[CRW] ERS is currently the focus. Not LTAP.
The details how a delete request is authenticated is outside of scope of
LTAP as well as management of ownerships etc.
A trace record means: "At this place there had been some data which can
be described by (list of some metadata),
they had been deleted (metadata about that fact)." It is not the backend
LTA that creates all these metedata,
the frontend that authenticates the request prepares some of them. The
LTA does not make complicated decisions.
ERS + LTAP contain no signature from a LTA agent.
[CRW] See the following in section 8: "These data are optionally
encapsulated by CMS content types that provide for authentication
and/or confidentiality, e.g. SignedData or EnvelopedData."
About the DELETE operation, what is worse is the following
sentence: "Note that this does not mean that
the server does not maintain a trace record of the delete
operation". A trace record would not be sufficient.
Deletion of an archive shall normally not happen, since the LTA is
trusted to keep the data until the end of
the archive period. A signed permission of deletion, by the owner
of the data shall be given, before deletion
can occur. This is mentioned nowhere in the document.
[CRW] This should be added.
An example of a higher level front end protocol on can take something
like the French proposal
of the National Archives.
Description: S/MIME Cryptographic Signature