Trustworthy

1
Trustworthy Repository Criteria, Virtual
Organizations, and Infrastructure

• MacKenzie Smith, MIT Libraries
• NDIIPP Meeting, July 2010

2
VOs and Preservation

• Some VOs specifically for preservation
• CLOCKSS, MetaArchive
• Some have preservation components
• DataVerse, Dspace
• Some leverage 3rd party services for preservation
• DuraCloud, Chronopolis
• All need mechanisms to define individual member
  and collective policies, monitor and assess
  compliance

3
DSpace Community as a Virtual Organization

• informal community of 1000 organizations using
  common infrastructure, including
• Existing formal and informal corsortia
• e.g. LASR, NITLE, OCUL, WRLC
• Formal and informal collaborations
• e.g. MIT and Harvard
• Emerging use case of Cloud Services for sharing,
  preservation
• e.g. DuraCloud pilot, client/vendor
  relationship
• But
• dont want to be defined or bound by an
  infrastructure platform
• Trust depends on prior relationships, legal
  contracts, implicit and explicit POLICIES of
  members and their content and services

4
The PLEDGE ProjectPoLicy Enforcement in Data
Grid Environments

• Vision
• automated contract monitoring, trust assessment
• e.g. publishing IR policies on the Web in a
  standard format for easy discovery, inspection,
  auditing injecting policies into AIPs
• Allows for ad hoc and flexible, evolving VOs
• Purpose
• Interoperability among infrastructure platforms
  (DSpace, SRB/iRODS) via relevant operations and
  policies
• Process
• Identified existing repository policies ? mapped
  to TRAC ? expressed in Rei (policy expression
  language) ? captured in AIPs ? shared between
  repositories

5
VO Policies and TRAC

• TRAC criteria describe policies about
• Organizations, Environment and Legal (OEL)
• (Designated) Community and Usability (CU)
• Process and Procedure (PP)
• Technology and Infrastructure (TI)
• And are implemented in different transaction
  types
• Specification of Assertion (i.e. metadata)
• e.g. mission statement or business plan
• Consistency Constraint
• e.g. deposit agreement, persistent identifiers
• Periodic Rule
• e.g. media migration, fixity checking
• Atomic Rule
• e.g. access control, required metadata

6
VO Policies and TRAC

• User privacy (CU-0002)
• Deposit agreements (CU-0006, A5.1, A5.2, A3.3)
• Content access (CU-0008, B6.3, B6.4, B6.5)
• Content usage (CU-0010)
• Contributor Eligibility (CU-0011)
• Descriptive metadata (PP-0004, B5.1, B5.2)
• Persistent identifiers (PP-0006, B2.5, B2.6)
• Provenance (PP-0007, A3.6, B1.8, B2.13, B4.5)
• E-records management (PP-0013)
• Integrity (PP-0016, A3.8, B2.12, B4.4, C1.5,
  C1.6)
• Versioning (PP-0017)
• Format support (PP-0018)
• Disaster recovery (TI-0005, C3.4)
• Technology management roles/authorizations
  (TI-0008, C3.3)
• Federation (TI-0010)
• Replication (TI-0011, C1.3, C1.4)
• Policies modeled in Rei
• Policies missing from TRAC

7
Using TRAC in Preservation VOs

• Avoid point-to-point solutions, infrastructure
  platform specific solutions
• All infrastructure platforms should support
  TRAC/VO policies to simplify and expand trust
  (and so preservation!)
• Solution should be Web-based for broadest
  adoption policies should be encoded in a
  standard language
• (e.g. W3C RIF, Policy Language Interest Group)
  and monitor/assess with standard mechanisms