[Top] [All Lists]

Re: Cross review of draft ERS from LTANS WG until Jan 23 rd

2007-01-16 07:27:52

[CRW] ERS is currently the focus. Not LTAP.

ERS + LTAP contain no signature from a LTA agent. [CRW] See the following in section 8: "These data are optionally
    encapsulated by CMS content types that provide for authentication
and/or confidentiality, e.g. SignedData or EnvelopedData." About the DELETE operation, what is worse is the following
    sentence: "Note that this does not mean that
    the server does not maintain a trace record of the delete
    operation". A trace record would not be sufficient.
    Deletion of an archive shall normally not happen, since the LTA is
    trusted to keep the data until the end of
    the archive period. A signed permission of deletion, by the owner
    of the data shall be given, before deletion
    can occur. This is mentioned nowhere in the document.
[CRW] This should be added.

The details how a delete request is authenticated is outside of scope of LTAP as well as management of ownerships etc. A trace record means: "At this place there had been some data which can be described by (list of some metadata), they had been deleted (metadata about that fact)." It is not the backend LTA that creates all these metedata, the frontend that authenticates the request prepares some of them. The LTA does not make complicated decisions.

An example of a higher level front end protocol on can take something like the French proposal
of the National Archives.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature