Data Provenance


Data Provenance is Provenance data relevant or pertaining to evaluating the source or author of the data.

Data Provenance should be considered during Data Classification and Data Accuracy

Data Origin conveys the legal name of the entity that creates the initial data value. (i.e Original work) This may or may not be an authoritative Entity, or the Attribute Provider and the Data Origin may need to share Data Ownership with others.

Attribute Provider#

This specifies the legal name of the entity that supplies the attribute value to the Relying Party. This element enables RPs to understand and evaluate individual attribute values that may be included in a bundle of attributes.

For example, if a full service Credential Service Provider generates an assertion with several Identity Attributes provided by multiple Attribute Providers, the provider element enables the Relying Party to understand, at a granular level, where each has come from and determine whether or not that value can be used for access to specific resources.

In instances where a single attribute is asserted directly to the Relying Party, this element may not be necessary since the assertion itself will carry the provider information as well as a certificate or Digital Signature. The privacy Considerations for this element are similar to those for Data Origin. Divulging an individual’s relationship with a particular Identity Provider (IDP) allows for broader Identity Correlation, and the sharing of information that an individual might not know is being passed on, and might not want to be passed on.

Data Pedigree#

Data Pedigree to the data relationship to an authoritative Entity.

Privacy Considerations#

Data Provenance might involve divulging an entity's relationship with a particular Authoritative Entity which could allow for broader Identity Correlation and the sharing of data that the entity might not know is being passed on and might not consent to be passed on.

More Information#

There might be more information for this subject on one of the following: