Data Pedigree


Data Pedigree refers to the data relationship to an authoritative Entity.

Data Pedigree is an attribute of Data Provenance and could be provided as metadata.

Data Pedigree should be considered during Data Classification

Essentially, Data Pedigree allows for a Relying Party to better understand the process by which an data is generated and to determine whether or not it is from an acceptable authoritative Entity.

Recommended values for this element include:

  • Authoritative - The attribute’s value was acquired directly from the source of authority. For example, an Attribute Provider has received a driver's license number directly from the state DMV which issued the license.
  • Sourced - The attribute's value has been acquired from one or more non-authoritative sources. For example, an Attribute Provider purchases a driver's license number from a third-party data aggregator.
  • Self-Asserted - The assertion Value to the Attribute Provider directly by the individual with whom the attribute value is associated. For example, an Attribute Provider receives a driver’s license number directly from the individual who claims ownership of the license through a web form or questionnaire. Self-Asserted attributes may also be verified or unverified.
  • Derived - The assertion Value was produced through the analysis and manipulation of related attribute values and data. For example, if an Attribute Provider requests a user’s age, but it’s not on file, then the Attribute Provider may leverage the user’s date of birth to assert age.

Taken in conjunction with the accuracy metadata, this information can enable the Relying Party to better understand the Data Provenance of an attribute value, how it relates to its authoritative source, and how it has been verified — all of which help an Relying Party establish a more complete picture of the value’s Level Of Assurance.

Privacy Considerations#

Data Pedigree might involve divulging an entity's relationship with a particular Authoritative Entity which could allow for broader Identity Correlation and the sharing of data that the entity might not know is being passed on and might not consent to be passed on.

More Information#

There might be more information for this subject on one of the following: