[CTF] Develop Content Trust Framework

[joofio]

No description provided.

[margoraja]

Just to be clear:
We are developing content trust that focuses on data integrity aspect. It remains usable as a module of CTF once evaluation and certification by UPM, which in essence should apply data integrity protection upon the certification results and etc.

[joofio]

can you explain further the part of " It remains usable as a module of CTF once evaluation and certification by UPM,"? It was not clear to me

[amedranogil]

I think @margoraja is referering to the trust function which is the the layer that uses the data integrity layer to provide a level of trust understandable by other components and even users.

I was just looking a the provenance FHIR IG, which is the basis for CTF, I saw that currently "activity" which is the action the provenance record is about has many options (see https://terminology.hl7.org/5.4.0/CodeSystem-iso-21089-lifecycle.html ) however amongts these there isn't one which I could definitelly say it should be used by regulators to certify conent, maybe "attest", maybe "verify"?

Maybe what we need is to close the specification for CTF, identify which actions and by who can be taken and map all this. This definition may be extended in the future, but this will definitelly help explain and exploit the component as envisioned.

[amedranogil]

There are 3 components:

1. Integrity
2. provenance Engine
3. Trust Function manager

First is developed by @margoraja and the other 2 by UPM, but they are dependent on 1.
What is the current status?

[margoraja]

That is correct. Integrity (resource and/or provenance record signing) has been developed, provenance and tf manager most likely are dependant on it as well.
Integrity itself is capable of signing the whole resource and/or provenance record within the resource.