Trustflows

Living Document,

Previous Versions:
Editors:
(Ghent University - imec)
(Ghent University - imec)
(Ghent University - imec)
(Ghent University - imec)
(Ghent University - imec)

CC0 To the extent possible under law, the editors have waived all copyright and related or neighboring rights to this work. In addition, as of 4 April 2025, the editors have made this specification available under the Open Web Foundation Agreement Version 1.0, which is available at https://www.openwebfoundation.org/the-agreements/the-owf-1-0-agreements-granted-claims/owfa-1-0. Parts of this work may be from another specification document. If so, those parts are instead covered by the license of that specification document.

Abstract

A Trustflow is a secure data flow that explicitly embeds trust using cryptographic methods, provenance, usage policies, etc., to ensure reliability and integrity. Unlike current web data flows, which, amongst others things, rely on implicit trust based on sender reputation or manual checks, Trustflows make trust verifiable and integral to the data itself.

1. Introd­uction

TODO: what are trust flows Trustflow and Trust Envelope

1.1. Terminology

Trustflow
A Trustflow is a secure data flow that explicitly embeds trust using cryptographic methods, provenance, usage policies, etc., to ensure reliability and integrity.
Trust Envelope
TODO:
Sticky Policy
TODO:

1.2. Requirements

2. Components

2.1. Trust Envelope

Trust envelope

Trust Envelope

TODO: What do we mean with that; How does it differ from a sticky policy?

Technologies envisioned:

2.2. Policy Engine

TODO: What do we mean with that

Technologies envisioned

2.3. Credential Verifier

TODO: What do we mean with that

Technologies envisioned

2.4. Data Minimization

TODO: What do we mean with that

3. Architecture

Elaborate UMA: seperation of concerns (RS + AS)

Rerefence to user managed access server?

4. Supporting Materials

5. Namespaces

Commonly used namespace prefixes used in this specification:

@prefix dct:    <http://purl.org/dc/terms/> .
@prefix odrl:   <http://www.w3.org/ns/odrl/2/>.
@prefix rca:    <https://w3id.org/context-associations> .
@prefix rdf:    <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix report: <https://w3id.org/force/compliance-report#>
@prefix xsd:    <http://www.w3.org/2001/XMLSchema#> .

Conformance

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

Index

Terms defined by this specification

References

Normative References

[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119

Informative References

[Context-Associations]
Ruben Dedecker; Pieter Colpaert. RDF Context Associations. URL: https://w3id.org/context-associations/specification
[FORCE]
Wout Slabbinck; Beatriz Esteves. Framework for ODRL Rule Compliance through Evaluation. URL: https://w3id.org/force/
[ODRL-MODEL]
Renato Iannella; Serena Villata. ODRL Information Model 2.2. URL: https://w3c.github.io/poe/model/