Unofficial vs Official Data

[kusala9]

This issue tracks efforts to resolve how the ECDIS should differentiate between official and unofficial data. S-100WG TSM 9 concluded the re is a continued requirement for loading, portrayal and management of unofficial data but the mechanism to be used by the ECDIS remains to be decided (the current mechanism for S-57 has been widely criticised as requiring periodic manual updates and is insecure).

A recent S-128 meeting discussed the issue and summary is yet to be published.

Until this is decided the test for unofficial/official data can not be defined further.

[DavidGrant-NIWC]

S-52 makes a distinction between Non-HO cells / datasets and Non-HO data used to augment existing HO data. Should both be tested?

Note that portrayal requirements regarding official / unofficial data are currently an OEM responsibility - the portrayal catalogue can't distinguish between HO and non-HO data.

[kusala9]

I don't believe "Non-HO data used to augment existing HO data" exists any more. The only considerations (TSM9 discussion) is "official data" - used for navigation under carriage compliance/SOLAS and its opposite, i.e. that which isn't issued "by or on behalf of.... etc etc etc...". The latter needs to be displayed as "unofficial data" using the specified style. Noted (and agreed) the portrayal engine doesn't have access to whether the data is official or not and therefore the mechanism will need to be specified in S_98 Annex C and implemented as a bespoke process by the implementing OEM.

We can close this issue when

• consensus between S-100WG and NIPWG exists on how to differentiate official data from data which isn't official
• we create example datasets in S-164 and adjust the test text if required (number?)

[kusala9]

My solution (the summary I sent to the last S-128 meeting) is the following:

Unofficial/Official, Data Producer Codes and S-100 ECDIS.

There is a requirement for the ECDIS to be able to distinguish between "unofficial" and "official" data Using S-128 as a container only for official data does not seem to work. The only realistic possibility is to use the producer code and the only way to make it non-repudiable (i.e secure / unable to be faked) is to use the producer code embedded in the digital signature and authenticated by the IHO SA certificate.

There is an agreed action from S-100WG7 to embed the producer code in the digital signature for every data file and supporting resource. This also proposes a number of "roles" to be embedded in each certificate which is issued by IHO

• S-128 datasets may be made by data producers (HOs), RENCs and also distributors/VARs who manage services. Additionally, * S-128 can be packaged up and sent to end users without any change.
• Data integrity ("has data changed before it gets to the ECDIS") is done with the digital signature, not S-128

The IHO roles are, therefore:

1. Data Producers - producing data content for live navigation under SOLAS. This data is "official"
2. Other Data Producers - produce data content which is "unofficial"
3. RENCs/Aggregators - validate, distribute and (sometimes) digitally sign data on behalf of their members. These organisations do not create data content but can "stamp" data as "official"
4. S-128 producers - aggregate data together for the purposes of running a service for end users. They can only digitally sign S-128 datasets which support exchange sets.
5. The Scheme Administrator themselves (IHO, only one of these)

The S-128 role allows anyone to compile S-128 data for purposes of running a service. S-128 datasets themselves are not "official" in the same way that ENC (or NP) data is "official" but it is still made by organisations whose identity is certified by IHO. So, this means the ECDIS can differentiate between

• Official data, validates against a certificate with a role of (1) or (3) above. S-128 data must be validated against a certificate with a role of (1,3 or 4) above. this data is loaded.
• Unofficial data content validates against a certificate with a role of (2). This data is loaded but is marked by the ECDIS as "unofficial"

Other data either has

• no signature
• has a signature which does not validate
• has a signature which does not validate against the IHO Scheme Administrator. This data is rejected and not loaded into the ECDIS. This gives
• Service providers the ability to create flexible content and services
• Ensures only data signed by either data producers or their RENC is loaded into the ECDIS.
• Ensures the ECDIS does not need regular updates of which producer code is official and which is unofficial

[DavidGrant-NIWC]

Augmenting with Non-HO data is still called out in S-98. See for instance C-12.11.2.5:

Does this need to be removed? If so, we will need an S-98 issue.

[kusala9]

we'll need an S-98 issue anyway to document the outcomes of this. I've asked for an opinion on C-12.11.2.5. I will propose S-98 changes based on the above. Have also produced test keys/certs to demonstrate the summary above.

[kusala9]

I've lost my original list of what the role codes should be. I propose (for the purposes of creating test data). I suggest avoiding using the terms "official"/"unofficial" in the role codes. DATA_PRODUCER is the default, most certificates will use this. Aggregator will be distributors and anyone creating their own service. Data Aggregator will cover the RENCs and also confer official status on their dataset signatures. Only IHO will use the SCHEME_ADMINISTRATOR code.

1. [DATA_PRODUCER] Data Producers - producing data content for live navigation under SOLAS. This data is "official"
2. [OTHER_DATA_PRODUCER] Other Data Producers - produce data content which is "unofficial"
3. [DATA_AGGREGATOR] RENCs/Aggregators - validate, distribute and (sometimes) digitally sign data on behalf of their members. These organisations do not create data content but can "stamp" data as "official"
4. [AGGREGATOR] S-128 producers - aggregate data together for the purposes of running a service for end users. They can only digitally sign S-128 datasets which support exchange sets.
5. [SCHEME_ADMINISTRATOR] The Scheme Administrator themselves (IHO, only one of these)

test data with examples of each of these are located in ExchangeSets/keys here

[kusala9]

this has now been added to the current draft of S-98 annex C which is being used as a source to make the S-164 test datasets. This can be closed.