search

DILCISBoard / E-ARK-CSIP

E-ARK Common Specification for Information Packages
http://earkcsip.dilcis.eu
Creative Commons Attribution 4.0 International
11 stars 5 forks source link

Provide a standard folder for authenticity/evidence information #712

Open shsdev opened 11 months ago

shsdev commented 11 months ago

The CSIP should propose an optional standard folder for storing authenticity/evidence information for preserving digital signature files or validation reports. A possible candidate could be /metadata/preservation/authenticity for authenticity/evidence information at the package level and representations//metadata/preservation/authenticity at the representation level. The CSIP should include concrete examples related to specific use cases for preserving signature files.

karinbredenberg commented 11 months ago

The issue is going to be discussed by the DILCIS Board

stephenmackey commented 9 months ago

There is also a need for unstructured 'authenticity' information in the documentation folder. Should there be a sub-folder documentation/authenticity and one documentation/other? Examnples would be: validation reports, data quality rules, validation rules data, digital signature validation procedures.

luis100 commented 9 months ago

Can you provide examples of what is "authenticity/evidence information"?

  1. Would this include digital signatures of the package itself? For example a XADES signature relative to the SIP METS.xml.
  2. Would this include evidence relative to the authenticity of the record information, and if so, can you provide examples of this?
  3. Would this include digital signature relative to the representations or files? If so, shouldn't they be part of the representation data? Why are they being set apart? (for example, a PDF can have an embedded signature which is part of the representation, why is this different from having XADES signature as part of the representation)?
  4. The validation reports that are being pointed out as part of this information are validating what exactly? Conformance to E-ARK IP specification? Conformance to format specifications (e.g. PDF/A)? Conformance to metadata schemas? Is this supposed to be related to the PREMIS events? Is this information really that significant to make it part of the AIP instead of just recording the outcome in PREMIS events and having it existing in a externally in a possibly temporary space?
stephenmackey commented 8 months ago

Luis, I can only comment from my perspective of developing the 3D Product Model CITS.

  1. Unstructured evidence information is: model validation and verification reports, data validation properties. These are verifying data models (representations) against data quality rules (verification) and validation properties as defined in LOTAR EN9300. This is documentation and can sit in the documentation folder or sub-folders as defined in the CITS. If this is a more generic requirement, there could be an authentication/evidence sub-folder defined in CSIP.
  2. Structured evidence information for validation and verification events - this can be encoded in PREMIS
  3. Structured digital signature information - this can also be encoded in PREMIS but I understand there may be other approaches that we want to support and some of these may require specific metadata. I think the schemas need to be specified and we should discuss if this metadata can be held in the preservation folder or if an additional sub-folder is required. If the evidence is other than structured and standardised metadata it should not be in /metadata but in /documents in my view.