Re: Issue 3 - Trust Mechanisms in OCLC Authority Control Service

Hi Mark,

I'm not sure what distinction you are trying to make here. I felt that
MacKenzie's remarks were in line with my suggestion/question. Your paraphrasing
is also reasonable, though it does emphasize the cryptographic signing more
strongly than I meant to.

If the use case does require Simile to support multiple authorities, with
different trust levels, then this has as many implications for the data model
and processing model as it does for the security model. These three elements are
somewhat independent. One might have total trust in the integrity of the
metadata (and thus have no interest in record signing) and yet still need a data
model that allows multiple authorities for the same entity or a processing model
that includes delegation. My comments were more directed at the data model
implications, it sounds like OCLC's thinking centers more on the processing
model. However, these are all facets of the same problem.

By the way, how is the refinement and selection of these use cases being
directed? Is the process aimed at finding practical solutions to specific and
real application requirements or at building a focused research programme
informed by broad classes of applications? Either of these is fine but the
methodology Simile is using isn't clear to me and it affects how peripheral
folks, like myself, can contribute.

Dave

"Butler, Mark" wrote:
> 
> Hi MacKenzie, Dave Reynolds
> 
> I think the point Dave is raising is subtley different so I will try
> paraphrasing and perhaps Dave can correct me if I am wrong.
> 
> "Currently we access authority files, and we know they are correct because
> they come from a central authority we trust e.g. OCLC. However it is also
> desirable to have local authority files, and possibly pool local authority
> files between different organizations for example different DSpace users.
> Therefore one potential problem is how to integrate and resolve these
> different information sources.
> 
> One of the ideas that the Semantic Web wants to explore is how to represent
> trust on the Semantic Web i.e. given a big sea of metadata, how do we
> - indicate the origin of the metadata
> - and that the metadata is intact and has not been modified since it was
> produced
> So rather than trusting something because we got it from somewhere, we trust
> it because we inspect it and find it to be trustworthy. For example, one
> proposed method here is cryptographic signing. Such methods could be used in
> the authority file use case, and this would have the advantage of
> simplifying the integration of different information sources as we know
> longer have to worry about where something came from, we can just determine
> trust via inspection."
> 
> I guess
> http://www.wiwiss.fu-berlin.de/suhl/bizer/SWTSGuide/
> is a good starting point for references here.
> 
> So my questions are
> 1. Have I paraphrased Dave R correctly?
> 2. If so, should the OCLC use case be considering this?
> 3. If so, how important is it to the OCLC use case?
> 
> Mark
> 
> > Hi Mark,
> >
> > I guess I do agree with Dave on this, and I think OCLC is
> > already thinking
> > along these lines too, however they imagined that the central
> > authority
> > might be able to invoke those locally-defined authority files
> > if they failed
> > to find a match in their central authority file... Either
> > way, we know for
> > certain that global/central authority files won't be
> > sufficient for normalizing
> > names in DSpace/SIMILE-type systems, since so many of the authors
> > are first-time publishers who won't have established name authority
> > records, so we do need to come up with some mechanism to allow for
> > less-authoritative (or trusted) sources.
> >
> > MacKenzie/
> >
> > At 01:51 PM 5/21/2003 +0100, Butler, Mark wrote:
> > >Hi team,
> > >
> > >please can I have some comments, particularly from
> > MacKenzie, on this issue
> > >from Dave Reynolds. Specifically, do the PIs agree with Dave
> > that this is
> > >should be part of the OCLC use case?
> > >
> > >thanks, M
> > >
> > >[ 003. ]
> > >Summary: Trust mechanisms in OCLC Authority Control Service
> > >Raised By: Dave Reynolds
> > >Status: open
> > >Description:
> > >
> > >The OCLC Authority Control Service use case is interesting.
> > I wonder is this
> > >could be framed as a test case for trust mechanisms.
> > Supposing that entry
> > >validation against authority files could be made much more
> > decentralized.
> > >Local
> > >communities would be free to adopt small, locally controlled
> > authority files
> > >and
> > >services. Entries could be checked against those as well as
> > the central or
> > >global authority services. Such entries would include, in
> > their provenance
> > >information, the authority files used (perhaps with an optional
> > >cryptographic
> > >signature). Thus one could support multiple alternative
> > field values with
> > >different levels of authority, future mappings between
> > overlapping authority
> > >files can then be applied retrospectively. Seems like there
> > could be a value
> > >to
> > >users of having local, easy to update authority files for
> > some fields.
> >
> > MacKenzie Smith
> > Associate Director for Technology
> > MIT Libraries
> > Building 14S-208
> > 77 Massachusetts Avenue
> > Cambridge, MA  02139
> > (617)253-8184
> > kenzie@mit.edu
> >

Received on Tuesday, 27 May 2003 09:30:54 UTC