RDF Trust Envelopes

Living Document,

This version:
https://knowledgeonwebscale.github.io/rdf-trust-envelopes/
Issue Tracking:
GitHub
Editors:
([IDLab - Ghent University](https://knows.idlab.ugent.be))
Pieter Colpaert
Not Ready For Implementation

This spec is not yet ready for implementation. It exists in this repository to record the ideas and promote discussion.

Before attempting to implement this spec, please contact the editors.

CC0 To the extent possible under law, the editors have waived all copyright and related or neighboring rights to this work. In addition, as of 12 March 2025, the editors have made this specification available under the Open Web Foundation Agreement Version 1.0, which is available at https://www.openwebfoundation.org/the-agreements/the-owf-1-0-agreements-granted-claims/owfa-1-0. Parts of this work may be from another specification document. If so, those parts are instead covered by the license of that specification document.

Abstract

This specification describes the modeling of trust envelopes in RDF

1. Introduction

The RDF Trust Envelope is a modeling approach for straightforward definition and processing of contextual information in transit. It models an association of a set of RDF statements with its policy, signature, and provenance information.

To model Trust Envelopes in RDF, we make use of the Context Association model that models target sets of statements as named graphs with a blank node identifier that can be referenced to target the contained RDF graph.

2. Defining the Trust Envelope

For a target Blank Node Graph T with name identifier Tname that we wish to wrap in an envelope, we use the following steps to create our trust envelope:

  1. Model an envelope entity e of type te:Envelope in a Blank Node Graph E with name identifier Ename.

  2. Create a signature s over the T, by hashing all quads where the graph term = Tname.

  3. Create a policy p over T.

  4. Add signature s to envelope e using the te:signature predicate

  5. Add policy p to envelope e using the te:policy predicate

  6. Define the target graph T on envelope e using the te:data predicate

  7. Define Tname to be of type ca:GraphIdentifier to enforce the reference to its connected RDF Graph

  8. Add any provenance information for T to the envelope graph E

  9. Sign the envelope Graph E, and optionally contain this signature in its own Graph

  10. Define Ename be of type ca:GraphIdentifier

@prefix ca: <http://ex.org/context-associations#>
@prefix te: <http://ex.org/trust-envelopes#>
@prefix sign: <http://ex.org/signatures#>
@prefix pol: <http://ex.org/policy#>
@prefix prov: <http://ex.org/provenance#>

_:optionalSignatureGraph {
    _:envelopeSignature a sign:Signature;
        sign:target _:envelopeGraph;
        sign:issuer <Ruben>;
        sign:value "...".
    _:envelopeGraph a ca:GraphIdentifier;
}

_:envelopeGraph {
    _:envelope a te:Envelope;
        te:creator <Ruben>;
        te:signature _:s;
        te:policy _:p;
        te:data _:dataGraph.
    
    _:s a sign:Signature;
        sign:target _:dataGraph;
        sign:issuer <Ruben>;
        sign:value "...".

    _:p a pol:Policy;
        pol:permission: [
            pol:issuer <Ruben>;
            pol:target _:dataGraph.
            pol:action pol:Use.
        ]
    
    _:dataGraph a ca:GraphIdentifier;
        prov:origin <pod.org/ruben/resource1>;
        prov:generatedAt "2025-01-05"^^xsd:date.
}

_:dataGraph {
    <a> <b> <c> .
    <x> <y> <z> .
}
Trust Envelope

Conformance

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

References

Normative References

[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119