Smithsonian Trustworthy Digital Repository Roundtable

A framework for understanding
Trustworthy digital repositories
Kara Van Malssen
AudioVisual Preservation Solutions / NYU MIAP
Smithsonian TDR Roundtable
April 15, 2013

Wednesday, April 24, 13

I'm going to start at a very high level in order to paint a big picture of the concept of Trustworthy Digital Repositories before we
get into speciﬁcs in our discussions today. Sometimes we can't see the forest for the trees in these sorts of discussions.
Perhaps the most important issue is the one we are not looking at.
What does a trustworthy repository for media art look like? In order to answer this, we need to break down this question, and
look at standards and recommended practice.

☞͓͔̤͗!"ْٓ༜༛↱⃝ trust ↲≻≼◵⠓⁸# ( ั⿶अ

What does trustworthy mean to a repository of time-based media art? Or any ﬁne art in digital form?

Is it trust the security against attack or misuse? This is how the computer industry works when they talk about trust. Control of who/what can access the computer, and what can be run on it
(Doctorow)? In this case, we are usually talking about trust of the user in the applications they are using, or trust by the vendors in the applications they allow to be installed on their devices.

Is it the assurance that the works acquired by the museum will be accessible in long-term?

• Negotiate for and accept appropriate information from information Producers.
• Obtain sufﬁcient control of the information provided to the level needed to ensure
Long Term Preservation.
• Determine, either by itself or in conjunction with other parties, which communities
should become the Designated Community and, therefore, should be able to
understand the information provided, thereby deﬁning its Knowledge Base.
• Ensure that the information to be preserved is Independently Understandable to the
Designated Community. In particular, the Designated Community should be able to
understand the information without needing special resources such as the assistance
of the experts who produced the information.
• Follow documented policies and procedures which ensure that the information
is preserved against all reasonable contingencies, including the demise of the
Archive, ensuring that it is never deleted unless allowed as part of an approved
strategy. There should be no ad-hoc deletions.
• Make the preserved information available to the Designated Community and enable the
information to be disseminated as copies of, or as traceable to, the original submitted
Data Objects with evidence supporting its Authenticity.

OAIS Mandatory Responsibilities (ISO 14721:2012)

1. How long is long-term?


2. What is meant by accessible?


2. What is meant by accessible?
3. Whose trust do we need / who are we
trusting?


The task force saw that ‘trusted’ or trustworthy organizations could not simply identify themselves. To the contrary, the task force declared, ‘a process of certification for digital archives is
needed to create an overall climate of trust about the prospects of preserving digital information’. - CCSDS 652.0-M-1 (ISO 16363: Audit and Certification of Trustworthy Repositories)
⁃ OAIS provided the framework for requirements of a preservation repository, but we would need a way to measure compliance with this
⁃ TDR was originally developed by RLG and OCLC in "Trusted Digital Repositories: Attributes and Responsibilities"
⁃ A number of criteria arose out of that --> nestor, DCC, Data Seal of Approval, TRAC
⁃ ISO came out of TRAC
⁃ Certification of auditing bodies is coming soon: ISO 16919

1996 Task Force on Archiving of Digital Information
“Repositories claiming to serve an archival
function must be able to prove that they are who
they say they are by meeting or exceeding the
standards and criteria of an independently-
administered program for archival certiﬁcation”


OAIS


TDR
OAIS


NESTOR TRAC DSA

TDR
OAIS


ISO 16363:2012
NESTOR TRAC DSA

TDR
OAIS


1. The data producer deposits the research data in a data repository with sufficient information for
others to assess the scientific and scholarly quality of the research data and compliance with
disciplinary and ethical norms.

2. The data producer provides the research data in formats recommended by the data repository

3. The data producer provides the research data together with the metadata requested by the data
repository

Data Seal of
4. The data repository has an explicit mission in the area of digital archiving and promulgates it

5. The data repository uses due diligence to ensure compliance with legal regulations and contracts
including, when applicable, regulations governing the protection of human subjects.

Approval
6. The data repository applies documented processes and procedures for managing data storage

7. The data repository has a plan for long-term preservation of its digital assets

8. Archiving takes place according to explicit workflows across the data life cycle

Guidelines 9. The data repository assumes responsibility from the data producers for access and availability of the
digital objects

10.The data repository enables the users to utilize the research data and refer to them
www.datasealofapproval.org integrity of the digital objects and the metadata
11.The data repository ensures the

12.The data repository ensures the authenticity of the digital objects and the metadata

13.The technical infrastructure explicitly supports the tasks and functions described in internationally
accepted archival standards like OAIS

14.The data consumer complies with access regulations set by the data repository

15.The data consumer conforms to and agrees with any codes of conduct that are generally accepted in
higher education and research for the exchange and proper use of knowledge and information

16.The data consumer respects the applicable licenses of the data repository regarding the use of the
Wednesday, April 24, 13 research data
Difference between a digital preservation repository and a data center? Show by the Data Seal of Approval Guidelines:
⁃ Mission to preserve
⁃ Collection and maintenance of metadata, representation information
⁃ Compliance with IPR, and other access regulations
⁃ Ensure data integrity
⁃ Ensure ...

ISO TRAC


Let's take a moment to recognize that the ISO standards that are the bookends of this story were developed by the space
science data community. Research libraries in many ways lead the charge in audit and certification. Currently, the only
"official" certification body is CRL, for TRAC. 4 repositories have received certification.

Let's use TRAC for the purposes of this discussion - it provides a broadly applicable set of criteria that has to fit the context. It tells us what are the responsibilities

B6.10 Repository enables the dissemination of authentic copies of
the original or objects traceable to originals.


Authenticity - deﬁnition of access to the authentic object or its surrogate. This was an interesting thing to think about at the
Paik symposium yesterday. Is it ok to show it this way because this is reference material for a talk, not the original
work? Not in the gallery? In the gallery, were the works themselves authentic, or merely imitating the original? The
visitors couldn't interact as they could with the originals - so is this authentic? It's up to the community, curatorial,
patrons, to decide. It's a question very speciﬁc to media and digital art.

B2.1 Repository has an identiﬁable, written deﬁnition for each AIP or
class of information preserved by the repository.

Jonathan Harris, Sep Kamvar. I want you to want me (2008)

What is the work? Is it still the work without the interaction from the visitor? Or is it a
representation? Or documentation? What needs to be included in the AIP in order for it to be
fully rendered as the work? Can we start to identify and establish these classes in order to
ease the need to look at each work case-by-case? We are working on this with Cornell.

http://foundmedia.tumblr.com/image/19124461617

B1.1 Repository identiﬁes properties it will preserve for digital objects.


I noticed in the gallery that video as documentation was displayed differently than the
artworks. On contemporary monitors, with different aspect ratio and frame sizes from the
original. And that’s ok. But we need to be aware of the choices and their impact on signiﬁcant
properties. For artworks, this may be case by case. For documentation, it may be treated on

What questions does a ﬁne arts museum need to ask it itself in order to start to develop policies, technologies, and procedures that can be
considered trustworthy? How do the answers shape those policies, technologies, and procedures? How do they help support resource
allocation, acquisition practices, exhibition and curation? Can the answers to these questions allow a museum to take a step further, in
order to answer the questions speciﬁc to the museum's context?

1. What is the mission of the repository?


2. Who is the Designated Community?


3. What is their deﬁnition of “understandable”?


4. How do they need/want to access content?


5. What level of responsibility does the repository
take to meet these needs?


6. What Representation Information & Content
Information is required for each work/class?


7. What current technologies, practices, and
additional standards can be applied to meet
these requirements?


7. What current technologies, practices, and
additional standards can be applied to meet
these requirements?

Specifics

Conclusion: just like preservation, trustworthiness of a repository is an ongoing commitment. Administrations, boards, staff, budgets, technologies, patrons, etc all change. Even the
standards for trustworthy digital repositories change (it is built into ISO 16363 to revisit 5 years from publication to see if it is still relevant). A trustworthy repository for digital media
arts, as with any other content, will be one where preservation and access of digital collections is a permeant initiative of the institution, one that monitors itself on an ongoing
schedule, is transparent about that self-monitoring and adjustment, and ascribes to the scrutinization by an external body. Does there need to be such a body that is unique to
certification of fine arts repositories? Perhaps -- CCSDS is developing ISO 16919: Requirements for bodies providing audit and certification of candidate trustworthy digital
repositories. Is there an opportunity or a need for this uniquely in the fine arts sector? Some of the research libraries have been driven by the requirement of NSF that researchers
receiving federal funding have a data management plan. Some of the certified repositories are marketing their services specifically to these customers, and the certification in these
cases really does allow those customers to TRUST the services they are submitting data to. At least, they and the granting agencies trust this enough to give them funds for their

Smithsonian Trustworthy Digital Repository Roundtable

More Related Content

Similar to Smithsonian Trustworthy Digital Repository Roundtable

More from Kara Van Malssen

Recently uploaded

Smithsonian Trustworthy Digital Repository Roundtable