The CNRI Registry
Preliminary Information (August 1997)
CNRI is developing a general-purpose registry to submit, store, and disseminate authenticated digital objects. When fully implemented, the registry will maintain a list of authenticated digital objects. Each digital object has a unique identifier, known as a handle, and a digital signature, which authenticates the content of the document. The digital objects themselves are not stored in the registry, but in separate repositories. Two sub-systems are closely tied to the registry:
- The Registry Index is a searchable index to all the digital objects in the registry.
- The Handle System maintains a list of all the handles and the known locations of the digital objects with a given handle.
The registry performs the following functions
- Establishes and maintains a list of all digital objects. The digital objects themselves are stored in separate repositories.
- Creates and maintains a digital signature that authenticates each digital object. In addition, if the repository that stores a digital object creates its own digital signature, this signature is stored in the registry.
- Creates a handle to identify each digital object. If the digital object has a handle before registration, this is the handle stored in the registry. Otherwise a handle is created by the registry,
- In conjunction with the repositories, builds the information that is included in the index and used to search the collections.
- Interacts with client software to process requests and disseminate results. This involves maintaining a caching and replication service for remote clients.
- May retrieve documents from repositories for dissemination to clients.
- Maintains consistency between the repositories, the index, and the handle system. This involves periodically checking that the information is current and correct by: (a) checking each digital object against its digital signature, (b) checking the data stored with each handle to confirm the location data to be correct, and (c) monitoring the data in the index for consistency.
Registration of digital objects that are stored in remote repositories
The activity of registration of a digital object consists of the following functions:
- Either the repository notifies the registry or the registry accesses the repository over the Internet and selects a digital object to add to the registry.
- A digital object is created in the registry that contains:
access terms and conditions
- If the repository has already created this information, it is transmitted to the registry. Otherwise, the digital object itself is transmitted to the registry and the registry generates this information.
- The registry generates a digital signature and adds it to the digital object.
- The handle is registered in the handle system with data about the current location and access protocols.
- Index terms are added to the index.
An integral part of the registration process is the use of digital signatures. When a digital object is registered, it is signed either with the private key of the depositor, or with the private key of the registry. This digital signature, the certificate chain, and the digital object are then treated as a single digital object, which may be signed using the private key of the registrant. The actual registration consists of this digital object together with the digital signature and certificate chain. At present the method of creating digital signatures is to use Trusted Information System's MOSS (Mime Object Security Services) software. This uses 1024 bit RSA keys.
U.S. Copyright Office registry
The first generation of the registry has been created specifically to meet the needs of the U.S. Copyright Office. This is part of the CORDS system for copyright registration, recordation, and deposit. The system components include a central server, which functions as a combined registry and repository, and a helper application that clients download and use with a Web browser. In conjunction, the two provide a secure method to package and transmit digital objects to the registry. CORDS also includes a special purpose viewer for copyright examiners and interfaces to other Copyright Office Systems.
The Foreign Affairs Documentation Center
The United States Information Agency's (USIA) Bureau of Information and CNRI are working together on the design and implementation of a Foreign Affairs Documentation Center. This on-line, digital library will provide a long-term archive of noteworthy materials that comprise the foreign policy of the United States. At the heart of the system is a registry of authentication documents that are stored on repositories maintained by other government agencies.
[ home | about CNRI | programs & activities | publications ]