Trust Envelope specification

Living Document,

This version:
https://w3id.org/trustenvelope
Previous Versions:
Issue Tracking:
GitHub
Editors:
(Ghent University - imec)
(Ghent University - imec)
(Ghent University - imec)
License:
CC-BY-SA-4.0

Abstract

TODO

1. Introd­uction

TODO:

1.1. Terminology

TODO

2. Requirements

TODO: add requirements from paper as CQs

3. Model

TODO

4. Vocabulary

TODO

5. Materialization

TODO:

The Trust Envelope model was developed to be regulation-agnostic, to be able to tackle legal requirements from different jurisdictions, different branches of law, e.g., data protection or intellectual property law, and different data types, e.g., personal or non-personal data. This is of particular importance to understand and correctly model all the parties that might have rights and obligations over the data unit, how they interplay, and how they are to be correctly interpreted and enforced.

Nonetheless, the terms chosen to model data provenance, in particular related to the source entity of the data, where kept in line with European legislation such as the General Data Protection Regulation (GDPR) [gdpr] and the Data Governance Act (DGA) [dga] as these regulations are being followed and similarly adapted in other jurisdictions' regulations.

Moreover, by incorporating provenance and usage policies as fundamental components of trustful data exchanges, Trust Envelopes can be used as auditing tools by external legal authorities to assess good and poor practices of recipients, and possibly held as proof in judgments for the later case.

7. Namespaces

Commonly used namespace prefixes used in this specification:

@prefix dcterms: <http://purl.org/dc/terms/> .
@prefix odrl:    <http://www.w3.org/ns/odrl/2/>.
@prefix te:      <https://w3id.org/trustenvelope#>
@prefix rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix xsd:     <http://www.w3.org/2001/XMLSchema#> .

Conformance

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

References

Normative References

[DGA]
Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act). URL: http://data.europa.eu/eli/reg/2022/868/oj/eng
[GDPR]
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119