “I’m me and you’re you but is that that?” New
Review of Academic Librarianship 6(1) 2000
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 6
8. Repository?
Scholarly Publications
Outputs
Educational Materials
Administrative records
Repository Data center
ERMS
Archive Data library
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 8
11. Are you trusted or trustworthy?
• Producers trust you to take care of stuff
• Consumers trust you to provide content and
services around it
• Everyone trusts you to obey laws & licences
• Peers need to trust your services
• You need to trust your peers’ services
• Your funders need to trust a lot
• You may be outsourcing….
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 11
12. “Trust is good – control is better”
Lenin
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 12
13. Audit & certification standards
• TRAC – 2006 (from TDR [2002], PDI [1996])
• An audit mechanism
• DSA – Data Seal of Approval
• Audit & certification – designed for data repositories
• ISO 16363
• Audit & certification – built on OAIS
• ISO 16919 (in preparation)
• Requirements for audit bodies
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 13
14. OAIS core responsibilities
• Negotiate with producers for content
• Obtain sufficient control
• Determine scope of designated community
• Ensure independent utility of data
• Follow procedures for preservation
• Disseminate data to community
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 14
16. Why do it ?
• To gain trust
• For self-improvement
• To galvanise funders/management/users
• NOT: because everyone else is doing it
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 16
17. Current position
• No ISO-accredited organisation yet
• Self or external work with DSA or TRAC useful
preparation or end-point
• Planning for audit a useful activity in itself
• Auditor training planned for this year
• Buy ISO 16363 from ISO: 172 SF
• Or free from NASA:
http://public.ccsds.org/publications/archive/652x0m1.
pdf
SPARC-OA- 2012-03-12 - Kevin Ashley, DCC, CC-BY 17
Users sometimes care about the identity of a service provider. They care when you ask them for money; they care when your identity is part of the trust they place in what they see. These issues aren’t specific to digital preservation, and they aren’t at all new. Both the technological solutions, and the sociological basis of trust and identity, actually involves a chain of trust of some sort. I believe in the bona fides of the PRO or the British Library; if, through them, I encounter another organisaation, I’ll also take their assurances about the bona fides of that third party. I believe that, when my browser locks that padlock that tells me I have a secure connection, that the security certificate tells me that the maker of my browser has validated the identity of another organisation that has validated the identity of another organisation that did some simple check on the person I’m dealing with. There’s a chain of trust, and to some extent it comes down to: Do I trust Microsoft ? Do I trust AOL/Time-Warner ? Perhaps I don’t want to think about that for very long. The technology helps me prove the identity of someone, but it doesn’t necessarily help me trust them.