Information Technology Reference
In-Depth Information
•
we need various types of evidence. The questions then become:
◦
what evidence must be collected - are there procedures to follow?
◦
from whom?, and
◦
how are we going to be sure the evidence has not been altered?
•
we need to be able to trace the evidence back to someone. The follow-on
questions are then:
◦
can we identify the person?
◦
can we be sure that that person supplied the evidence?
◦
how can we be sure that the person identified is the person claimed, and that
this information has not been altered?
◦
is the person trustable?
•
we need to have a view on how this evidence can be evaluated
These ideas have clear links to the OAIS definitions which will be expanded below.
As was mentioned, we focus on the maintenance of (evidence about) authenticity.
Defining and assessing authenticity in the repository (or more formally - in the
custodial environment) - on which we focus here - are complex tasks and imply
a number of theoretical and operational/technical activities. These include a clear
definition of roles involved, coherent development of recommendations and policies
for building trusted repositories, and precise identification of each component of the
custodial function.
Thus it is crucial to define the key conceptual elements that provide the founda-
tion for such a complex framework. Specifically we need to define how, and on what
basis authenticity has to be managed in the digital preservation processes in order
to ensure the trustworthiness of digital objects. In order to do this we need a more
formal model about authenticity.
The authenticity of digital resources is threatened whenever they are exchanged
between users, systems or applications, or any time technological obsolescence
requires an updating or replacing of the hardware or software used to store, pro-
cess, or communicate them. Therefore, the preserver's inference of the authenticity
of digital resources must be supported by evidence provided in association with the
resources through its documentation (recursion again!), by tracing the history of its
various migration and treatments, which have occurred over time. Evidence is also
needed to prove that the digital resources have been maintained using technologies
and administrative procedures that either guarantee their continuing identity and
integrity or at least minimize risks of change from the time the resources were first
set aside to the point at which they are subsequently accessed.
Let's go back a step and see what we can learn from a more familiar case. How
do you prove that you are who you say you are? For people with whom you grew up
there is probably no problem - they have seen you every day from a small baby to
a grown up and know you are the same person (ignoring any philosophical digres-
sions) despite all the changes that have happened to you physically. To prove who
you are when you enter a new country you would present your passport - why is that
accepted? It is a physical object (a little booklet) that can be examined and checked
