PUBLIC PROTECTION AND ETHICAL GEOSPATIAL DATA DISSEMINATIONAN INITIATIVE OF GEOIDE (PROJECT IV-23)

Certification of spatial data: Certification of spatial data: principles and conceptsprinciples and concepts

Mamane Nouri SABOMamane Nouri SABOMarc GERVAISMarc GERVAIS

Brussels, May 2010Brussels, May 2010

Plan

• Context• Certification in general• Certification of spatial data• Conclusion• Questions

Context (1)

• Democratisation of spatial data– Introduction of new applications (eg. Web mapping)– Spatial data have become mass products

• A strong interest in the production and publication of spatial data:– Traditional producers with new services– Non-specialists producing spatial data (Collaborative

mapping)– Integration of data from different sources (mashup)

Context (2)

• Impact of “mass production” of spatial data:– Data from uncertain source and with doubtful

quality– Disparate quality control processes– Data used for purposes other than those

suggested by the producerIncreased risk of incidents related to misuse of

spatial data.Risk of lawsuits against data producers

How to minimize these risks?

• To protect producers and secure users, it is necessary to:– Ensure that used data are of better quality– Ensure that the data correspond to the usage

(fitness for use)– Ensure that users make appropriate usage of the

data– Ensure that users are adequately informed on the

quality of the data

How to minimize these risks?

• For conventional data, produced by traditional producers:– There are strict quality controls– The metadata allow to inform the users on quality of the data

(even if the metadata present many weaknesses)– The data purposes are often specified– There is always the possibility to speak directly to the producer

• What about situations where– The data are used for purposes other than those specified by

the producer– The data were produced in a context of collaborative mapping

(eg OpenStreetMap)– Data from different sources are integrated– Data are used by non-experts

How to minimize these risks?

• To inform users, metadata is sometimes used. But, metadata presents several weaknesses:– Is not suitable for non-expert– Even for an expert, the quality component is often poor.– Transmits especially internal quality– Not always up to date, especially in the case of integration of

multiple data– For integrated data, metadata integration is very difficult– For data from the collaborative mapping metadata is often

unavailable• In order to reassure users, one of the solutions can be to

seek additional expert advice. Thus, the expert can validate if data correspond to our needs.

How to reassure users?

Insurance Definition Garant

Quality Guarantee An agreement by which someone undertakes to secure another in the possession or enjoyment of something.Example: We guarantee that the rate of data omission is lower than 2%

Data producer

Quality attestation To affirm to be true or genuine.Exemple: We attest that a systematic checking of the completeness was carried out

Data producerOr Third Party

Certification Certificate issued by an independent body attesting the compliance of a product or service to a particular set of standards or regulations.

Third Party

Certification in general

What is certification

• According to AFNOR (French national association of normalization), certification is a procedure by which a third party (certification body) gives written assurance that a system of organization, process, person, product or service conforms to requirements specified in a certification referential.

• A certification referential is a technical document defining the characteristics required by the system, process, person, product or service to be certified, and the rules for assessing compliance with these characteristics.

Certification examples

• Forest certification (Forest Stewardship Council) - certifies that the forest management meets established criteria, which ensure a sustainable forest management.

• An ISO 9001 - used to certify the compliance of management systems with ISO 9001. ISO 9001 provides a tried and tested framework for taking a systematic approach to managing the organization's processes so that they consistently turn out product that satisfies customers' expectations

Why to certify?

• For security reasons, in order to protect users– Eg. American system of drugs control reinforced in 1938

after the death of 107 persons• To respond to a deficiency of users’ confidence.– Eg. forest certification emerged from the Rio conference

to respond to boycotts of forest products from tropical forests

• To verify the chain of production and specifications in order to improve the quality– Eg. ISO 9001 Quality Management Systems Certification

• For marketing– Eg. My company is certified ISO 9001

What to certify

• Service certification, based primarily on customer satisfaction– ISO 10002- Customer satisfaction

• Product certification – example, the FSA certification for forest products

• Certification of management system– Example, Quality Management Systems Certification

(ISO 9001)• Professional certification– Example, CPA (Certified Public Accountant) conferred

by American Institute of Certified Public Accountants

The credibility of the certification process

• To be credible, the certification must:– Being conducted by a competent, independent and impartial

third party – Relying on a certification referential previously established and

accepted by all parties involved in the process– The certification referential must be based on standards,

specifications or other documents which are unanimously accepted in the field or by the parties involved in the process

• There are basically two types of certification:– Self-certification (self-declaration, declaration of conformity,

guarantee, etc..) conducted without any external control– certification by an independent third party certification body

Certification versus self-certificationCERTIFICATION SELF-CERTIFICATION

Certification body Third party The company responsible for the product or the service

Control External control No external control

Penalties Withdrawal of the certificate Risk of prosecution for misleading advertising

Risk sharing Shared responsibility between the company and the certification body

All responsibility rests with the data producer

Credibility High Low

Certification of spatial data

Reasons for a certification of spatial data(1)

• Many cases of misuse of spatial data with serious consequences

• Many data whose origin and quality are unknown• Integration of the data from various sources can

have negative consequences on the quality of the integrated product

• In certain fields like aviation, the users’ safety is closely related to the quality of the used spatial data

• For some technologies such as GPS we are about to move from absolute trust to a phase of mistrust

Reasons for a certification of spatial data(2)• Spatial data have reached the maturity required for certification• Maslow’s hierarchy of needs: psychological theory proposed by

Abraham Maslow in 1943

Data base, digital mapping, …

Metadata, spatial integrity constraint, security,.. Privacy, …

Integration, interoperability, standards, «data mashup» …

Certification, …

Realtime, self-adjustment, …

PSYCOLOGICAL NEEDS (EX. FOOD)

SECURITY

LOVE

ESTEEM

SELF-ACTUALIZATION

1980 …

90 …

End of 90 …

2005 …

??

Larrivée et al. 2009

What to certify

• Certification of the model of the database– Example, to certify if the model is able to support a routing

system• Certification of the content of the database (data)

– Example, to certify if the quality of the data is compatible with the usage we want to make

• Certification of the legal aspect of the database (ex. license)– Example, to certify if the license is compatible with the usage

we want to make• Certification of the ability of the data to respect the privacy

policy– Example, to certify if the data adequately respect the privacy

policy of the country• …

How to certify: certification referential (1)

• A certification referential is developed and validated in consultation with representatives of various interested parties: professionals, consumers or users, concerned authorities

• The certification referential can be based on :– Standards. Example, a referential for certification

of spatial data can be bases on many ISO standards (19113, 19114, etc..)

– Existing specifications– Others documents (regulation or technical

documents)

How to certify: certification referential (2)

• A certification referential includes:– The referential scope– The characteristics used to describe the products

or services– The methods for testing these characteristics– The nature and mode of presentation of

information considered essential for users– The details of the controls that makes the

certification body

Dat

a qu

ality

(ISO

191

13,1

9114

, 19

138)

, Met

adat

a,..

Development of the certification referential (1)

• Bottom-up approach: – To start with an ad' hoc certification referential which will lead to a

generic referential and possibly to the development of a standard.– The ad' hoc referential can be elaborated by data producers (private

or public), service providers or a group of users on the basis of existing specifications and standards

• Top-down approach: – To start with a generic referential which can be used for the

development of ad' hoc referential. Once the community adopts these referential it is possible to develop a standard on the certification of the spatial data

– The generic certification referential can be elaborated by data producers, a group of producers, organizations and researchers

• Normative approach: – To directly target the creation of a standard on the certification of the

spatial data.

Development of the certification referential (2)

Approach Advantage Disadvantages

Bottom-up approach •Allows to take into account several types of needs•Allows to test the effectiveness of ad’hoc referential before creating a generic referential

•For each type of need a referential must be created•The process can be long before reaching a standard

Top-down approach •We have a generic referential that we can adapt and test

•Requires a group of actors to create the generic referential

Normative approach •Process that could lead directly to a standard

•The normalization process is very laborious

Conclusion

• In recent years, spatial data have become a popular product

• The current methods intended to inform users about the quality of the data (eg. metadata) are insufficient

• The data certification would be a complement with existing methods in order to ensure users that the data they will use correspond to their needs.

• But, before reaching a certification of the spatial data, different problems must be solved.

Questions

• Who should certify? • What is the better approach for the development of a

certification referential (Bottom-up approach, top-down approach Normative approach)?

• Who should provide leadership in the process of developing certification referential ?

• Who should oversee the certification and what are the penalties for failure (certification body)?

• How to represent the results of a certification? Is the metadata able to represent the results of the certification?

• ....

Your questions and commentsThank you!