Trust Envelope specification

Living Document,

This version:
https://w3id.org/trustenvelope
Previous Versions:
Issue Tracking:
GitHub
Editors:
(Ghent University - imec)
(Ghent University - imec)
(Ghent University - imec)
License:
CC-BY-SA-4.0

Abstract

A Trust Envelope is a unique data document, timestamped and digitally signed by a sender, that represents a singular act of associating a data unit with context specific to an actual or proposed processing of the data unit by the recipient.

1. Introd­uction

TODO:<\mark>

1.1. Terminology

TODO:<\mark>

2. Requirements

3. Model

TODO:<\mark>

4. Vocabulary

4.1. Classes

4.1.1. Trust Envelope

IRI te:TrustEnvelope
Label Trust Envelope
Type rdfs:Class, skos:Concept
Definition A Trust Envelope is a unique data document, timestamped and digitally signed by a sender, representing a singular and voluntary act of associating a data unit with context about this data unit’s purported history and intended destiny.

4.1.2. Data Provenance

IRI te:DataProvenance
Label Data Provenance
Type rdfs:Class, skos:Concept
Definition Contextual information that captures the origin and history of data, including its source entity, entity providing the data, and issuance time.

4.1.3. Policy Provenance

IRI te:PolicyProvenance
Label Policy Provenance
Type rdfs:Class, skos:Concept
Definition Contextual information that captures the origin and history of a policy, including entities that have usage rights over the data unit, entity that will receive the data unit, and issuance time.

4.2. Properties

4.2.1. Provenance

IRI te:provenance
Label Provenance
Type skos:Concept, rdfs:Property
Definition Denotes contextual information related to the origin and history of data units and policies.
Domain te:TrustEnvelope
Range te:DataProvenance, te:PolicyProvenance

4.2.2. Sender

IRI te:sender
Label Sender
Type skos:Concept, rdfs:Property
Definition Entity that issues the trust envelope.
Domain te:DataProvenance
Range xsd:anyURI

4.2.3. Recipient

IRI te:recipient
Label
Type skos:Concept, rdfs:Property
Definition Entity that receives the trust envelope.
Domain te:PolicyProvenance
Range xsd:anyURI

4.2.4. Rights holder

IRI te:rightsHolder
Label Rights holder
Type skos:Concept, rdfs:Property
Definition Entity claiming to have usage rights over the data unit.
Domain te:PolicyProvenance
Range xsd:anyURI

4.2.5. Sign

IRI te:sign
Label Sign
Type skos:Concept, rdfs:Property
Definition Denotes information about digital signatures.
Domain te:TrustEnvelope, te:DataProvenance, te:PolicyProvenance
Range xsd:anyURI

5. Materialization

TODO:<\mark>

5.1. Age Verification

5.2. Cargo Monitoring

The Trust Envelope model was developed to be regulation-agnostic, to be able to tackle legal requirements from different jurisdictions, different branches of law, e.g., data protection or intellectual property law, and different data types, e.g., personal or non-personal data. This is of particular importance to understand and correctly model all the parties that might have rights and obligations over the data unit, how they interplay, and how they are to be correctly interpreted and enforced.

Nonetheless, the terms chosen to model data provenance, in particular related to the source entity of the data, where kept in line with European legislation such as the General Data Protection Regulation (GDPR) [gdpr] and the Data Governance Act (DGA) [dga] as these regulations are being followed and similarly adapted in other jurisdictions' regulations.

Moreover, by incorporating provenance and usage policies as fundamental components of trustful data exchanges, Trust Envelopes can be used as auditing tools by external legal authorities to assess good and poor practices of recipients, and possibly held as proof in judgments for the later case.

7. Namespaces

Commonly used namespace prefixes used in this specification:

@prefix dcterms: <http://purl.org/dc/terms/> .
@prefix odrl:    <http://www.w3.org/ns/odrl/2/>.
@prefix te:      <https://w3id.org/trustenvelope#>
@prefix rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix xsd:     <http://www.w3.org/2001/XMLSchema#> .

Conformance

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

References

Normative References

[CCPA]
California Consumer Privacy Act. URL: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
[DGA]
Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act). URL: http://data.europa.eu/eli/reg/2022/868/oj/eng
[GDPR]
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119