Information Technology Reference
In-Depth Information
against some known standard document. But why is that accepted? The assumption
is that it is backed by your government, but how does the government which issued
it know that the person represented there is in fact you? In the UK, and perhaps else-
where, one has to fill in a form and provide a photograph, both of which are signed
by someone known, and probably trusted, in the community such as a doctor or local
politician. How does the state know that that person is indeed who he/she is indeed
the person who claims to be that doctor or local politician? There may be other infor-
mation that the government has to cross check, but it could just rely on going back to
the community and check - because they are known in the community in some way.
So how does this help us with the Authenticity of digital objects? It seems that a
key point is that we need to be able to trace back to someone who is, in some way,
trusted. Also there is some type of evidence collected. The questions then become:
what evidence must be collected, from whom, and how are we going to be sure the
evidence itself is true? These ideas will be expanded below.
13.3 Elements of the Authenticity Conceptual Model
There are technical parts of the evidence where there is a need for guidance as to
what needs to be captured, as well as some non-technical aspects of evidence such
as who is trustworthy. What follows is a formalism which helps to capture such
evidence in such a way that makes it easier to make judgements about Authenticity.
We do this by defining, at a high level, building blocks we call Authenticity Steps,
which are combined into Authenticity Protocols. These are described next.
13.3.1 Authenticity Protocol (AP)
The protection of authenticity and its assessment is a process. In order to man-
age this process, we need to define the procedures to be followed to assess the
authenticity of specific type of objects.
We call one of these procedures an Authenticity Protocol (abbreviated as AP).
An AP is a set of interrelated steps, each of one we will refer to as an Authenticity
Step (abbreviated as AS). An AP is applied to an Object Type, i.e. to a class of
objects with uniform features for the application of an AP. Any AP may be recur-
sively used in the design of other APs, as expressed in a general workflow relation.
Every AS models a part of an AP that can be executed independently, and consti-
tutes a significant phase of the AP from the authenticity assessment point of view.
The relationships amongst the steps of an AP establish the order in which the steps
must be executed in the context of an execution of the protocol. To model these
relationships we can use any workflow model. We do not enter into the details of
this modelling here, and simply denote as Workflow the set of required relation-
ships. The model introduced so far can be expressed in UML notation as shown in
Fig.
13.1
.
One would expect these protocols to be written by appropriate experts or cura-
tors. Moreover there may be several possible APs associated with any particular
