Re: eprints and authentication

From: J Adrian Pickering <jap_at_ECS.SOTON.AC.UK>
Date: Wed, 8 Nov 2000 17:08:30 +0000

At 16:19 07/11/00 +0000, you wrote:
>Can I seek information about a topic which might constitute a new
>thread?

It touches on an old one.

I promised readers that I would say when www.probity.org was launched. It
now is live and is concerned with developing widely acceptable means of
providing 'authentication' evidence. The site will develop as I mount more
reference/guidance information. The concepts are to be incorporated in the
e-prints project in order to address just the problem you highlight.

a) Is the author authentic, and how can one check this

The probity.org mechanisms do not completely address this as authentication
is aligned with *signing* in a manner that the courts will accept. This is
an area being addressed seperately (e.g. IETF). However, the X.509
certificates used are validated using the techniques probity.org is promoting.

>b) Has the article changed since the author last did so?

The probity.org methods do address this precisely.

> If so, by whom?

More tricky. Essentially, if someone alters something then they are
creating something new that needs re-registering using the same techniques.

Curiously, none of these 30 Acrobat files seem to have much in
>the way of any authentication mechanism. In this case, it would
>be "did this publisher really issue this Acrobat file, and has it
>been changed since they did so?"

The probity.org scheme would mean that the publisher could declare
publically what the PDF digest is. You can independently check that your
copy is the same as their's precisely. Anyone else can do this too.

>(I presume to trust the publisher
>to authenticate the author(s) ). What I was expecting was perhaps
>a digital signature, which Acrobat distiller can easily insert into the
>whole document (based on so called X.509 certificates),

early days for this. But yes, this is a solution but it is a proprietry one.

> but found
>none in the random selection of the 30 articles I looked in.
>Acrobat also has mechanisms to lock the article to prevent it from
>being modified. These mechanisms too did not seem to be used by
>any of my publishers. Which I found quite surprising,
>maybe even distressing.

Are we going to standardise on PDF? This is pretty good 'electric paper'
but we must not think that published work is always on 'paper'. There is NO
excuse for not locking the document.


>I concluded that "authenticity" is a rather neglected area. Any comments?

Here's another start. I'd appreciate reactions to www.probity.org too so
this can be used to serve this neglected area.

Adrian Pickering/
Electronics and Computer Science
University of Southampton
Received on Mon Jan 24 2000 - 19:17:43 GMT

This archive was generated by hypermail 2.3.0 : Fri Dec 10 2010 - 19:45:57 GMT