[Esip-preserve] A Question About Custodianship

Bruce Barkstrom brbarkstrom at gmail.com
Sun May 19 12:10:47 EDT 2013


As a result of some programming activities I've been doing, the following
questions seem relevant to some of our thinking about preservation and
stewardship:

1.  While provenance in our discussions has been discussed at some
length, that discussion (including the recent W3C recommendations)
seems mainly focused on retaining the history of production, I don't
think we've had much discussion about record keeping for custodianship.
By this I mean the records associated with who authorized activities in
a data archive or repository, such as ingesting the data, or creating
backups, or revising metadata.  This includes chains of authorization
and what auditors and lawyers might call chains of evidence (there
is some discussion of these issues that's readily available by typing
in these terms to any convenient search engine.

2.  The custodianship issues also include items often discussed under
security and privacy, including keeping records on user access and
providing various degrees of user access.  The issue might be similar
to the ones that go with "who gets a library card," although we often
think of electronic access permissions as being different from getting
a library card.  It's also roughly equivalent to libraries with open stacks
as opposed to libraries with closed stacks.

3.  So, the generic question might be "what records does an archive
need to keep about events that occur after data has been ingested?"
A variant on this is "what records should an archive keep in order to
conduct audits of accesses, provide aids for forensic application after
a security incident, or for understanding user patterns of navigation
and data ordering?"

4.  How do organizational cultures interact with policies on record keeping?
One might think of the CIO culture and its rules regarding privacy
and stringent access controls, versus the researcher culture with
the emphasis on open access - often assuming no user registration
whatever.  A third culture is the one associated with commercial
entities that engage in marketing and restricted access.

My initial impression of the W3C recommendations on provenance
is that these custodianship issues aren't really included in those
documents.

Also, I am curious if the Data Management Training modules
have included any discussions about these custodianship
issues.

Bruce B.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.esipfed.org/pipermail/esip-preserve/attachments/20130519/0e81a4db/attachment.html>


More information about the Esip-preserve mailing list