Signed metadata : method and application

Similar documents
Signed metadata: method and application

University of Bath. Publication date: Document Version Publisher's PDF, also known as Version of record. Link to publication

The Design of a DLS for the Management of Very Large Collections of Archival Objects

Signature Profile for BankID

OASIS XACML XML DSig Profile

Open Archives Initiatives Protocol for Metadata Harvesting Practices for the cultural heritage sector

Ontology Servers and Metadata Vocabulary Repositories

Digital Certificates. PKI and other TTPs. 3.3

Industry Advisory DIGITAL SIGNATURES AND C14N CROSS PLATFORM COMPATIBILITY ISSUES: RECOMMENDATIONS FOR FEMA IPAWS CONTENTS AND OTHER CAP SYSTEMS.

Registry Interchange Format: Collections and Services (RIF-CS) explained

RSA-PSS in XMLDSig. Position Paper W3C Workshop Mountain View

Towards semantic asset management and Core Vocabularies for e-government. Makx Dekkers Stijn Goedertier

Improving the Security of Workflow-based System using Multiple XML Digital Signature

2010 Martin v. Löwis. Data-centric XML. XML Signature and Encryption

Common presentation of data from archives, libraries and museums in Denmark Leif Andresen Danish Library Agency October 2007

The Open Archives Initiative in Practice:

NAADS DSS web service usage Contents

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios

The NSDL Repository and API

XEP-0290: Encapsulated Digital Signatures in XMPP

L8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Europeana update: aspects of the data

Current JISC initiatives for Repositories

Building for the Future

XML ELECTRONIC SIGNATURES

The Semantic Institution: An Agenda for Publishing Authoritative Scholarly Facts. Leslie Carr

Lesson 13 Securing Web Services (WS-Security, SAML)

Developing an Institutional Repository Service in Chinese Academy of Sciences


NAADS DSS web service usage Contents

Metadata and Encoding Standards for Digital Initiatives: An Introduction

Contents. G52IWS: The Semantic Web. The Semantic Web. Semantic web elements. Semantic Web technologies. Semantic Web Services

Using metadata for interoperability. CS 431 February 28, 2007 Carl Lagoze Cornell University

INTRO INTO WORKING WITH MINT

The OAIS Reference Model: current implementations

The Role of XSLT in Digital Libraries, Editions, and Cultural Exhibits

OAI-ORE. A non-technical introduction to: (

Research Data Repository Interoperability Primer

White Paper. EVERY THING CONNECTED How Web Object Technology Is Putting Every Physical Thing On The Web

Adding OAI ORE Support to Repository Platforms

Encryption, Signing and Compression in Financial Web Services

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

A Signing Proxy for Web Services Security

Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track. July 2011

Flexible Design for Simple Digital Library Tools and Services

OAI-PMH. DRTC Indian Statistical Institute Bangalore

Metadata Standards and Applications. 4. Metadata Syntaxes and Containers

Credential Mapping in Grids

Metadata. Week 4 LBSC 671 Creating Information Infrastructures

Harvesting Metadata Using OAI-PMH

Web Services Introduction WS-Security XKMS

Digital Signature with Hashing and XML Signature Patterns

How to contribute information to AGRIS

What if annotations were reusable: a preliminary discussion

OpenAIRE Guidelines Promoting Repositories Interoperability and Supporting Open Access Funder Mandates

Presented by Dr Joanne Evans, Centre for Organisational and Social informatics Faculty of IT, Monash University Designing for interoperability

Metadata Catalogue Issues. Daan Broeder Max-Planck Institute for Psycholinguistics

A common metadata approach to support egovernment interoperability

How to Create a Custom Ingest Form

The GeoPortal Cookbook Tutorial

Opus: University of Bath Online Publication Store

Web Services Security

Reducing Consumer Uncertainty

DCMI Abstract Model - DRAFT Update

Joining the BRICKS Network - A Piece of Cake

Opus: University of Bath Online Publication Store

Problem: Solution: No Library contains all the documents in the world. Networking the Libraries

Research repository models: Can one size fit all?

Extending the Open Journals System OAI repository with RDF aggregation and querying (African Journals Online)

The MEG Metadata Schemas Registry Schemas and Ontologies: building a Semantic Infrastructure for GRIDs and digital libraries Edinburgh, 16 May 2003

Europeana Data Model. Stefanie Rühle (SUB Göttingen) Slides by Valentine Charles

LSS Technical Specification

Data is the new Oil (Ann Winblad)

Verifying emrtd Security Controls

D4.8 Report on semantic interoperability with Europeana

B2SAFE metadata management

MINT METADATA INTEROPERABILITY SERVICES

Developing Shareable Metadata for DPLA

Web Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle

Guidelines for development of ISO conformant devices

Expressing language resource metadata as Linked Data: A potential agenda for the Open Language Archives Community

A Dublin Core Application Profile for Scholarly Works (eprints)

Chuck Cartledge, PhD. 25 February 2018

RID IETF Draft Update

Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11

1 URI stands for Universal Resource Identifier.

A Repository of Metadata Crosswalks. Jean Godby, Devon Smith, Eric Childress, Jeffrey A. Young OCLC Online Computer Library Center Office of Research

Semantic Web Update W3C RDF, OWL Standards, Development and Applications. Dave Beckett

Electronic Signature Format. ECOM Interoperability Plug Test 2005

Cross-domain Metadata Interoperability for Integrated Information Services

Developing an Automatic Metadata Harvesting and Generation System for a Continuing Education Repository: A Pilot Study

Simple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer

From Open Data to Data- Intensive Science through CERIF

Towards repository interoperability

Share.TEC Repository System

DigiTool for Course Support at Notre Dame. Pascal Calarco, University of Notre Dame IGeLU 2007 Brno, Czech Republic September 3, 2007

The Biblioteca de Catalunya and Europeana

GeoDCAT-AP Representing geographic metadata by using the "DCAT application profile for data portals in Europe"

Transcription:

Signed metadata : method and application International Conference on Dublin Core and Metadata Applications, 3 6 October 2006, Mexico Julie Allinson (presenter) Repositories Research Officer UKOLN, University of Bath Emma Tonkin (author) Interoperability Focus Officer UKOLN, University of Bath UKOLN is supported by: www.bath.ac.uk

Contents Overview Introduction Brief background on digital signatures Signing DC metadata approaches and issues Use cases

Overview Why do we need to digitally sign metadata records? Currently, we (probably) don t, but increasing numbers of metadata providers + additional ways of reusing data = increasing issues of trust, provenance and identity Digitally signing metadata records through a Public-Key Infrastructure (PKI) is one potential solution

Introduction The current digital library world works on Implicit trust - metadata providers are trusted because we know them Explicit trust e.g. the OAI-PMH <provenance> tag provides information A small network of trusted and responsible organisations In the future, we can envisage Metadata-enabled filesystems Increased informal metadata tagging services Larger-scale networks More opportunities for abuse, e.g. spamming Less accountability and responsibility (= less trust)

Digital signatures Date back to 1976 Use cryptographic techniques Similar to handwritten signatures Permit the verification of messages The most common solution is Public- Key Infrastructure (PKI)

PKI how does it work? A digital signer has 2 keys Private key used to create the signature Public key used by third-parties to verify the author Public keys are distributed by a distribution system, e.g. a key server containing keys and identity information PKI is useful in establishing a network of trust but it has limitations It is possible to produce a key with fictitious, false or stolen identity

Signing Dublin Core metadata Dublin Core is unusual in that it can be represented in different ways, e.g. XML, RDF, XHTML Approaches The XML Signatures standard provides flexible methods for signing and verifying data objects in XML An XML metadata record could be wrapped within an XML Signature OpenPGP is an alternative mechanism OpenPGP could be used to sign the name-value pairs within a metadata record A standardised approach is required for both mechanisms

XML Signatures (1) <Signature ID?> <SignedInfo> <CanonicalizationMethod/> <SignatureMethod/> (<Reference URI? > (<Transforms>)? <DigestMethod> <DigestValue> </Reference>)+ </SignedInfo> <SignatureValue> (<KeyInfo>)? (<Object ID?>)* </Signature> XML digital signatures are represented by the Signature element which has the following structure (where "?" denotes zero or one occurrence; "+" denotes one or more occurrences; and "*" denotes zero or more occurrences) (from http://www.w3.org/tr/xmldsig-core/ )

XML Signatures (2) Reference URI=' http://example.com/the-signed-dc-record'> <DigestMethod/> (the type of signature used) <DigestValue></DigestValue> (contains the signature, an encrypted value)

<metadata xmlns="http://example.org/myapp/" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://example.org/myapp/ http://example.org/myapp/schema. xsd" xmlns:dc="http://purl.org/dc/elements/1.1/"> <dc:title> UKOLN </dc:title> <dc:description>... </dc:description> <dc:publisher> UKOLN, University of Bath </dc:publisher> <dc:identifier> http:/// </dc:identifier> </metadata> <dsig:signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2"> <dsig:signedinfo>... <dsig:reference URI="#metadata"> </dsig:signature> (see http://dublincore.org/documents/dc-xml-guidelines/ )

Minimum components of a signature XML Signatures is not the only method for signing metadata. The following information would be needed for any signature: character set, encoding current character encoding (to enable conversion) signature method (e.g. sha1) ID - the ID of the signer, could be an email address the signature itself, analogously referred to in XML- Signature as 'digestvalue Information about the signed item, such as the metadata schema for example, use of 'oai-dc might be taken to mean 'expect all of the oai-dc elements to be present in key-value pairs, check the signature over all of them'

Issues in signing metadata Changes in encoding and/or character set will invalidate signatures A signature is also invalidated if changes are made to the metadata record. The new package should be re-signed by whoever makes those changes and the original signed package is effectively lost. How do we maintain the integrity of the original signature and the original metadata record? Alternative methods digital amendments or annotations appended outside of the original package Information supplied by an OAI harvester might be signed by the OAI harvester (amendments/annotations) and/or by the repository (unchanged metadata). Undersigning all metadata by the harvester offers a kind of traceroute to show the history of that record But it could lead to large packets of metadata being transferred around networks

Provenance in aggregation Currently aggregators are most likely to harvest content from the originating repository In the future the repository ecology looks much more complex increased repository numbers and sharing metadata between repositories more aggregators and aggregation of content from more sources increased availability of informal metadata sources Current trust mechanisms (perceived integrity of the source) do not scale PKI could be used to identify the origination of the metadata and its route through other repositories and/or aggregators

Potential applications A public-key infrastructure adds complexity, resource and infrastructure overheads It is valuable only where the functionality is explicitly required or provides clear advantages Some examples Provenance in aggregation A distributed metadata cloud Metadata handling and trust in mobile devices and adhoc networks

Distributed metadata cloud = a loosely coupled, interoperating collection of heterogeneous metadata sources and other services Information is seamlessly passed between members of the cloud Identifying provenance and identity provides A trust mechanism for assessing the potential value of information A verifiable transmission path and origin of annotations Access to additional information about the data source

Mobile devices and ad hoc networks In a centralised system it is relatively easy to ascertain the originator of information but with increasingly pervasive ad hoc Internet access offered in a decentralised way lightweight PKI can help identify each stage in the chain and thereby help us distinguish the spam from the trusted

Conclusion Issues of provenance and identity are dealt with in the current digital library realm by the perceived integrity of a source As the number of metadata sources and aggregators increase, these informal mechanisms may prove insufficient and metadata may be subject to abuse Digitally signing metadata records can help to identify provenance Public key infrastructure functionality offers particular cryptographic methods to digitally signing metadata And can help to create new networks of trust

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback