1. Trustworthy Repository Criteria, Virtual Organizations, and Infrastructure MacKenzie Smith, MIT Libraries NDIIPP Meeting, July 2010

2. VOs and Preservation Some VOs specifically for preservation – CLOCKSS, MetaArchive Some have preservation components – DataVerse, Dspace Some leverage 3 rd party services for preservation – DuraCloud, Chronopolis All need mechanisms to define individual member and collective policies, monitor and assess compliance

3. DSpace Community as a “Virtual Organization” informal community of ~1000 organizations using common infrastructure, including – Existing formal and informal corsortia e.g. LASR, NITLE, OCUL, WRLC – Formal and informal collaborations e.g. MIT and Harvard – Emerging use case of Cloud Services for sharing, preservation e.g. DuraCloud pilot, client/vendor relationship But don’t want to be defined or bound by an infrastructure platform “Trust” depends on prior relationships, legal contracts, implicit and explicit POLICIES of members and their content and services

4. The PLEDGE Project PoLicy Enforcement in Data Grid Environments Vision automated contract monitoring, trust assessment e.g. publishing IR policies on the Web in a standard format for easy discovery, inspection, auditing; injecting policies into AIPs Allows for ad hoc and flexible, evolving VOs Purpose Interoperability among infrastructure platforms (DSpace, SRB/iRODS) via relevant operations and policies Process Identified existing repository policies → mapped to TRAC → expressed in Rei (policy expression language) → captured in AIPs → shared between repositories

5. VO Policies and TRAC TRAC criteria describe policies about – Organizations, Environment and Legal (OEL) – (Designated) Community and Usability (CU) – Process and Procedure (PP) – Technology and Infrastructure (TI) And are implemented in different transaction types – Specification of Assertion (i.e. metadata) e.g. mission statement or business plan – Consistency Constraint e.g. deposit agreement, persistent identifiers – Periodic Rule e.g. media migration, fixity checking – Atomic Rule e.g. access control, required metadata

6. VO Policies and TRAC 1.User privacy (CU-0002) 2.Deposit agreements (CU-0006, A5.1, A5.2, A3.3) 3.Content access (CU-0008, B6.3, B6.4, B6.5) 4.Content usage (CU-0010) 5.Contributor Eligibility (CU-0011) 6.Descriptive metadata (PP-0004, B5.1, B5.2) 7.Persistent identifiers (PP-0006, B2.5, B2.6) 8.Provenance (PP-0007, A3.6, B1.8, B2.13, B4.5) 9.E-records management (PP-0013) 10.Integrity (PP-0016, A3.8, B2.12, B4.4, C1.5, C1.6) 11.Versioning (PP-0017) 12.Format support (PP-0018) 13.Disaster recovery (TI-0005, C3.4) 14.Technology management roles/authorizations (TI-0008, C3.3) 15.Federation (TI-0010) 16.Replication (TI-0011, C1.3, C1.4) Policies modeled in Rei Policies missing from TRAC

7. Using TRAC in Preservation VOs Avoid point-to-point solutions, infrastructure platform specific solutions All infrastructure platforms should support TRAC/VO policies to simplify and expand trust (and so preservation!) Solution should be Web-based for broadest adoption; policies should be encoded in a standard language (e.g. W3C RIF, Policy Language Interest Group) and monitor/assess with standard mechanisms