@@ -21,55 +21,72 @@ Introduction {#intro}
2121The RDF Trust Envelope is a modeling approach for straightforward definition and processing of contextual information in transit.
2222It models an association of a set of RDF statements with its policy, signature, and provenance information.
2323
24+ To model Trust Envelopes in RDF, we make use of the [Context Association model] (https://knowledgeonwebscale.github.io/rdf-context-associations/)
25+ that models target sets of statements as named graphs with a blank node identifier that can be referenced to target the contained RDF graph.
26+
2427
2528
2629Defining the Trust Envelope {#context_assocations}
2730==================================================
2831
32+ For a target Blank Node Graph `T` with name identifier `Tname` that we wish to wrap in an envelope,
33+ we use the following steps to create our trust envelope:
34+
35+ 1. Model an envelope entity `e` of type te:Envelope in a Blank Node Graph `E` with name identifier `Ename`.
36+ 2. Create a signature `s` over the `T`, by hashing all quads where the graph term = `Tname`.
37+ 3. Create a policy `p` over `T`.
38+ 4. Add signature `s` to envelope `e` using the `te:signature` predicate
39+ 5. Add policy `p` to envelope `e` using the `te:policy` predicate
40+ 6. Define the target graph `T` on envelope `e` using the `te:data` predicate
41+ 7. Define `Tname` to be of type `ca:GraphIdentifier` to enforce the reference to its connected RDF Graph
42+ 8. Add any provenance information for `T` to the envelope graph `E`
43+ 9. Sign the envelope Graph `E`, and optionally contain this signature in its own Graph
44+ 10. Define `Ename` be of type `ca:GraphIdentifier`
45+
46+
2947<figure id="envelop-listing" class="listing">
3048```turtle
31- @prefix ca: <https://w3id.org/contextassociation#> .
32- @prefix te: <https://w3id.org/trustenvelope#> .
33- @prefix : <http://example.org/> .
34-
35- _:signatureGraph a ca:GraphIdentifier.
36- _:policyGraph a ca:GraphIdentifier.
37- _:provenanceGraph a ca:GraphIdentifier.
38- _:dataGraph a ca:GraphIdentifier.
39-
40- _:envelope a TrustEnvelope;
41- te:signatureGraph: _:signatureGraph;
42- te:policyGraph: _:policyGraph;
43- te:provenanceGraph: _:provenanceGraph;
44- te:signature: _:signature;
45-
46- _:signatureGraph te:primaryTopic _:signature.
47- _:policyGraph te:primaryTopic _:policy.
48- _:provenanceGraph te:primaryTopic _:dataGraph.
49- _:dataGraph te:primaryTopic :Ruben.
50-
51- _:signatureGraph {
52- _:signature a :Signature;
53- :value "..."^^xsd:string;
54- :issuer :Ruben;
55- :target _:graphUnion.
56-
57- _:graphUnion a ca:GraphUnion;
58- ca:includes _:policyGraph, _:provenanceGraph, _:dataGraph.
59- }
60-
61- _:policyGraph {
62- _:policy a :Policy;
63- :target _:dataGraph;
49+ @prefix ca: <http://ex.org/context-associations#>
50+ @prefix te: <http://ex.org/trust-envelopes#>
51+ @prefix sign: <http://ex.org/signatures#>
52+ @prefix pol: <http://ex.org/policy#>
53+ @prefix prov: <http://ex.org/provenance#>
54+
55+ _:optionalSignatureGraph {
56+ _:envelopeSignature a sign:Signature;
57+ sign:target _:envelopeGraph;
58+ sign:issuer <Ruben>;
59+ sign:value "...".
60+ _:envelopeGraph a ca:GraphIdentifier;
6461}
6562
66- _:provenanceGraph {
67- _:dataGraph :origin <https://pod.ruben.org/> .
63+ _:envelopeGraph {
64+ _:envelope a te:Envelope;
65+ te:creator <Ruben>;
66+ te:signature _:s;
67+ te:policy _:p;
68+ te:data _:dataGraph.
69+
70+ _:s a sign:Signature;
71+ sign:target _:dataGraph;
72+ sign:issuer <Ruben>;
73+ sign:value "...".
74+
75+ _:p a pol:Policy;
76+ pol:permission: [
77+ pol:issuer <Ruben>;
78+ pol:target _:dataGraph.
79+ pol:action pol:Use.
80+ ]
81+
82+ _:dataGraph a ca:GraphIdentifier;
83+ prov:origin <pod.org/ruben/resource1> ;
84+ prov:generatedAt "2025-01-05"^^xsd:date.
6885}
6986
7087_:dataGraph {
71- :Ruben foaf:name "Ruben";
72- foaf:knows :Pieter .
88+ <a> <b> <c> .
89+ <x> <y> <z> .
7390}
7491```
7592<figcaption markdown="block">
0 commit comments