Upload
kai-copas
View
219
Download
1
Embed Size (px)
Citation preview
PUBLIC PROTECTION AND ETHICAL GEOSPATIAL DATA DISSEMINATIONAN INITIATIVE OF GEOIDE (PROJECT IV-23)
Certification of spatial data: Certification of spatial data: principles and conceptsprinciples and concepts
Mamane Nouri SABOMamane Nouri SABOMarc GERVAISMarc GERVAIS
Brussels, May 2010Brussels, May 2010
Plan
• Context• Certification in general• Certification of spatial data• Conclusion• Questions
Context (1)
• Democratisation of spatial data– Introduction of new applications (eg. Web mapping)– Spatial data have become mass products
• A strong interest in the production and publication of spatial data:– Traditional producers with new services– Non-specialists producing spatial data (Collaborative
mapping)– Integration of data from different sources (mashup)
Context (2)
• Impact of “mass production” of spatial data:– Data from uncertain source and with doubtful
quality– Disparate quality control processes– Data used for purposes other than those
suggested by the producerIncreased risk of incidents related to misuse of
spatial data.Risk of lawsuits against data producers
How to minimize these risks?
• To protect producers and secure users, it is necessary to:– Ensure that used data are of better quality– Ensure that the data correspond to the usage
(fitness for use)– Ensure that users make appropriate usage of the
data– Ensure that users are adequately informed on the
quality of the data
How to minimize these risks?
• For conventional data, produced by traditional producers:– There are strict quality controls– The metadata allow to inform the users on quality of the data
(even if the metadata present many weaknesses)– The data purposes are often specified– There is always the possibility to speak directly to the producer
• What about situations where– The data are used for purposes other than those specified by
the producer– The data were produced in a context of collaborative mapping
(eg OpenStreetMap)– Data from different sources are integrated– Data are used by non-experts
How to minimize these risks?
• To inform users, metadata is sometimes used. But, metadata presents several weaknesses:– Is not suitable for non-expert– Even for an expert, the quality component is often poor.– Transmits especially internal quality– Not always up to date, especially in the case of integration of
multiple data– For integrated data, metadata integration is very difficult– For data from the collaborative mapping metadata is often
unavailable• In order to reassure users, one of the solutions can be to
seek additional expert advice. Thus, the expert can validate if data correspond to our needs.
How to reassure users?
Insurance Definition Garant
Quality Guarantee An agreement by which someone undertakes to secure another in the possession or enjoyment of something.Example: We guarantee that the rate of data omission is lower than 2%
Data producer
Quality attestation To affirm to be true or genuine.Exemple: We attest that a systematic checking of the completeness was carried out
Data producerOr Third Party
Certification Certificate issued by an independent body attesting the compliance of a product or service to a particular set of standards or regulations.
Third Party
Certification in general
What is certification
• According to AFNOR (French national association of normalization), certification is a procedure by which a third party (certification body) gives written assurance that a system of organization, process, person, product or service conforms to requirements specified in a certification referential.
• A certification referential is a technical document defining the characteristics required by the system, process, person, product or service to be certified, and the rules for assessing compliance with these characteristics.
Certification examples
• Forest certification (Forest Stewardship Council) - certifies that the forest management meets established criteria, which ensure a sustainable forest management.
• An ISO 9001 - used to certify the compliance of management systems with ISO 9001. ISO 9001 provides a tried and tested framework for taking a systematic approach to managing the organization's processes so that they consistently turn out product that satisfies customers' expectations
Why to certify?
• For security reasons, in order to protect users– Eg. American system of drugs control reinforced in 1938
after the death of 107 persons• To respond to a deficiency of users’ confidence.– Eg. forest certification emerged from the Rio conference
to respond to boycotts of forest products from tropical forests
• To verify the chain of production and specifications in order to improve the quality– Eg. ISO 9001 Quality Management Systems Certification
• For marketing– Eg. My company is certified ISO 9001
What to certify
• Service certification, based primarily on customer satisfaction– ISO 10002- Customer satisfaction
• Product certification – example, the FSA certification for forest products
• Certification of management system– Example, Quality Management Systems Certification
(ISO 9001)• Professional certification– Example, CPA (Certified Public Accountant) conferred
by American Institute of Certified Public Accountants
The credibility of the certification process
• To be credible, the certification must:– Being conducted by a competent, independent and impartial
third party – Relying on a certification referential previously established and
accepted by all parties involved in the process– The certification referential must be based on standards,
specifications or other documents which are unanimously accepted in the field or by the parties involved in the process
• There are basically two types of certification:– Self-certification (self-declaration, declaration of conformity,
guarantee, etc..) conducted without any external control– certification by an independent third party certification body
Certification versus self-certificationCERTIFICATION SELF-CERTIFICATION
Certification body Third party The company responsible for the product or the service
Control External control No external control
Penalties Withdrawal of the certificate Risk of prosecution for misleading advertising
Risk sharing Shared responsibility between the company and the certification body
All responsibility rests with the data producer
Credibility High Low
Certification of spatial data
Reasons for a certification of spatial data(1)
• Many cases of misuse of spatial data with serious consequences
• Many data whose origin and quality are unknown• Integration of the data from various sources can
have negative consequences on the quality of the integrated product
• In certain fields like aviation, the users’ safety is closely related to the quality of the used spatial data
• For some technologies such as GPS we are about to move from absolute trust to a phase of mistrust
Reasons for a certification of spatial data(2)• Spatial data have reached the maturity required for certification• Maslow’s hierarchy of needs: psychological theory proposed by
Abraham Maslow in 1943
Data base, digital mapping, …
Metadata, spatial integrity constraint, security,.. Privacy, …
Integration, interoperability, standards, «data mashup» …
Certification, …
Realtime, self-adjustment, …
PSYCOLOGICAL NEEDS (EX. FOOD)
SECURITY
LOVE
ESTEEM
SELF-ACTUALIZATION
1980 …
90 …
End of 90 …
2005 …
??
Larrivée et al. 2009
What to certify
• Certification of the model of the database– Example, to certify if the model is able to support a routing
system• Certification of the content of the database (data)
– Example, to certify if the quality of the data is compatible with the usage we want to make
• Certification of the legal aspect of the database (ex. license)– Example, to certify if the license is compatible with the usage
we want to make• Certification of the ability of the data to respect the privacy
policy– Example, to certify if the data adequately respect the privacy
policy of the country• …
How to certify: certification referential (1)
• A certification referential is developed and validated in consultation with representatives of various interested parties: professionals, consumers or users, concerned authorities
• The certification referential can be based on :– Standards. Example, a referential for certification
of spatial data can be bases on many ISO standards (19113, 19114, etc..)
– Existing specifications– Others documents (regulation or technical
documents)
How to certify: certification referential (2)
• A certification referential includes:– The referential scope– The characteristics used to describe the products
or services– The methods for testing these characteristics– The nature and mode of presentation of
information considered essential for users– The details of the controls that makes the
certification body
Dat
a qu
ality
(ISO
191
13,1
9114
, 19
138)
, Met
adat
a,..
Development of the certification referential (1)
• Bottom-up approach: – To start with an ad' hoc certification referential which will lead to a
generic referential and possibly to the development of a standard.– The ad' hoc referential can be elaborated by data producers (private
or public), service providers or a group of users on the basis of existing specifications and standards
• Top-down approach: – To start with a generic referential which can be used for the
development of ad' hoc referential. Once the community adopts these referential it is possible to develop a standard on the certification of the spatial data
– The generic certification referential can be elaborated by data producers, a group of producers, organizations and researchers
• Normative approach: – To directly target the creation of a standard on the certification of the
spatial data.
Development of the certification referential (2)
Approach Advantage Disadvantages
Bottom-up approach •Allows to take into account several types of needs•Allows to test the effectiveness of ad’hoc referential before creating a generic referential
•For each type of need a referential must be created•The process can be long before reaching a standard
Top-down approach •We have a generic referential that we can adapt and test
•Requires a group of actors to create the generic referential
Normative approach •Process that could lead directly to a standard
•The normalization process is very laborious
Conclusion
• In recent years, spatial data have become a popular product
• The current methods intended to inform users about the quality of the data (eg. metadata) are insufficient
• The data certification would be a complement with existing methods in order to ensure users that the data they will use correspond to their needs.
• But, before reaching a certification of the spatial data, different problems must be solved.
Questions
• Who should certify? • What is the better approach for the development of a
certification referential (Bottom-up approach, top-down approach Normative approach)?
• Who should provide leadership in the process of developing certification referential ?
• Who should oversee the certification and what are the penalties for failure (certification body)?
• How to represent the results of a certification? Is the metadata able to represent the results of the certification?
• ....
Your questions and commentsThank you!