URNs and authenticity

Kevin Altis (kevin@scic.intel.com)
Sun, 17 Oct 1993 20:50:42 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob Raisch, The Internet Company: "Re: urn:publisher.com:xxxxxx"
Previous message: Dirk Herr-Hoyman: "Re: URNs and Meta-Information - The Value of ISBN"
Next in thread: R. P. Channing: "Re: URNs and authenticity"
Maybe reply: R. P. Channing: "Re: URNs and authenticity"
Maybe reply: Kevin Altis: "Re: URNs and authenticity"

Message-Id: <9310180354.AA16373@rs042.scic.intel.com>

Date: Sun, 17 Oct 1993 20:50:42 -0800

To: uri@bunyip.com

From: kevin@scic.intel.com (Kevin Altis)

Subject: URNs and authenticity

At 8:01 PM 10/17/93 -0500, William A. Weems wrote:
>If one is going to be able to "electronically" cite papers, it seems that
>URNs must be PERMANENT.

Not only must the URN be permanent, but you have to be able to determine
the authenticity of the URN as well. This may require that the actual
"object" pointed to by the URN contain a digital signature or some other
stamp of authenticity. It may also mean that if an URN can point to
different versions of the same document, then that has to be apparent in
the reference.

What happens when you cite a paper in the academic world and the
information either ends up being invalid or even fraudulent or you make an
incorrect interpretation of the information? In the legal, corporate,
medical world you get sued! Every time you contact an authority for a given
URN domain, should you get back a message that your client software has to
display for you "By using this URN you release the authority X of any
responsibility for accuracy, blah, blah, blah." One of the biggest problems
with electronic documentation for doctors is that they have to be able to
show what they knew and when. A database that updates patient record 43569
has to leave a trail showing what was changed and when. For the real world
to use what we're attempting to create here, we have to satisfy
requirements of permanence, authenticity, and accountability.

Are there a set of guidelines for what URNs will and will not do and what
kind of requirements we're willing to put on document providers wanting to
utilize URNs, not just the server authorities or directory services? Can we
provide location independent identifiers without requiring that the
document being identified have a digital signature or some other wrapper?
If someone publishes and registers an URN do they have responsibility to
keep that item available for some period of time (5 years, 25 years?)? Will
the URN authority require that actual document (object) names be different
or just an id, so that if you publish "Doc X" by Bob Smith I can't publish
"Doc X" by Bob Smith in an attempt to get some of your sales; how do you
deal with forgeries? This discussion may be more appropriate for com-priv,
but they have relevance for URN designs as well.

Next message: Rob Raisch, The Internet Company: "Re: urn:publisher.com:xxxxxx"
Previous message: Dirk Herr-Hoyman: "Re: URNs and Meta-Information - The Value of ISBN"
Next in thread: R. P. Channing: "Re: URNs and authenticity"
Maybe reply: R. P. Channing: "Re: URNs and authenticity"
Maybe reply: Kevin Altis: "Re: URNs and authenticity"