From f2b07c0fce956863a98f9f22f7c0e3dca203d0b5 Mon Sep 17 00:00:00 2001 From: SteveLasker Date: Thu, 14 Nov 2024 15:19:19 +0000 Subject: [PATCH] deploy: e9072dfd8e2fd67ab4fa843f8d3bb5d02bf54a66 --- 404.html | 2 +- contributors/index.html | 2 +- .../app-registrations-api/index.html | 2 +- .../api-reference/assets-api/index.html | 2 +- .../api-reference/attachments-api/index.html | 2 +- developers/api-reference/blobs-api/index.html | 2 +- developers/api-reference/caps-api/index.html | 2 +- .../api-reference/compliance-api/index.html | 2 +- .../api-reference/events-api/index.html | 2 +- .../api-reference/iam-policies-api/index.html | 2 +- .../api-reference/iam-subjects-api/index.html | 2 +- developers/api-reference/index.html | 2 +- .../api-reference/locations-api/index.html | 2 +- .../api-reference/members-api/index.html | 2 +- .../public-assets-api/index.html | 2 +- .../api-reference/tenancies-api/index.html | 74 +- .../3rdparty-verification/index.html | 2 +- .../document-profile/index.html | 2 +- .../index.html | 2 +- developers/developer-patterns/index.html | 2 +- .../massif-blob-offset-tables/index.html | 2 +- .../developer-patterns/namespace/index.html | 2 +- .../navigating-merklelogs/index.html | 2 +- .../developer-patterns/scitt-api/index.html | 63 +- .../software-package-profile/index.html | 2 +- .../developer-patterns/veracity/index.html | 2 +- developers/index.html | 2 +- developers/templates/index.html | 2 +- developers/templates/scitt/index.html | 2 +- developers/templates/vcons/index.html | 2 +- developers/yaml-reference/assets/index.html | 2 +- .../yaml-reference/compliance/index.html | 2 +- .../yaml-reference/estate-info/index.html | 2 +- developers/yaml-reference/events/index.html | 2 +- developers/yaml-reference/index.html | 2 +- .../yaml-reference/locations/index.html | 2 +- .../story-runner-components/index.html | 2 +- developers/yaml-reference/subjects/index.html | 2 +- glossary/common-datatrails-terms/index.html | 2 +- glossary/index.html | 2 +- glossary/reserved-attributes/index.html | 2 +- index.html | 2 +- ...804b12623ccb7920260a7dc1e75ad7792360192.js | 7044 +++++++---------- .../compliance-policies/index.html | 2 +- .../dropbox-integration/index.html | 2 +- .../grouping-assets-by-location/index.html | 2 +- .../identity-and-access-management/index.html | 2 +- platform/administration/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../administration/verified-domain/index.html | 2 +- platform/index.html | 2 +- .../overview/advanced-concepts/index.html | 2 +- platform/overview/core-concepts/index.html | 2 +- .../overview/creating-an-asset/index.html | 2 +- .../index.html | 2 +- platform/overview/index.html | 2 +- platform/overview/instaproof/index.html | 2 +- platform/overview/introduction/index.html | 2 +- .../overview/public-attestation/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- sales/contactus/index.html | 2 +- sales/index.html | 2 +- support/contactus/index.html | 2 +- support/index.html | 2 +- usecases/authenticity-media-files/index.html | 2 +- usecases/bill-of-materials/index.html | 2 +- usecases/index.html | 2 +- usecases/responsible-ai/index.html | 2 +- usecases/sc-asset-lifecycle/index.html | 2 +- usecases/sc-chain-of-custody/index.html | 2 +- usecases/sc-state-machine/index.html | 2 +- 73 files changed, 2988 insertions(+), 4333 deletions(-) rename index.min.0cf3565971ffba2a3241cb4d145f60263f11845f25692d19b2f1d554d6a6940463da4454581b56436e81f8ad67f395132faed330c41e2aae60ea9a5375e8f462.js => index.min.948a4f9e7e141b0b4a617239b649492e9f1d27f53dabeeccc705c55fbf627a7f6ddd057155aa1fb13e9d4b4c5804b12623ccb7920260a7dc1e75ad7792360192.js (98%) diff --git a/404.html b/404.html index 4342a0da9..62a92a8bd 100644 --- a/404.html +++ b/404.html @@ -5,4 +5,4 @@
\ No newline at end of file +Sign Up
\ No newline at end of file diff --git a/contributors/index.html b/contributors/index.html index cc87c043f..1b8087b4e 100644 --- a/contributors/index.html +++ b/contributors/index.html @@ -5,4 +5,4 @@

Contributors

\ No newline at end of file +Sign Up

Contributors

\ No newline at end of file diff --git a/developers/api-reference/app-registrations-api/index.html b/developers/api-reference/app-registrations-api/index.html index a258fb713..98a878c9d 100644 --- a/developers/api-reference/app-registrations-api/index.html +++ b/developers/api-reference/app-registrations-api/index.html @@ -208,4 +208,4 @@ "display_name": "test", "identity": "applications/ffaa0f30-a503-4de7-b085-d857ed34a7cd", "tenant_id": "tenant/fafb2d41-5237-45c7-9740-66d1635f549b" -}
Response ParameterTypeDescription
client_idstringClient ID for use in OIDC client credentials flow
credentialsarrayDescribes a single time-limited secret
custom_claimsobjectCustom claims to add to Application for use in access policies.
display_namestringHuman-readable display name for this Application.
identitystringResource name for the application
rolesarray
tenant_idstringIdentity of the tenant owning this application
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized.
404Returned when the Application does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Verified Replication of the Datatrails Transparency Logs
Assets API →
\ No newline at end of file +}
Response ParameterTypeDescription
client_idstringClient ID for use in OIDC client credentials flow
credentialsarrayDescribes a single time-limited secret
custom_claimsobjectCustom claims to add to Application for use in access policies.
display_namestringHuman-readable display name for this Application.
identitystringResource name for the application
rolesarray
tenant_idstringIdentity of the tenant owning this application
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized.
404Returned when the Application does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Verified Replication of the Datatrails Transparency Logs
Assets API →
\ No newline at end of file diff --git a/developers/api-reference/assets-api/index.html b/developers/api-reference/assets-api/index.html index 4379e08ee..fdd0501fc 100644 --- a/developers/api-reference/assets-api/index.html +++ b/developers/api-reference/assets-api/index.html @@ -503,4 +503,4 @@ }
Response ParameterTypeDescription
asset_attributesobjectkey value mapping of asset attributes
asset_identitystringidentity of a related asset resource assets/11bf5b37-e0b8-42e0-8dcf-dc8c4aefc000
behaviourstringThe behaviour used to create event. RecordEvidence
block_numberstringnumber of block event was commited on
confirmation_statusstringindicates if the event has been succesfully committed to the blockchain
event_attributesobjectkey value mapping of event attributes
fromstringwallet address for the creator of this event
identitystringidentity of a event resource
merklelog_entryobjectverifiable merkle mmr log entry details
operationstringThe operation represented by the event. Record
principal_acceptedobjectprincipal recorded by the server
principal_declaredobjectprincipal provided by the user
tenant_identitystringIdentity of the tenant the that created this event
timestamp_acceptedstringtime of event as recorded by the server
timestamp_committedstringtime of event as recorded in verifiable storage
timestamp_declaredstringtime of event as declared by the user
transaction_idstringhash of the transaction as a hex string 0x11bf5b37e0b842e08dcfdc8c4aefc000
transaction_indexstringindex of event within commited block
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
402Returned when the user’s quota of Events has been reached.
429Returned when a user exceeds their subscription’s rate limit for requests.

get  /archivist/v2/assets/archivist/v2/assets/{uuid}:publicurl

Retrieves the Asset public url

Description: Retrieves the public url for a specific Asset.

{
   "publicurl": "https://app.datatrails.ai/archivist/v2/publicassets/add30235-1424-4fda-840a-d5ef82c4c96f"
-}
Response ParameterTypeDescription
publicurlstring
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to view an Asset.
404Returned when the asset with the id does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← App Registrations API
Attachments API →
\ No newline at end of file +}
Response ParameterTypeDescription
publicurlstring
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to view an Asset.
404Returned when the asset with the id does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← App Registrations API
Attachments API →
\ No newline at end of file diff --git a/developers/api-reference/attachments-api/index.html b/developers/api-reference/attachments-api/index.html index 481b3f5a0..d06c5ddb7 100644 --- a/developers/api-reference/attachments-api/index.html +++ b/developers/api-reference/attachments-api/index.html @@ -104,4 +104,4 @@ "subject": "user-xxxx@example.com", "tenantid": "tenant/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "timestamp_accepted": "2019-11-07T15:31:49Z" -}
Response ParameterTypeDescription
hashblob hash.
identitystringblob identity.
issuerstringprincipal issuer.
mime_typestringhttp mime type.
scanned_bad_reasonstringif scanned as SCANNED_BAD contains a hint of scan result.
scanned_statusstringstatus of scan.
scanned_timestampstringdate and time when the attachments has been scanned.
sizeintegersize of the blob.
subjectstringprincipal subject.
tenantidstringidentity of the tenant the blob belongs to.
timestamp_acceptedstringdate and time when the request has been received.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
404Returned when the underlying system can’t find the asset.

← Assets API
Blobs API →
\ No newline at end of file +}
Response ParameterTypeDescription
hashblob hash.
identitystringblob identity.
issuerstringprincipal issuer.
mime_typestringhttp mime type.
scanned_bad_reasonstringif scanned as SCANNED_BAD contains a hint of scan result.
scanned_statusstringstatus of scan.
scanned_timestampstringdate and time when the attachments has been scanned.
sizeintegersize of the blob.
subjectstringprincipal subject.
tenantidstringidentity of the tenant the blob belongs to.
timestamp_acceptedstringdate and time when the request has been received.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
404Returned when the underlying system can’t find the asset.

← Assets API
Blobs API →
\ No newline at end of file diff --git a/developers/api-reference/blobs-api/index.html b/developers/api-reference/blobs-api/index.html index 9026c06a5..ca23bb927 100644 --- a/developers/api-reference/blobs-api/index.html +++ b/developers/api-reference/blobs-api/index.html @@ -88,4 +88,4 @@ "subject": "user-xxxx@example.com", "tenantid": "tenant/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "timestamp_accepted": "2019-11-07T15:31:49Z" -}
Response ParameterTypeDescription
hashblob hash.
identitystringblob identity.
issuerstringprincipal issuer.
mime_typestringhttp mime type.
scanned_bad_reasonstringif scanned as SCANNED_BAD contains a hint of scan result.
scanned_statusstringstatus of scan.
scanned_timestampstringdate and time when the attachments has been scanned.
sizeintegersize of the blob.
subjectstringprincipal subject.
tenantidstringidentity of the tenant the blob belongs to.
timestamp_acceptedstringdate and time when the request has been received.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to get the blob metadata.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying system returns an error.

← Attachments API
Compliance API →
\ No newline at end of file +}
Response ParameterTypeDescription
hashblob hash.
identitystringblob identity.
issuerstringprincipal issuer.
mime_typestringhttp mime type.
scanned_bad_reasonstringif scanned as SCANNED_BAD contains a hint of scan result.
scanned_statusstringstatus of scan.
scanned_timestampstringdate and time when the attachments has been scanned.
sizeintegersize of the blob.
subjectstringprincipal subject.
tenantidstringidentity of the tenant the blob belongs to.
timestamp_acceptedstringdate and time when the request has been received.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to get the blob metadata.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying system returns an error.

← Attachments API
Compliance API →
\ No newline at end of file diff --git a/developers/api-reference/caps-api/index.html b/developers/api-reference/caps-api/index.html index 632392135..1342577d6 100644 --- a/developers/api-reference/caps-api/index.html +++ b/developers/api-reference/caps-api/index.html @@ -25,4 +25,4 @@ } ] } -

These are the available values for “?service=”:

Caps OpenAPI Docs

API providing caps data for DataTrails APIs

get  /archivist/v1/caps/archivist/v1/caps

Returns caps for the given resource

Description: Returns caps for the given resource

ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to access the resource.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Estate Information YAML Runner
\ No newline at end of file +

These are the available values for “?service=”:

Caps OpenAPI Docs

API providing caps data for DataTrails APIs

get  /archivist/v1/caps/archivist/v1/caps

Returns caps for the given resource

Description: Returns caps for the given resource

ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to access the resource.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Estate Information YAML Runner
\ No newline at end of file diff --git a/developers/api-reference/compliance-api/index.html b/developers/api-reference/compliance-api/index.html index 370132305..c4d22f03c 100644 --- a/developers/api-reference/compliance-api/index.html +++ b/developers/api-reference/compliance-api/index.html @@ -194,4 +194,4 @@ "event_display_type": "Maintenance Performed", "identity": "compliance_policies/463fab3a-bae5-4349-8f76-f6454da20c9d", "time_period_seconds": 86800 -}
Response ParameterTypeDescription
asset_filterarrayFilter
closing_event_display_typestring
compliance_type
descriptionstring
display_namestring
dynamic_variabilitynumber
dynamic_windowstring
event_display_typestring
identitystring
richness_assertionsarrayFilter
time_period_secondsstring
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to access the requested resource.
404Returned when the asset with the id does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Blobs API
Events API →
\ No newline at end of file +}
Response ParameterTypeDescription
asset_filterarrayFilter
closing_event_display_typestring
compliance_type
descriptionstring
display_namestring
dynamic_variabilitynumber
dynamic_windowstring
event_display_typestring
identitystring
richness_assertionsarrayFilter
time_period_secondsstring
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to access the requested resource.
404Returned when the asset with the id does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Blobs API
Events API →
\ No newline at end of file diff --git a/developers/api-reference/events-api/index.html b/developers/api-reference/events-api/index.html index c525906fa..d46e3a3cf 100644 --- a/developers/api-reference/events-api/index.html +++ b/developers/api-reference/events-api/index.html @@ -632,4 +632,4 @@ }
Response ParameterTypeDescription
asset_attributesobjectkey value mapping of asset attributes
asset_identitystringidentity of a related asset resource assets/11bf5b37-e0b8-42e0-8dcf-dc8c4aefc000
behaviourstringThe behaviour used to create event. RecordEvidence
block_numberstringnumber of block event was commited on
confirmation_statusstringindicates if the event has been succesfully committed to the blockchain
event_attributesobjectkey value mapping of event attributes
fromstringwallet address for the creator of this event
identitystringidentity of a event resource
merklelog_entryobjectverifiable merkle mmr log entry details
operationstringThe operation represented by the event. Record
principal_acceptedobjectprincipal recorded by the server
principal_declaredobjectprincipal provided by the user
tenant_identitystringIdentity of the tenant the that created this event
timestamp_acceptedstringtime of event as recorded by the server
timestamp_committedstringtime of event as recorded in verifiable storage
timestamp_declaredstringtime of event as declared by the user
transaction_idstringhash of the transaction as a hex string 0x11bf5b37e0b842e08dcfdc8c4aefc000
transaction_indexstringindex of event within commited block
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
402Returned when the user’s quota of Events has been reached.
429Returned when a user exceeds their subscription’s rate limit for requests.

get  /archivist/v2/assets/archivist/v2/assets/{uuid}:publicurl

Retrieves the Asset public url

Description: Retrieves the public url for a specific Asset.

{
   "publicurl": "https://app.datatrails.ai/archivist/v2/publicassets/add30235-1424-4fda-840a-d5ef82c4c96f"
-}
Response ParameterTypeDescription
publicurlstring
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to view an Asset.
404Returned when the asset with the id does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Compliance API
IAM Policies API →
\ No newline at end of file +}
Response ParameterTypeDescription
publicurlstring
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to view an Asset.
404Returned when the asset with the id does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Compliance API
IAM Policies API →
\ No newline at end of file diff --git a/developers/api-reference/iam-policies-api/index.html b/developers/api-reference/iam-policies-api/index.html index 7556a3512..9b9771790 100644 --- a/developers/api-reference/iam-policies-api/index.html +++ b/developers/api-reference/iam-policies-api/index.html @@ -637,4 +637,4 @@ } ], "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR" -}
Response ParameterTypeDescription
access_policiesarrayDescribes an Access Policy for OBAC
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.

← Events API
IAM Subjects API →
\ No newline at end of file +}
Response ParameterTypeDescription
access_policiesarrayDescribes an Access Policy for OBAC
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.

← Events API
IAM Subjects API →
\ No newline at end of file diff --git a/developers/api-reference/iam-subjects-api/index.html b/developers/api-reference/iam-subjects-api/index.html index 87817d317..019c621a7 100644 --- a/developers/api-reference/iam-subjects-api/index.html +++ b/developers/api-reference/iam-subjects-api/index.html @@ -161,4 +161,4 @@ "wallet_pub_key": [ "key1" ] -}
Response ParameterTypeDescription
confirmation_status
display_namestringCustomer friendly name for the subject.
identitystringUnique identification for the subject, Relative Resource Name
tenantstringTenent id
tessera_pub_keyarrayOrganisation’s tessara wallet keys (BNF)
wallet_addressarrayOrganisation’s wallet addresses
wallet_pub_keyarrayOrganisation’s public wallet keys (BNF)
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the subject.
404Returned when the identified subject does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.

← IAM Policies API
Quickstart: SCITT Statements (Preview) →
\ No newline at end of file +}
Response ParameterTypeDescription
confirmation_status
display_namestringCustomer friendly name for the subject.
identitystringUnique identification for the subject, Relative Resource Name
tenantstringTenent id
tessera_pub_keyarrayOrganisation’s tessara wallet keys (BNF)
wallet_addressarrayOrganisation’s wallet addresses
wallet_pub_keyarrayOrganisation’s public wallet keys (BNF)
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the subject.
404Returned when the identified subject does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.

← IAM Policies API
Quickstart: SCITT Statements (Preview) →
\ No newline at end of file diff --git a/developers/api-reference/index.html b/developers/api-reference/index.html index 3fcb9c4da..4af11a8ad 100644 --- a/developers/api-reference/index.html +++ b/developers/api-reference/index.html @@ -5,4 +5,4 @@
\ No newline at end of file +Sign Up
\ No newline at end of file diff --git a/developers/api-reference/locations-api/index.html b/developers/api-reference/locations-api/index.html index c0b829285..1535bb57e 100644 --- a/developers/api-reference/locations-api/index.html +++ b/developers/api-reference/locations-api/index.html @@ -181,4 +181,4 @@ "orgb" ] } -}
Response ParameterTypeDescription
location_identitystringThe location identity in the form: locations/{uuid}
permissionsSubject identities this location is shared with
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to access permissions for the location.
404Returned when the identified location does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Quickstart: SCITT Statements (Preview)
Public Assets API →
\ No newline at end of file +}
Response ParameterTypeDescription
location_identitystringThe location identity in the form: locations/{uuid}
permissionsSubject identities this location is shared with
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to access permissions for the location.
404Returned when the identified location does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Quickstart: SCITT Statements (Preview)
Public Assets API →
\ No newline at end of file diff --git a/developers/api-reference/members-api/index.html b/developers/api-reference/members-api/index.html index 509335a1a..7711eb2f1 100644 --- a/developers/api-reference/members-api/index.html +++ b/developers/api-reference/members-api/index.html @@ -96,4 +96,4 @@ } ], "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR" -}
Response ParameterTypeDescription
membershipsarrayA users membership to a tenant.
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user does not have permission to access this endpoint.
404Returned when the requested resource does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Public Assets API
Tenancies API →
\ No newline at end of file +}
Response ParameterTypeDescription
membershipsarrayA users membership to a tenant.
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user does not have permission to access this endpoint.
404Returned when the requested resource does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.

← Public Assets API
Tenancies API →
\ No newline at end of file diff --git a/developers/api-reference/public-assets-api/index.html b/developers/api-reference/public-assets-api/index.html index c3902a094..94b4723c2 100644 --- a/developers/api-reference/public-assets-api/index.html +++ b/developers/api-reference/public-assets-api/index.html @@ -275,4 +275,4 @@ } ], "next_page_token": "abcd" -}
Response ParameterTypeDescription
eventsarrayThis describes an Event.
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
206The number of events exceeds the servers limit. The approximate number of matching results is provided by the x-total-count header, the exact limit is available in the content-range header. The value format is ‘items 0-LIMIT/TOTAL’. Note that x-total-count is always present for 200 and 206 responses. It is the servers best available approximation. Similarly, in any result set, you may get a few more than LIMIT items.

← Locations API
Members API →
\ No newline at end of file +}
Response ParameterTypeDescription
eventsarrayThis describes an Event.
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
206The number of events exceeds the servers limit. The approximate number of matching results is provided by the x-total-count header, the exact limit is available in the content-range header. The value format is ‘items 0-LIMIT/TOTAL’. Note that x-total-count is always present for 200 and 206 responses. It is the servers best available approximation. Similarly, in any result set, you may get a few more than LIMIT items.

← Locations API
Members API →
\ No newline at end of file diff --git a/developers/api-reference/tenancies-api/index.html b/developers/api-reference/tenancies-api/index.html index c6fd015bf..2c568bf5e 100644 --- a/developers/api-reference/tenancies-api/index.html +++ b/developers/api-reference/tenancies-api/index.html @@ -15,38 +15,8 @@ YAML runner or the Developers section of the web UI.

Additional YAML examples can be found in the articles in the Overview section.

The tenancies API is used to manage the configuration of your tenant. This is typically done from -within the product, but its possible to retrieve and modify some configs programatically.

Tenancies OpenAPI Docs

API to manage tenancies

get  /archivist/v1/tenancies/archivist/v1/tenancies/root_principals

Fetch the current list of tenant root user principals

Description: Fetch the current list of tenant root user principals.

get  /archivist/v1/tenancies/archivist/v1/tenancies/self

Get tenant record

Description: Returns an administrator’s view of tenant for which they’re authenticated

{
-  "root_principals": [
-    {
-      "display_name": "Bob Smith",
-      "email": "bob@job",
-      "issuer": "job.idp.server/1234",
-      "subject": "08838336-c357-460d-902a-3aba9528dd22"
-    }
-  ]
-}
Response ParameterTypeDescription
root_principalsarrayThe principal description assured by the configured Identity Provider. All values are according to OIDC id token claims and standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the root principals.

patch  /archivist/v1/tenancies/archivist/v1/tenancies/root_principals

Update the list of tenant root user principals

Description: Replace the list of tenant root user principals. Note that you are not able to remove yourself from the list.

{
-  "root_principals": [
-    {
-      "display_name": "Bob Smith",
-      "email": "bob@job",
-      "issuer": "job.idp.server/1234",
-      "subject": "08838336-c357-460d-902a-3aba9528dd22"
-    }
-  ]
-}
ParameterTypeDescription
root_principalsarrayThe principal description assured by the configured Identity Provider. All values are according to OIDC id token claims and standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

{
-  "root_principals": [
-    {
-      "display_name": "Bob Smith",
-      "email": "bob@job",
-      "issuer": "job.idp.server/1234",
-      "subject": "08838336-c357-460d-902a-3aba9528dd22"
-    }
-  ]
-}
Response ParameterTypeDescription
root_principalsarrayThe principal description assured by the configured Identity Provider. All values are according to OIDC id token claims and standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
ResponsesDescription
200A successful response.
400Returned when the request is badly formed. Including, but not limited to, attempting to remove yourself as a root uesr principal.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the root principals.

get  /archivist/v1/tenancies/archivist/v1/tenancies/self

Get tenant record

Description: Returns an administrator’s view of tenant for which they’re authenticated

{
   "display_name": "My First Tenancy",
   "enterprise_sso_config": {
     "client_id": "foo",
@@ -58,8 +28,8 @@
   "enterprise_sso_enabled": true,
   "identity": "tenant/08838336-c357-460d-902a-3aba9528dd22",
   "verified_domain": "foo.com"
-}
Response ParameterTypeDescription
display_namestringCustomer friendly name for the tenant.
enterprise_sso_config
enterprise_sso_enabledboolean
identitystringtenant identity {UUID}
verified_domainstring
ResponsesDescription
200A successful response.
400Supplied parameters were invalid
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to retrieve the tenant id.

patch  /archivist/v1/tenancies/archivist/v1/tenancies/self

Update tenant record

Description: Enables a root principal of the tenant to update the tenant record.

{
+}
Response ParameterTypeDescription
display_namestringCustomer friendly name for the tenant.
enterprise_sso_config
enterprise_sso_enabledboolean
identitystringtenant identity {UUID}
verified_domainstring
ResponsesDescription
200A successful response.
400Supplied parameters were invalid
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to retrieve the tenant id.

patch  /archivist/v1/tenancies/archivist/v1/tenancies/self

Update tenant record

Description: Enables a root principal of the tenant to update the tenant record.

{
   "display_name": "My First Tenancy",
   "enterprise_sso_config": {
     "client_id": "foo",
@@ -71,40 +41,8 @@
   "enterprise_sso_enabled": true,
   "identity": "tenant/08838336-c357-460d-902a-3aba9528dd22",
   "verified_domain": "foo.com"
-}
Response ParameterTypeDescription
display_namestringCustomer friendly name for the tenant.
enterprise_sso_config
enterprise_sso_enabledboolean
identitystringtenant identity {UUID}
verified_domainstring
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to perform this action.
404Returned when the referenced tenant does not exist.

get  /archivist/v1/tenancies/archivist/v1/tenancies/users

List Users

Description: Returns a list of Users active in or invited to the tenant.

{
-  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR",
-  "users": [
-    {
-      "email": "frank123@example.com",
-      "identity": "users/87d349ed-44d7-43e1-9a83-5f2406dee5bd",
-      "issuer": "frank@example.com",
-      "subject": "franky123",
-      "user_status": "ACTIVE"
-    }
-  ]
-}
Response ParameterTypeDescription
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
usersarrayUser Data
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to read the users.
404Returned when the identified users don’t exist.
500Returned when the underlying storage system returns an error.

delete  /archivist/v1/tenancies/archivist/v1/tenancies/users/{user_uuid}

Deletes User

Description: Deletes a User from the tenancy.

{
-  "email": "frank123@example.com",
-  "identity": "users/87d349ed-44d7-43e1-9a83-5f2406dee5bd",
-  "issuer": "frank@example.com",
-  "subject": "franky123",
-  "user_status": "ACTIVE"
-}
Response ParameterTypeDescription
displayNamestringdisplay name for the user
emailstringUser email.
identitystringuser identity {UUID}
issuerstringoptional issuer of the principal identity. Where the issuer is not provided the subject is treated as a free string
subjectstringunique identifier of the principal (within issuer context)
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to read the user.
500Returned when the underlying storage system returns an error.

get  /archivist/v1/tenancies/archivist/v1/tenancies/{uuid}:publicinfo

Public Tenant Information.

Description: Return the publically avaialble tenant information.

{
+}
Response ParameterTypeDescription
display_namestringCustomer friendly name for the tenant.
enterprise_sso_config
enterprise_sso_enabledboolean
identitystringtenant identity {UUID}
verified_domainstring
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to perform this action.
404Returned when the referenced tenant does not exist.

get  /archivist/v1/tenancies/archivist/v1/tenancies/{uuid}:publicinfo

Public Tenant Information.

Description: Return the publically avaialble tenant information.

{
   "identity": "tenant/add30235-1424-4fda-840a-d5ef82c4c96f",
   "verified_domain": "exampleltd"
-}
Response ParameterTypeDescription
identitystring
verified_domainstring
ResponsesDescription
200A successful response.

Simple API for User Management

get  /archivist/v1/users/archivist/v1/users/tenants

List User Tenants

Description: Returns a list of tenancies the user has access to.

{
-  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR",
-  "tenants": [
-    {
-      "display_name": "Bobs Tenancy",
-      "identity": "tenant/01038663-c357-470d-912a-3abc9528dd21"
-    },
-    {
-      "display_name": "Alices Tenancy",
-      "identity": "tenant/12149552-f258-430d-922b-4bcd8413ee30"
-    }
-  ]
-}
Response ParameterTypeDescription
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
tenantsarrayTenant information for a user.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to read the user.
404Returned when the identified user don’t exist.
500Returned when the underlying storage system returns an error.

← Members API
YAML Runner Components →
\ No newline at end of file +}
Response ParameterTypeDescription
identitystring
verified_domainstring
ResponsesDescription
200A successful response.

← Members API
YAML Runner Components →
\ No newline at end of file diff --git a/developers/developer-patterns/3rdparty-verification/index.html b/developers/developer-patterns/3rdparty-verification/index.html index 9e4e0cb52..f17ae80b5 100644 --- a/developers/developer-patterns/3rdparty-verification/index.html +++ b/developers/developer-patterns/3rdparty-verification/index.html @@ -111,4 +111,4 @@ veracity --tenant $TENANT watch --horizon 180h | veracity replicate-logs --replicadir merklelogs
  • This process guarantees you can’t be misrepresented, any alternate version of events would be provably false.
  • To guarantee continued operation even if DataTrails is prevented from operating, a copy of the DataTrails metadata must be retained.
  • You can reasonably chose to trust DataTrails copy, because, even in the most extreme cases, it is “fail-safe” if DataTrails SaaS storage is compromised, when combined with a replicated verifiable merkle log.

    • ← Massif blob pre-calculated offsets
    App Registrations API →
    \ No newline at end of file + \ No newline at end of file diff --git a/developers/developer-patterns/document-profile/index.html b/developers/developer-patterns/document-profile/index.html index 9a281d3db..ff7406635 100644 --- a/developers/developer-patterns/document-profile/index.html +++ b/developers/developer-patterns/document-profile/index.html @@ -17,4 +17,4 @@ } ]
    Asset AttributesMeaningRequirement
    document_hash_valueHash of this version of the documentRequired
    document_hash_algAlgorithm used for hashing. We only officially support SHA-256.Required
    document_statusLabel for filtering and accommodating critical document lifecycle eventsRequired, must be Published
    document_documentAttachment containing this version of the documentOptional
    document_versionVersion string for the this version of the documentOptional

    Withdraw Event

    If a document is no longer required, or if for any reason it is decided that it should no longer be used, then a document can be withdrawn. -Withdrawal is optional and it is usually the final event in the document lifecycle. It can be reversed in DataTrails by publishing a new version.

    Withdraw an entire document (mark that it is no longer considered current.)

    Event AttributesMeaningRequirement
    arc_display_typeTells DataTrails how to interpret EventRequired, must be set to Withdraw
    document_withdrawal_reasonReason why document has been withdrawnOptional, but encouraged
    Asset AttributesMeaningRequirement
    document_statusLabel for filtering and accommodating critical document lifecycle eventsRequired, must be Withdrawn

    ← Namespace
    Software Package Profile →
    \ No newline at end of file +Withdrawal is optional and it is usually the final event in the document lifecycle. It can be reversed in DataTrails by publishing a new version.

    Withdraw an entire document (mark that it is no longer considered current.)

    Event AttributesMeaningRequirement
    arc_display_typeTells DataTrails how to interpret EventRequired, must be set to Withdraw
    document_withdrawal_reasonReason why document has been withdrawnOptional, but encouraged
    Asset AttributesMeaningRequirement
    document_statusLabel for filtering and accommodating critical document lifecycle eventsRequired, must be Withdrawn

    ← Namespace
    Software Package Profile →
    \ No newline at end of file diff --git a/developers/developer-patterns/getting-access-tokens-using-app-registrations/index.html b/developers/developer-patterns/getting-access-tokens-using-app-registrations/index.html index 12e3ea5c8..108b99a81 100644 --- a/developers/developer-patterns/getting-access-tokens-using-app-registrations/index.html +++ b/developers/developer-patterns/getting-access-tokens-using-app-registrations/index.html @@ -97,4 +97,4 @@ "iss": "https://app.datatrails.ai/appidpv1", "aud": "https://app.datatrails.ai/archivist" } -

    ← DataTrails Event vCon Template
    Namespace →
    \ No newline at end of file +

    ← DataTrails Event vCon Template
    Namespace →
    \ No newline at end of file diff --git a/developers/developer-patterns/index.html b/developers/developer-patterns/index.html index 75cec4b31..4cd432074 100644 --- a/developers/developer-patterns/index.html +++ b/developers/developer-patterns/index.html @@ -5,4 +5,4 @@

    Developer Patterns

    This sub-section of the Developers subject area contains more detailed information on topics that cannot be covered by the API or YAML Runner references.

    You will find articles on common developer tasks and concept guides that are relevant to developers.

    Check out the articles below for more information!


    Getting Access Tokens using App Registrations →
    Namespace →
    Verifying Assets and Events with Simple Hash →
    Navigating the Merkle Logs →
    Massif Blob Offset Tables →
    Document Profile →
    Software Package Profile →

    \ No newline at end of file +Sign Up

    Developer Patterns

    This sub-section of the Developers subject area contains more detailed information on topics that cannot be covered by the API or YAML Runner references.

    You will find articles on common developer tasks and concept guides that are relevant to developers.

    Check out the articles below for more information!


    Getting Access Tokens using App Registrations →
    Namespace →
    Verifying Assets and Events with Simple Hash →
    Navigating the Merkle Logs →
    Massif Blob Offset Tables →
    Document Profile →
    Software Package Profile →

    \ No newline at end of file diff --git a/developers/developer-patterns/massif-blob-offset-tables/index.html b/developers/developer-patterns/massif-blob-offset-tables/index.html index 808b6e8d7..716596f76 100644 --- a/developers/developer-patterns/massif-blob-offset-tables/index.html +++ b/developers/developer-patterns/massif-blob-offset-tables/index.html @@ -127,4 +127,4 @@ } return sum; } -

    ← Navigating the Merkle Log
    Verified Replication of the Datatrails Transparency Logs →
    \ No newline at end of file +

    ← Navigating the Merkle Log
    Verified Replication of the Datatrails Transparency Logs →
    \ No newline at end of file diff --git a/developers/developer-patterns/namespace/index.html b/developers/developer-patterns/namespace/index.html index d65b41971..431ae359b 100644 --- a/developers/developer-patterns/namespace/index.html +++ b/developers/developer-patterns/namespace/index.html @@ -23,4 +23,4 @@ }

    To use namespace as a variable, such as the date, add the argument to your Bash environment:

     export TEST_NAMESPACE=date

    See -TEST_NAMESPACE in our GitHub repository for more information. TEST_NAMESPACE can also be added to your Bash profile to be automatically picked up when testing.

    ← Creating Access Tokens Using a Custom Integration
    Document Profile →
    \ No newline at end of file +TEST_NAMESPACE in our GitHub repository for more information. TEST_NAMESPACE can also be added to your Bash profile to be automatically picked up when testing.

    ← Creating Access Tokens Using a Custom Integration
    Document Profile →
    \ No newline at end of file diff --git a/developers/developer-patterns/navigating-merklelogs/index.html b/developers/developer-patterns/navigating-merklelogs/index.html index cc0ecbaa3..7a0ffa47f 100644 --- a/developers/developer-patterns/navigating-merklelogs/index.html +++ b/developers/developer-patterns/navigating-merklelogs/index.html @@ -417,4 +417,4 @@ Snowflake ID scheme. The DataTrails implementation can be found at nextid.go ↩︎

  • Such a path of hashes is commonly referred to as a “proof”, a “witness”, and an “authentication path”. -A Merkle Tree is sometimes referred to as authenticated data structures or a verifiable data structure. For the purposes of this article, there is no meaningful difference. They are all the same thing. We stick to “verification” and “verifiable data structure” in this article. ↩︎

    • ← Independently verifying DataTrails transparent merkle logs
    Massif blob pre-calculated offsets →
    \ No newline at end of file +A Merkle Tree is sometimes referred to as authenticated data structures or a verifiable data structure. For the purposes of this article, there is no meaningful difference. They are all the same thing. We stick to “verification” and “verifiable data structure” in this article. ↩︎

    ← Independently verifying DataTrails transparent merkle logs
    Massif blob pre-calculated offsets →
    \ No newline at end of file diff --git a/developers/developer-patterns/scitt-api/index.html b/developers/developer-patterns/scitt-api/index.html index 5a0c42b7b..5d80f09ea 100644 --- a/developers/developer-patterns/scitt-api/index.html +++ b/developers/developer-patterns/scitt-api/index.html @@ -9,60 +9,77 @@ Developer Patterns

    • Quickstart: SCITT Statements (Preview)

    How to push a collection of Statements using SCITT APIs

    The SCITT API is currently in preview and subject to change

    The Supply Chain Integrity, Transparency and Trust (SCITT) initiative is a set of +YAML Runner Reference

    Quickstart: SCITT Statements (Preview)

    How to push a collection of Statements using SCITT APIs

    The SCITT API is currently in preview and subject to change

    The Supply Chain Integrity, Transparency and Trust (SCITT) initiative is a set of IETF standards for managing the compliance and auditability of goods and services across end-to-end supply chains. SCITT supports the ongoing verification of goods and services where the authenticity of entities, evidence, policy, and artifacts can be assured and the actions of entities can be guaranteed to be authorized, non-repudiable, immutable, and auditable.

    To assure insights to supply chain artifacts are current, the SCITT APIs provide a correlation of statements, allowing verifiers to view a full history of statements. This includes previously registered statements, and newly registered statements providing the most up to date insights.

    This quickstart will:

    1. create, or use an existing a key to sign a collection of statements about an artifact
    2. create and register a statement for an artifact
    3. query a collection of statements about the artifact

    Prerequisites

    DataTrails Sample Code

    The Quickstart uses existing samples and scripts to focus on the SCITT APIs.

    Clone the DataTrails SCITT Examples repository to copy those files to your environment.

    git clone https://github.com/datatrails/datatrails-scitt-samples.git && \
 cd datatrails-scitt-samples
-

    Environment Configuration

    1. Create a Python Virtual Environment for the sample scripts and install the dependencies

      python -m  venv venv && \
+

      Environment Configuration

      1. Create a Python Virtual Environment for the sample scripts and install the dependencies

        python -m venv venv && \
 source venv/bin/activate && \
+trap deactivate EXIT && \
 pip install --upgrade pip && \
 pip install -r requirements.txt
-

      2. To ease copying and pasting commands, update any variables to fit your environment

        # your identity
+

        • Note: If you receive errors, delete the venv directory and try again:

          rm -r -f venv/
+

      3. To ease copying and pasting commands, update any variables to fit your environment

        # your identity
 ISSUER="sample.synsation.io"
 
 # signing key to sign the SCITT Statements
-SIGNING_KEY="my-signing-key.pem"
+SIGNING_KEY="/tmp/my-signing-key.pem"
 
 # File representing the signed statement to be registered
-SIGNED_STATEMENT_FILE="signed-statement.cbor"
+SIGNED_STATEMENT_FILE="/tmp/signed-statement.cbor"
 
 # File representing the transparent statement, which includes the signed statement and the registration receipt
-TRANSPARENT_STATEMENT_FILE="transparent-statement.cbor"
+TRANSPARENT_STATEMENT_FILE="/tmp/transparent-statement.cbor"
 
-# Subject is a property used to correlate a collection of statements about an artifact
+# Property used to correlate a collection of statements about an artifact
 SUBJECT="my-product-id"
+
+# Sub Directory for SCITT scripts
+SCRIPTS="datatrails_scitt_samples/scripts/"
+
+# For local script execution, help Python find the modules
+export PYTHONPATH="${PYTHONPATH}:$SCRIPTS"

      Create a Signing Key

      If you already have a signing key, skip ahead to Generating a Payload

      For the Quickstart, create a testing key which DataTrails will cryptographically validate upon registration

      openssl ecparam -name prime256v1 -genkey -out $SIGNING_KEY
-

      Generate a Payload

      Create any payload you wish to register on DataTrails.

      cat > payload.json <<EOF
+

      Generate a Payload

      Create any payload you wish to register on DataTrails.

      cat > /tmp/payload.json <<EOF
 {
     "author": "fred",
     "title": "my biography",
     "reviews": "mixed"
 }
 EOF
+

      Create Metadata

      DataTrails Event Attributes can be associated with a SCITT Statement, enabling indexing and retrieval.

      Create metadata with a dictionary of key:value pairs.

      HASH=$(sha256sum "/tmp/payload.json" | cut -d ' ' -f 1)
+cat > /tmp/metadata.json <<EOF
+{
+  "payload_hash": "$HASH",
+  "timestamp_declared": "2024-11-01T12:24:42.012345",
+  "sample_version": "0.1.1",
+  "project": 25,
+  "location": "Seattle, WA"
+}
+EOF

      Create a COSE Signed Statement

      Create a COSE Signed Statement, hashing the content of the payload.json file. -The payload may already be stored in another storage/package manager, which can be referenced with the --location-hint parameter.

      python scitt/create_hashed_signed_statement.py \
+The payload may already be stored in another storage/package manager, which can be referenced with the --location-hint parameter.
      python ${SCRIPTS}create_hashed_signed_statement.py \
   --content-type "application/json" \
   --issuer $ISSUER \
-  --payload-file payload.json \
+  --metadata-file "/tmp/metadata.json" \
+  --output-file $SIGNED_STATEMENT_FILE \
+  --payload-file /tmp/payload.json \
   --payload-location "https://storage.example/$SUBJECT" \
   --signing-key-file $SIGNING_KEY \
-  --subject $SUBJECT \
-  --output-file $SIGNED_STATEMENT_FILE
-
      Register the SCITT Statement on DataTrails
      1. Submit the Signed Statement to DataTrails, using the credentials in the DATATRAILS_CLIENT_ID and DATATRAILS_CLIENT_SECRET.
        python scitt/register_signed_statement.py \
-  --signed-statement-file signed-statement.cbor \
+  --subject $SUBJECT
+
        Register the SCITT Signed Statement on DataTrails
        1. Submit the Signed Statement to DataTrails, using the credentials in the DATATRAILS_CLIENT_ID and DATATRAILS_CLIENT_SECRET.
          python ${SCRIPTS}register_signed_statement.py \
+  --signed-statement-file $SIGNED_STATEMENT_FILE \
   --output-file $TRANSPARENT_STATEMENT_FILE \
   --log-level INFO
-
        2. View the Transparent Statement, as a result of registering the Signed Statement
          python scitt/dump_cbor.py \
-  --input transparent-statement.cbor
-
        3. Verify the signature of the receipt
          python scitt/verify_receipt_signature.py \
-  --transparent-statement-file $TRANSPARENT_STATEMENT_FILE
+
        4. View the Transparent Statement, as a result of registering the Signed Statement
          python datatrails_scitt_samples/dump_cbor.py \
+  --input $TRANSPARENT_STATEMENT_FILE
 
        Retrieve Statements for the Artifact
        The power of SCITT is the ability to retrieve the history of statements made for a given artifact.
-By querying the series of statements, consumers can verify who did what and when for a given artifact.
        1. Query DataTrails for the collection of statements
          curl -H @$HOME/.datatrails/bearer-token.txt \
-  https://app.datatrails.ai/archivist/v2/publicassets/-/events?event_attributes.subject=$SUBJECT | jq
-
         Coming soon: Filter on specific content types, such as what SBOMs have been registered, or which issuers have made statements.
        Summary
        The quickstart created a collection of statements for a given artifact.
-Over time, as new information is available, authors can publish new statements which verifiers and consumers can benefit from, making decisions specific to their environment.
        There are no limits to the types of additional statements that may be registered, which may include new vulnerability information, notifications of new versions, end of life (EOL) notifications, or more.
-By using the content-type parameter, verifiers can filter to specific types, filter statements by the issuer, or other headers & metadata.
        For more information:
        ← IAM Subjects API
        Locations API →
    \ No newline at end of file +By querying the series of statements, consumers can verify who did what and when for a given artifact.

    1. Query DataTrails for the collection of statements

      PARAMS="event_attributes.subject=${SUBJECT}&page_size=3"
+curl "https://app.datatrails.ai/archivist/v2/publicassets/-/events?${PARAMS}" \
+  | jq
+

    Summary

    The quickstart created a collection of statements for a given artifact. +Over time, as new information is available, authors can publish new statements which verifiers and consumers can benefit from, making decisions specific to their environment.

    There are no limits to the types of additional statements that may be registered, which may include new information related to an AI Model, new vulnerability information, notifications of new versions, end of life (EOL) notifications, or more.

    For more information:

    ← IAM Subjects API
    Locations API →
    \ No newline at end of file diff --git a/developers/developer-patterns/software-package-profile/index.html b/developers/developer-patterns/software-package-profile/index.html index 15bc2dc29..817e4090f 100644 --- a/developers/developer-patterns/software-package-profile/index.html +++ b/developers/developer-patterns/software-package-profile/index.html @@ -44,4 +44,4 @@ "public": true }

    Software Package Profile Event Types and Attributes

    Release Event

    A Release is the event used by a Supplier to provide an SBOM for their Software Package in DataTrails.

    The Release attributes tracked in DataTrails should minimally represent the base information required by the NTIA standard and be recorded in two, separate, lists of attributes; Asset Attributes would track details about the latest release of the SBOM at the time of the event creation, the Event Attributes then track details about the release of the SBOM that is being submitted.

    Release Event Attribute Namespace

    The sbom_ prefix is used to designate attributes that are part of the event and asset. Some of these are interpreted by DataTrails and others are guidelines

    NTIA AttributeEvent AttributesMeaningRequirement
    N/Aarc_display_typeTells DataTrails how to interpret EventRequired, must set to Release
    Author Namesbom_authorThe name of the Package AuthorRequired
    Supplier Namesbom_supplierThe name of the Package AuthorRequired
    Component Namesbom_componentThe name of the PackageRequired
    Version Stringsbom_versionThe version of the PackageRequired
    Unique Identifiersbom_uuidA unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadRequired
    N/Asbom_repoLink to the Git Repo of the ComponentOptional
    N/Asbom_release_notesLink to the release notes of the releaseOptional
    N/Asbom_licenseThe licensing used by the component (if specified)Optional
    N/Asbom_exceptionIf included value is always trueOptional
    N/Asbom_vuln_referenceIf this release resolves a specific vulnerability you can highlight a shared Vulnerability reference number(s)Optional
    NTIA AttributeAsset AttributesMeaningRequirement
    Author Namesbom_authorThe name of the Package AuthorRequired
    Supplier Namesbom_supplierThe name of the Package SupplierRequired
    Component Namesbom_component,(arc_display_name if appropriate)The name of the Software PackageRequired
    Version Stringsbom_versionThe version of the Software PackageRequired
    Unique Identifiersbom_uuidA unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadRequired
    N/Asbom_repoLink to the Git Repo of the ComponentOptional
    N/Asbom_release_notesLink to the release notes of the package versionOptional
    N/Asbom_licenseThe licensing used by the component (if specified)Optional
    Exception

    When used in tandem with Release Plan and Accepted events the exception is a useful record of when an emergency has caused a release to be pushed without needing an initial approval or plan.

    Release Plan and Release Accepted

    Release events can be optionally enhanced by using ‘Release Plan’ and ‘Release Accepted’ events alongside them.

    Release Plan events demonstrate an intent to introduce a new release, it should describe which version you want to release and who wants to release it. For example, it could include draft release notes explaining what is being updated and why it should be updated.

    Release Accepted events demonstrate an approval on a Release Plan to go forward, it may be that the plan details a need to introduce a fix for a specific vulnerability and the security team is needed to sign off the release going forward.

    These events are not essential to the process so can be omitted in a standard or minimal deployment but they are actively encouraged. As they should not affect the information about the latest Software Package Release there should be no Asset Attributes included, other NTIA attributes may also not be necessary or not available until release (e.g. Component Hash).

    The Key Attribute that should be recorded is the version of the release that is being planned and accepted.

    Release Plan

    Release Plan Event Attribute Namespace

    The sbom_planned_ prefix is used to designate attributes that are part of the event. Some of these are interpreted by DataTrails and others are guidelines.

    NTIA AttributeEvent AttributesMeaningRequirement
    N/Aarc_display_typeTells DataTrails how to interpret EventRequired, must set to Release Plan
    Component Namesbom_planned_componentThe planned name of the PackageRequired
    Version Stringsbom_planned_versionThe planned version of the PackageRequired
    N/Asbom_planned_referenceA reference number for the plan (such as internal change request number)Required
    N/Asbom_planned_dateThe planned release dateRequired
    N/Asbom_planned_captainThe planned Release Captain (a common term for someone who is responsible for performing a Release; someone like an Owner in Agile serves a different purpose but may also be used if appropriate). This is mandatory as it describes who should be responsible for the releaseRequired
    Author Namesbom_planned_authorThe planned name of the Package AuthorOptional
    Supplier Namesbom_planned_supplierThe planned name of the Package SupplierOptional
    Component Hashsbom_planned_hashThe planned hash of the component files/installation (per version)Optional
    Unique Identifiersbom_planned_uuidThe planned unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadOptional
    N/Asbom_planned_licenseIf there is an intended change to the license this may be neededOptional
    N/Asbom_planned_vuln_referenceIf this release intends to resolve a specific vulnerability you can highlight a shared Vulnerability reference number(s)Optional

    Release Accepted Event

    Release Accepted Event Attribute Namespace

    The sbom_accepted_ prefix is used to designate attributes that are part of the event. Some of these are interpreted by DataTrails and others are guidelines.

    NTIA AttributeEvent AttributesMeaningRequirement
    N/Aarc_display_typeTells DataTrails how to interpret EventRequired, must set to Release Accepted
    Component Namesbom_accepted_componentThe accepted name of the PackageRequired
    Version Stringsbom_accepted_versionThe accepted version of the PackageRequired
    N/Asbom_accepted_referenceThe reference number of the associated planRequired
    N/Asbom_accepted_dateThe accepted release dateRequired
    N/Asbom_accepted_captainThe accepted Release Captain (a common term for someone who is responsible for performing a Release; someone like an Owner in Agile serves a different purpose but may also be used if appropriate). This is mandatory as it describes who should be responsible for the releaseRequired
    N/Asbom_accepted_approverDescribes who has accepted the planRequired
    Author Namesbom_accepted_authorThe accepted name of the Package AuthorOptional
    Supplier Namesbom_accepted_supplierThe accepted name of the Package SupplierOptional
    Component Hashsbom_accepted_hashThe accepted hash of the component files/installation (per version)Optional
    Unique Identifiersbom_accepted_uuidThe accepted unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadOptional
    N/Asbom_accepted_vuln_referenceIf this release intends to resolve a specific vulnerability you can highlight a shared Vulnerability reference number(s)Optional

    Patch Event

    Patches are often supplied to customer in an Out-Of-Band procedure to address critical bugs or vulnerabilities, usually with a short-term turnaround that can be outside the normal release cadence.

    It is typically expected a Patch should contain its own SBOM separate to the Primary SBOM.

    Patch Event Attribute Namespace

    The sbom_patch_ prefix is used to designate attributes that are part of the event. Some of these are interpreted by DataTrails and others are guidelines.

    NTIA AttributeEvent AttributesMeaningRequirement
    N/Aarc_display_typeTells DataTrails how to interpret EventRequired, must set to Patch
    Component Namesbom_patch_target_componentThe component the Patch targetsRequired
    Version Stringsbom_patch_versionThe version string of the PatchRequired
    Author Namesbom_patch_authorThe name of the Patch AuthorRequired
    Supplier Namesbom_patch_supplierThe name of the Patch SupplierRequired
    Component Hashsbom_patch_hashThe hash of the Patch files/installation (per version)Required
    Unique Identifiersbom_patch_uuidThe accepted unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadRequired
    N/Asbom_patch_target_versionThe version of the component the patch is targeted/built fromRequired
    N/Asbom_patch_repoLink to the Git Repo/Fork/Branch of the Component (if different to the latest release repo)Optional
    N/Asbom_patch_licenseThe licensing used by the component (if specified and different to the latest release license)Optional
    N/Asbom_patch_vuln_referenceIf this patch resolves a specific vulnerability you can highlight a shared Vulnerability reference numberOptional

    Vulnerability Disclosure and Update

    These Event types are used for vulnerability management. -The first is to disclose knowledge of a vulnerability and the second is to update the status of the vulnerability after investigation is complete.

    Vulnerability Disclosure Event Attribute Namespace

    The vuln_ prefix is used to designate attributes that are part of the event. All of these are interpreted by DataTrails.

    Vulnerability Disclosure

    Event AttributesMeaningRequirement
    arc_display_typeTells DataTrails how to interpret EventRequired, must set to Vulnerability Disclosure
    vuln_nameFriendly Name for the VulnerabilityRequired
    vuln_referenceReference Number (e.g. internal tracking number), useful when there may be multiple updates to a vulnerability during an investigation and for referencing when a particular release is expected to solve a vulnerabilityRequired
    vuln_idSpecific ID of Vulnerability (e.g CVE-2018-0171)Required
    vuln_categoryType of Vulnerability (e.g. CVE)Required
    vuln_severitySeverity of Vulnerability (e.g. HIGH)Required
    vuln_statusWhether the Vulnerability actually affects your component or is being investigated (e.g Known_not_affected)Required
    vuln_authorAuthor of Vulnerability DisclosureRequired
    vuln_target_componentAffected ComponentRequired
    vuln_target_versionAffected Version(s)Required

    Vulnerability Update

    Event AttributesMeaningRequirement
    arc_display_typeTells DataTrails how to interpret EventRequired, must set to Vulnerability Update
    vuln_nameFriendly Name for the VulnerabilityRequired
    vuln_referenceReference Number (e.g. internal tracking number), useful when there may be multiple updates to a vulnerability during an investigation and for referencing when a particular release is expected to solve a vulnerabilityRequired
    vuln_idSpecific ID of Vulnerability (e.g CVE-2018-0171)Required
    vuln_categoryType of Vulnerability (e.g. CVE)Required
    vuln_severitySeverity of Vulnerability (e.g. HIGH)Required
    vuln_statusWhether the Vulnerability actually affects your component or is being investigated (e.g Known_not_affected)Required
    vuln_authorAuthor of Vulnerability DisclosureRequired
    vuln_target_componentAffected ComponentRequired
    vuln_target_versionAffected Version(s)Required

    EOL Event

    EOL Event Attribute Namespace

    The sbom_eol_ prefix is used to designate attributes that are part of the event. All of these are interpreted by DataTrails.

    An event to mark the Package as End of Life.

    NTIA AttributeEvent AttributesMeaningRequirement
    N/Aarc_display_typeTells DataTrails how to interpret EventRequired, must set to EOL
    Component Namesbom_eol_target_componentThe component the EOL targetsRequired
    Version Stringsbom_eol_target_versionThe version string affected by the EOLRequired
    Author Namesbom_eol_authorThe name of the EOL AuthorRequired
    Unique Identifiersbom_eol_uuidThe accepted unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadRequired
    N/Asbom_eol_target_dateThe date on which the EOL will be activeRequired

    ← Document Profile
    Independently verifying DataTrails transparent merkle logs →
    \ No newline at end of file +The first is to disclose knowledge of a vulnerability and the second is to update the status of the vulnerability after investigation is complete.

    Vulnerability Disclosure Event Attribute Namespace

    The vuln_ prefix is used to designate attributes that are part of the event. All of these are interpreted by DataTrails.

    Vulnerability Disclosure

    Event AttributesMeaningRequirement
    arc_display_typeTells DataTrails how to interpret EventRequired, must set to Vulnerability Disclosure
    vuln_nameFriendly Name for the VulnerabilityRequired
    vuln_referenceReference Number (e.g. internal tracking number), useful when there may be multiple updates to a vulnerability during an investigation and for referencing when a particular release is expected to solve a vulnerabilityRequired
    vuln_idSpecific ID of Vulnerability (e.g CVE-2018-0171)Required
    vuln_categoryType of Vulnerability (e.g. CVE)Required
    vuln_severitySeverity of Vulnerability (e.g. HIGH)Required
    vuln_statusWhether the Vulnerability actually affects your component or is being investigated (e.g Known_not_affected)Required
    vuln_authorAuthor of Vulnerability DisclosureRequired
    vuln_target_componentAffected ComponentRequired
    vuln_target_versionAffected Version(s)Required

    Vulnerability Update

    Event AttributesMeaningRequirement
    arc_display_typeTells DataTrails how to interpret EventRequired, must set to Vulnerability Update
    vuln_nameFriendly Name for the VulnerabilityRequired
    vuln_referenceReference Number (e.g. internal tracking number), useful when there may be multiple updates to a vulnerability during an investigation and for referencing when a particular release is expected to solve a vulnerabilityRequired
    vuln_idSpecific ID of Vulnerability (e.g CVE-2018-0171)Required
    vuln_categoryType of Vulnerability (e.g. CVE)Required
    vuln_severitySeverity of Vulnerability (e.g. HIGH)Required
    vuln_statusWhether the Vulnerability actually affects your component or is being investigated (e.g Known_not_affected)Required
    vuln_authorAuthor of Vulnerability DisclosureRequired
    vuln_target_componentAffected ComponentRequired
    vuln_target_versionAffected Version(s)Required

    EOL Event

    EOL Event Attribute Namespace

    The sbom_eol_ prefix is used to designate attributes that are part of the event. All of these are interpreted by DataTrails.

    An event to mark the Package as End of Life.

    NTIA AttributeEvent AttributesMeaningRequirement
    N/Aarc_display_typeTells DataTrails how to interpret EventRequired, must set to EOL
    Component Namesbom_eol_target_componentThe component the EOL targetsRequired
    Version Stringsbom_eol_target_versionThe version string affected by the EOLRequired
    Author Namesbom_eol_authorThe name of the EOL AuthorRequired
    Unique Identifiersbom_eol_uuidThe accepted unique identifier for the Package, DataTrails provides a Unique ID per asset but it may be preferred to include an existing internal reference insteadRequired
    N/Asbom_eol_target_dateThe date on which the EOL will be activeRequired

    ← Document Profile
    Independently verifying DataTrails transparent merkle logs →
    \ No newline at end of file diff --git a/developers/developer-patterns/veracity/index.html b/developers/developer-patterns/veracity/index.html index 79b5e4cdd..90fdaa272 100644 --- a/developers/developer-patterns/veracity/index.html +++ b/developers/developer-patterns/veracity/index.html @@ -102,4 +102,4 @@

    The value returned is the hash stored at that node:

    26c7061166187363dd156f4f5f1f517a39323af3c70d572de28c5206de160ec2

    Leaf nodes in the merkle log contain the hash of the event data (plus some metadata, see this article) while -intermediate nodes hash together the content of their left and right children.

    ← Software Package Profile
    Navigating the Merkle Log →
    \ No newline at end of file +intermediate nodes hash together the content of their left and right children.

    ← Software Package Profile
    Navigating the Merkle Log →
    \ No newline at end of file diff --git a/developers/index.html b/developers/index.html index f7720545f..e13bb6e31 100644 --- a/developers/index.html +++ b/developers/index.html @@ -5,4 +5,4 @@

    Developers

    If you are a developer who is looking to easily add provenance to their data, this section is for you.
    You may be building a new application or looking for a way to add functionality to something that you already use every day.

    The DataTrails REST API, python SDK, or the YAML runner provide a simple way for you to integrate a provenance layer into your existing data platform so that you do not need to change the way that your users work.

    Check out the sub-sections below for more information!

    Developer Patterns →
    Go here for information on setting up an App Registration, requesting an Access Token together with other developer concepts and user profile descriptions.

    API Reference →
    The DataTrails REST API endpoint examples and definitions can be found here.

    YAML Runner Reference →
    The YAML reference contains information and examples for those who work with YAML files and would prefer to use this method to access the API.

    Additional resources are available from our Python SDK and the Python Samples.

    \ No newline at end of file +Sign Up

    Developers

    If you are a developer who is looking to easily add provenance to their data, this section is for you.
    You may be building a new application or looking for a way to add functionality to something that you already use every day.

    The DataTrails REST API, python SDK, or the YAML runner provide a simple way for you to integrate a provenance layer into your existing data platform so that you do not need to change the way that your users work.

    Check out the sub-sections below for more information!

    Developer Patterns →
    Go here for information on setting up an App Registration, requesting an Access Token together with other developer concepts and user profile descriptions.

    API Reference →
    The DataTrails REST API endpoint examples and definitions can be found here.

    YAML Runner Reference →
    The YAML reference contains information and examples for those who work with YAML files and would prefer to use this method to access the API.

    Additional resources are available from our Python SDK and the Python Samples.

    \ No newline at end of file diff --git a/developers/templates/index.html b/developers/templates/index.html index 69060ec5d..ba6831200 100644 --- a/developers/templates/index.html +++ b/developers/templates/index.html @@ -7,4 +7,4 @@
    \ No newline at end of file +Other templates are more generic, providing a baseline for getting started.

    Check out the articles below for more information:

    Creating DataTrails Events for vCons→
    Creating SCITT Entries on the DataTrails Platform →
    \ No newline at end of file diff --git a/developers/templates/scitt/index.html b/developers/templates/scitt/index.html index a8aae00f0..bcc18d39a 100644 --- a/developers/templates/scitt/index.html +++ b/developers/templates/scitt/index.html @@ -174,4 +174,4 @@ curl -g -X GET -H "@$HOME/.datatrails/bearer-token.txt" \ "$DATATRAILS_EVENTS_URL?event_attributes.subject=vcon://$VCON&principal_declared.issuer=https://app.datatrails.ai/appidpv1&principal_declared.subject=$PRINCIPAL" \ | jq -

    More Info:

    DataTrails Event vCon Template →
    \ No newline at end of file +

    More Info:

    DataTrails Event vCon Template →
    \ No newline at end of file diff --git a/developers/templates/vcons/index.html b/developers/templates/vcons/index.html index 683547dff..afe9015ad 100644 --- a/developers/templates/vcons/index.html +++ b/developers/templates/vcons/index.html @@ -128,4 +128,4 @@ curl -g -X GET -H "@$HOME/.datatrails/bearer-token.txt" \ "$DATATRAILS_EVENTS_URL?event_attributes.subject=vcon://$VCON&principal_declared.issuer=https://app.datatrails.ai/appidpv1&principal_declared.subject=$PRINCIPAL" \ | jq -

    More Info:

    ← SCITT vCon Template
    Creating Access Tokens Using a Custom Integration →
    \ No newline at end of file +

    More Info:

    ← SCITT vCon Template
    Creating Access Tokens Using a Custom Integration →
    \ No newline at end of file diff --git a/developers/yaml-reference/assets/index.html b/developers/yaml-reference/assets/index.html index 32e7a598a..f7e3160e0 100644 --- a/developers/yaml-reference/assets/index.html +++ b/developers/yaml-reference/assets/index.html @@ -84,4 +84,4 @@ description: Wait for all Assets in the wipp namespace to be confirmed attrs: arc_namespace: wipp -

    ← YAML Runner Components
    Events YAML Runner →
    \ No newline at end of file +

    ← YAML Runner Components
    Events YAML Runner →
    \ No newline at end of file diff --git a/developers/yaml-reference/compliance/index.html b/developers/yaml-reference/compliance/index.html index 6f8b8949b..f372f5091 100644 --- a/developers/yaml-reference/compliance/index.html +++ b/developers/yaml-reference/compliance/index.html @@ -30,4 +30,4 @@ description: Check Compliance of EV pump 1. report: true asset_label: ev pump 1 -

    ← Subjects YAML Runner
    Estate Information YAML Runner →
    \ No newline at end of file +

    ← Subjects YAML Runner
    Estate Information YAML Runner →
    \ No newline at end of file diff --git a/developers/yaml-reference/estate-info/index.html b/developers/yaml-reference/estate-info/index.html index a6f1a471c..f381803a4 100644 --- a/developers/yaml-reference/estate-info/index.html +++ b/developers/yaml-reference/estate-info/index.html @@ -14,4 +14,4 @@ - step: action: COMPOSITE_ESTATE_INFO description: Estate Info Report -

    ← Compliance Policies YAML Runner
    Caps API →
    \ No newline at end of file +

    ← Compliance Policies YAML Runner
    Caps API →
    \ No newline at end of file diff --git a/developers/yaml-reference/events/index.html b/developers/yaml-reference/events/index.html index bea4271d5..f21489a64 100644 --- a/developers/yaml-reference/events/index.html +++ b/developers/yaml-reference/events/index.html @@ -90,4 +90,4 @@ arc_display_type: open asset_attrs: arc_display_type: door -

    ← Assets YAML Runner
    Locations YAML Runner →
    \ No newline at end of file +

    ← Assets YAML Runner
    Locations YAML Runner →
    \ No newline at end of file diff --git a/developers/yaml-reference/index.html b/developers/yaml-reference/index.html index 60c6addb8..18cec04b4 100644 --- a/developers/yaml-reference/index.html +++ b/developers/yaml-reference/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/developers/yaml-reference/locations/index.html b/developers/yaml-reference/locations/index.html index 2df60f7ae..15e7e31bd 100644 --- a/developers/yaml-reference/locations/index.html +++ b/developers/yaml-reference/locations/index.html @@ -44,4 +44,4 @@ print_response: true attrs: director: John Smith -

    ← Events YAML Runner
    Subjects YAML Runner →
    \ No newline at end of file +

    ← Events YAML Runner
    Subjects YAML Runner →
    \ No newline at end of file diff --git a/developers/yaml-reference/story-runner-components/index.html b/developers/yaml-reference/story-runner-components/index.html index aaf523667..c7d1d0687 100644 --- a/developers/yaml-reference/story-runner-components/index.html +++ b/developers/yaml-reference/story-runner-components/index.html @@ -24,4 +24,4 @@ --client-id <your-client-id> \ --client-secret <your-client-secret> \ <path-to-yaml-file> -

    ← Tenancies API
    Assets YAML Runner →
    \ No newline at end of file +

    ← Tenancies API
    Assets YAML Runner →
    \ No newline at end of file diff --git a/developers/yaml-reference/subjects/index.html b/developers/yaml-reference/subjects/index.html index 711ffa757..1a2fa7dfc 100644 --- a/developers/yaml-reference/subjects/index.html +++ b/developers/yaml-reference/subjects/index.html @@ -91,4 +91,4 @@ print_response: true subject_label: A subject `` -

    ← Locations YAML Runner
    Compliance Policies YAML Runner →
    \ No newline at end of file +

    ← Locations YAML Runner
    Compliance Policies YAML Runner →
    \ No newline at end of file diff --git a/glossary/common-datatrails-terms/index.html b/glossary/common-datatrails-terms/index.html index 6e45da49c..c0267e8c3 100644 --- a/glossary/common-datatrails-terms/index.html +++ b/glossary/common-datatrails-terms/index.html @@ -8,4 +8,4 @@

    Common DataTrails Terms

    Select a term for more information.

    TermDefinition
    ABACAttribute-Based Access Control; policy that allows you to grant fine-grain access to members of your Tenancy
    access policygrants chosen Asset and Event access to stakeholders
    actorperson/machine/software integration that created a particular entry on the provenance record
    administratoruser with permission to see all Asset and Event information within a Tenancy, and to grant access to other users
    anchoredSimple Hash events are committed to the blockchain by hashing them in batches. The hash recorded on the chain is called the anchor
    asseta DataTrails Asset is an entry in your tenancy, which has a collection of attributes that describes its current state and a complete life history of Events
    asset attributeskey-value pairs that represent information about an Asset
    asset IDthe permanent unique identifier for an Asset, under which all provenance information (Events) can be found
    audit traila formal record of activities (Events) that are made against a piece of data (an Asset)
    bearer tokenaccess token for DataTrails API; created using Custom Integration credentials
    behaviorsdetail what class of events in an Asset lifecycle you might wish to record
    compliance policyuser-defined rule sets that Assets can be tested against
    custom integrationclient ID and client secret credentials that are used to access the DataTrails API. Formerly known as an App Registration
    document hashcryptographic ‘fingerprint’ of a file or document that proves it is unmodified
    document statuswhen dealing with Document profile Assets in DataTrails you can attach certain lifecycle stage metadata to them such as ‘Draft’, ‘Published’, or ‘Withdrawn’ in order to properly convey whether or not someone checking provenance of the document should rely on a particular version
    eventtracks key moments of an Asset lifecycle; details of Who Did What When to an Asset
    event attributeskey-value pairs that represent information about an Event
    event IDunique identifier for an entry in the provenance record that means it can be shared and found later
    event typeevents in DataTrails are labeled with a ’type’ that signify what kind of evidence they relate to, for instance a ‘Publish’ event on a document, or a ‘Shipping’ event on physical goods. Event types can be very useful for defining access control rules as well as filtering the audit trail for specific kinds of information
    integrationbuilt-in API functionality that allows DataTrails to connect to third party products such as Dropbox
    leafa leaf is the term used for a node in the Merkle tree. It is labeled with a hash of the data block that it contains. Each leaf is stored in a massif
    linked foldera folder that has been selected to be linked to DataTrails during the configuration of an Integration
    massifthe Merkle log is divided into massifs each of which stores the verification data for a fixed number of leaves
    Merkle logthe Merkle log is the name for the verifiable data structure that is used by DataTrails to store the Event transaction data. It is append only and is based on a type of Merkle tree that is built from multiple massifs
    Merkle Mountain Range (MMR)As the massifs grow and multiply, the structure is called a Merkle Mountain Range (MMR) representing the multiple peaks. Its key characteristic is that previously added values, and also the organization of those values, does not change as new entries are appended to the log
    metadatastructured information about a file. In DataTrails this metadata is recorded in the Asset and Event attributes
    OBACOrganization-Based Access Control; policy allows sharing with the Administrator of another organization
    operationclass of Event being recorded
    organizationany entity with a distinct DataTrails account who publishes or verifies provenance information on the platform
    principal_acceptedthe actual user principal information belonging to the credential used to access the DataTrails REST interface
    principal_declaredan optional user-supplied value that tells who performed an Event
    proof mechanismmethod by which information on the DataTrails tamper evident ledger can be verified
    provenancethe version and ownership history of a piece of data. With DataTrails this is an immutable audit trail to prove Who Did What When to any piece of data
    public assetAssets that can be used to publicly assert data, accessible by URL without the need for a DataTrails account
    selectoridentifying attribute the Yaml Runner will use to check if your Asset exists already before attempting to create it
    simple hashProof Mechanism that commits information to the DataTrails blockchain in batches; value can confirm that information in the batch has not changed
    tenancyan organization’s private area within DataTrails, containing Asset and Event data
    tenant display namedisplayed only within own Tenancy for easy identification and switching
    tenant_acceptedthe time an event was actually received on the DataTrails REST interface
    tenant_committedthe time an event was confirmed distributed to all DLT nodes in the value chain
    tenant_declaredan optional user-supplied value that tells when an Event happened
    transactionfinal commitment of data to the Distributed Ledger Technology so that it is sealed and cannot be modified, tampered or erased
    unlinked foldera folder that has not been selected to be linked to DataTrails during the configuration or reconfiguration of an Integration
    verified domaintenancy name visible to others in place of the tenancy ID when viewing the Asset Overview of a public Asset or a shared private Asset. Must be verified by the DataTrails team
    verified organizationan organization which has paid to have their domain verified and displayed in place of their tenancy ID in Instaproof results and in the Asset Overview
    versionwhen dealing with Document profile Assets in DataTrails you can differentiate ‘final’ or ‘published’ versions of a document from other provenance information such as reviews or downloads

    Reserved Attributes →
    \ No newline at end of file +Glossary

    Common DataTrails Terms

    Select a term for more information.

    TermDefinition
    ABACAttribute-Based Access Control; policy that allows you to grant fine-grain access to members of your Tenancy
    access policygrants chosen Asset and Event access to stakeholders
    actorperson/machine/software integration that created a particular entry on the provenance record
    administratoruser with permission to see all Asset and Event information within a Tenancy, and to grant access to other users
    anchoredSimple Hash events are committed to the blockchain by hashing them in batches. The hash recorded on the chain is called the anchor
    asseta DataTrails Asset is an entry in your tenancy, which has a collection of attributes that describes its current state and a complete life history of Events
    asset attributeskey-value pairs that represent information about an Asset
    asset IDthe permanent unique identifier for an Asset, under which all provenance information (Events) can be found
    audit traila formal record of activities (Events) that are made against a piece of data (an Asset)
    bearer tokenaccess token for DataTrails API; created using Custom Integration credentials
    behaviorsdetail what class of events in an Asset lifecycle you might wish to record
    compliance policyuser-defined rule sets that Assets can be tested against
    custom integrationclient ID and client secret credentials that are used to access the DataTrails API. Formerly known as an App Registration
    document hashcryptographic ‘fingerprint’ of a file or document that proves it is unmodified
    document statuswhen dealing with Document profile Assets in DataTrails you can attach certain lifecycle stage metadata to them such as ‘Draft’, ‘Published’, or ‘Withdrawn’ in order to properly convey whether or not someone checking provenance of the document should rely on a particular version
    eventtracks key moments of an Asset lifecycle; details of Who Did What When to an Asset
    event attributeskey-value pairs that represent information about an Event
    event IDunique identifier for an entry in the provenance record that means it can be shared and found later
    event typeevents in DataTrails are labeled with a ’type’ that signify what kind of evidence they relate to, for instance a ‘Publish’ event on a document, or a ‘Shipping’ event on physical goods. Event types can be very useful for defining access control rules as well as filtering the audit trail for specific kinds of information
    integrationbuilt-in API functionality that allows DataTrails to connect to third party products such as Dropbox
    leafa leaf is the term used for a node in the Merkle tree. It is labeled with a hash of the data block that it contains. Each leaf is stored in a massif
    linked foldera folder that has been selected to be linked to DataTrails during the configuration of an Integration
    massifthe Merkle log is divided into massifs each of which stores the verification data for a fixed number of leaves
    Merkle logthe Merkle log is the name for the verifiable data structure that is used by DataTrails to store the Event transaction data. It is append only and is based on a type of Merkle tree that is built from multiple massifs
    Merkle Mountain Range (MMR)As the massifs grow and multiply, the structure is called a Merkle Mountain Range (MMR) representing the multiple peaks. Its key characteristic is that previously added values, and also the organization of those values, does not change as new entries are appended to the log
    metadatastructured information about a file. In DataTrails this metadata is recorded in the Asset and Event attributes
    OBACOrganization-Based Access Control; policy allows sharing with the Administrator of another organization
    operationclass of Event being recorded
    organizationany entity with a distinct DataTrails account who publishes or verifies provenance information on the platform
    principal_acceptedthe actual user principal information belonging to the credential used to access the DataTrails REST interface
    principal_declaredan optional user-supplied value that tells who performed an Event
    proof mechanismmethod by which information on the DataTrails tamper evident ledger can be verified
    provenancethe version and ownership history of a piece of data. With DataTrails this is an immutable audit trail to prove Who Did What When to any piece of data
    public assetAssets that can be used to publicly assert data, accessible by URL without the need for a DataTrails account
    selectoridentifying attribute the Yaml Runner will use to check if your Asset exists already before attempting to create it
    simple hashProof Mechanism that commits information to the DataTrails blockchain in batches; value can confirm that information in the batch has not changed
    tenancyan organization’s private area within DataTrails, containing Asset and Event data
    tenant display namedisplayed only within own Tenancy for easy identification and switching
    tenant_acceptedthe time an event was actually received on the DataTrails REST interface
    tenant_committedthe time an event was confirmed distributed to all DLT nodes in the value chain
    tenant_declaredan optional user-supplied value that tells when an Event happened
    transactionfinal commitment of data to the Distributed Ledger Technology so that it is sealed and cannot be modified, tampered or erased
    unlinked foldera folder that has not been selected to be linked to DataTrails during the configuration or reconfiguration of an Integration
    verified domaintenancy name visible to others in place of the tenancy ID when viewing the Asset Overview of a public Asset or a shared private Asset. Must be verified by the DataTrails team
    verified organizationan organization which has paid to have their domain verified and displayed in place of their tenancy ID in Instaproof results and in the Asset Overview
    versionwhen dealing with Document profile Assets in DataTrails you can differentiate ‘final’ or ‘published’ versions of a document from other provenance information such as reviews or downloads

    Reserved Attributes →
    \ No newline at end of file diff --git a/glossary/index.html b/glossary/index.html index 4f80a6197..09e69b5cc 100644 --- a/glossary/index.html +++ b/glossary/index.html @@ -5,4 +5,4 @@

    Glossary

    Select an option to to find out more about the terms used by DataTrails.

    • Common DataTrails Terms: A list of terms used by DataTrails.
    • Reserved Attributes: A list of Asset attributes that are used by the DataTrails platform and have a specific purpose.

    \ No newline at end of file +Sign Up

    Glossary

    Select an option to to find out more about the terms used by DataTrails.

    • Common DataTrails Terms: A list of terms used by DataTrails.
    • Reserved Attributes: A list of Asset attributes that are used by the DataTrails platform and have a specific purpose.

    \ No newline at end of file diff --git a/glossary/reserved-attributes/index.html b/glossary/reserved-attributes/index.html index 3d0501773..efa31685c 100644 --- a/glossary/reserved-attributes/index.html +++ b/glossary/reserved-attributes/index.html @@ -10,4 +10,4 @@

    Reserved Attributes

    Reserved attributes are asset attributes that are used by the DataTrails platform and have a specific purpose. All reserved attributes have the arc_ prefix.

    Select an attribute to see an example of it in use.

    Asset Attributes

    AttributeMeaning
    arc_descriptionbrief description of Asset or Event being recorded
    arc_display_namefriendly name identifier for Assets, Events, and policies
    arc_display_typeclassification of the type of Asset being traced that can be used for grouping or access control
    arc_home_location_identityphysical location to which an Asset nominally ‘belongs’. NOT related to the Asset’s position in space. For that, use arc_gis_* (below)
    arc_primary_imagean image attachment that will display as the thumbnail of an Asset

    Event Attributes

    AttributeMeaning
    arc_correlation_valuelinks Events together for evaluation in Compliance Policies
    arc_gis_lattags the Event as having happened at a particular latitude. Used in the DataTrails UI for mapping
    arc_gis_lngtags the Event as having happened at a particular longitude. Used in the DataTrails UI for mapping
    arc_descriptionbrief description of the Event being recorded
    arc_display_typeclassification of the type of Event being performed that can be used for grouping or access control
    arc_primary_imagean image attachment that will display as the thumbnail of the Event

    ← Common DataTrails Terms
    \ No newline at end of file +Glossary

    Reserved Attributes

    Reserved attributes are asset attributes that are used by the DataTrails platform and have a specific purpose. All reserved attributes have the arc_ prefix.

    Select an attribute to see an example of it in use.

    Asset Attributes

    AttributeMeaning
    arc_descriptionbrief description of Asset or Event being recorded
    arc_display_namefriendly name identifier for Assets, Events, and policies
    arc_display_typeclassification of the type of Asset being traced that can be used for grouping or access control
    arc_home_location_identityphysical location to which an Asset nominally ‘belongs’. NOT related to the Asset’s position in space. For that, use arc_gis_* (below)
    arc_primary_imagean image attachment that will display as the thumbnail of an Asset

    Event Attributes

    AttributeMeaning
    arc_correlation_valuelinks Events together for evaluation in Compliance Policies
    arc_gis_lattags the Event as having happened at a particular latitude. Used in the DataTrails UI for mapping
    arc_gis_lngtags the Event as having happened at a particular longitude. Used in the DataTrails UI for mapping
    arc_descriptionbrief description of the Event being recorded
    arc_display_typeclassification of the type of Event being performed that can be used for grouping or access control
    arc_primary_imagean image attachment that will display as the thumbnail of the Event

    ← Common DataTrails Terms
    \ No newline at end of file diff --git a/index.html b/index.html index 726f20209..9d7752438 100644 --- a/index.html +++ b/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/index.min.0cf3565971ffba2a3241cb4d145f60263f11845f25692d19b2f1d554d6a6940463da4454581b56436e81f8ad67f395132faed330c41e2aae60ea9a5375e8f462.js b/index.min.948a4f9e7e141b0b4a617239b649492e9f1d27f53dabeeccc705c55fbf627a7f6ddd057155aa1fb13e9d4b4c5804b12623ccb7920260a7dc1e75ad7792360192.js similarity index 98% rename from index.min.0cf3565971ffba2a3241cb4d145f60263f11845f25692d19b2f1d554d6a6940463da4454581b56436e81f8ad67f395132faed330c41e2aae60ea9a5375e8f462.js rename to index.min.948a4f9e7e141b0b4a617239b649492e9f1d27f53dabeeccc705c55fbf627a7f6ddd057155aa1fb13e9d4b4c5804b12623ccb7920260a7dc1e75ad7792360192.js index 50234b747..f92851d41 100644 --- a/index.min.0cf3565971ffba2a3241cb4d145f60263f11845f25692d19b2f1d554d6a6940463da4454581b56436e81f8ad67f395132faed330c41e2aae60ea9a5375e8f462.js +++ b/index.min.948a4f9e7e141b0b4a617239b649492e9f1d27f53dabeeccc705c55fbf627a7f6ddd057155aa1fb13e9d4b4c5804b12623ccb7920260a7dc1e75ad7792360192.js @@ -19980,27 +19980,40 @@ This includes previously registered statements, and newly registered statements

    1. Create a Python Virtual Environment for the sample scripts and install the dependencies

      -
      python -m  venv venv && \\
+
      python -m venv venv && \\
 source venv/bin/activate && \\
+trap deactivate EXIT && \\
 pip install --upgrade pip && \\
 pip install -r requirements.txt
+
        
+
      • 
+
        Note: If you receive errors, delete the venv directory and try again:
        
+
        rm -r -f venv/
 
        • 
+
      
+

    2. To ease copying and pasting commands, update any variables to fit your environment

      # your identity
 ISSUER="sample.synsation.io"
 
 # signing key to sign the SCITT Statements
-SIGNING_KEY="my-signing-key.pem"
+SIGNING_KEY="/tmp/my-signing-key.pem"
 
 # File representing the signed statement to be registered
-SIGNED_STATEMENT_FILE="signed-statement.cbor"
+SIGNED_STATEMENT_FILE="/tmp/signed-statement.cbor"
 
 # File representing the transparent statement, which includes the signed statement and the registration receipt
-TRANSPARENT_STATEMENT_FILE="transparent-statement.cbor"
+TRANSPARENT_STATEMENT_FILE="/tmp/transparent-statement.cbor"
 
-# Subject is a property used to correlate a collection of statements about an artifact
+# Property used to correlate a collection of statements about an artifact
 SUBJECT="my-product-id"
+
+# Sub Directory for SCITT scripts
+SCRIPTS="datatrails_scitt_samples/scripts/"
+
+# For local script execution, help Python find the modules
+export PYTHONPATH="\${PYTHONPATH}:$SCRIPTS"

    Create a Signing Key

    @@ -20012,62 +20025,91 @@ This includes previously registered statements, and newly registered statements 
    openssl ecparam -name prime256v1 -genkey -out $SIGNING_KEY

    Generate a Payload

    Create any payload you wish to register on DataTrails.

    -
    cat > payload.json <<EOF
+
    cat > /tmp/payload.json <<EOF
 {
     "author": "fred",
     "title": "my biography",
     "reviews": "mixed"
 }
 EOF
+
    Create Metadata
    
+
    
+DataTrails Event Attributes can be associated with a SCITT Statement, enabling indexing and retrieval.
    
+
    Create metadata with a dictionary of key:value pairs.
    
+
    HASH=$(sha256sum "/tmp/payload.json" | cut -d ' ' -f 1)
+cat > /tmp/metadata.json <<EOF
+{
+  "payload_hash": "$HASH",
+  "timestamp_declared": "2024-11-01T12:24:42.012345",
+  "sample_version": "0.1.1",
+  "project": 25,
+  "location": "Seattle, WA"
+}
+EOF
 
    Create a COSE Signed Statement
    
 
    Create a COSE Signed Statement, hashing the content of the payload.json file.
 The payload may already be stored in another storage/package manager, which can be referenced with the --location-hint parameter.
    
-
    python scitt/create_hashed_signed_statement.py \\
+
+
    python \${SCRIPTS}create_hashed_signed_statement.py \\
   --content-type "application/json" \\
   --issuer $ISSUER \\
-  --payload-file payload.json \\
+  --metadata-file "/tmp/metadata.json" \\
+  --output-file $SIGNED_STATEMENT_FILE \\
+  --payload-file /tmp/payload.json \\
   --payload-location "https://storage.example/$SUBJECT" \\
   --signing-key-file $SIGNING_KEY \\
-  --subject $SUBJECT \\
-  --output-file $SIGNED_STATEMENT_FILE
-
    Register the SCITT Statement on DataTrails
    
+      --subject $SUBJECT
+
    Register the SCITT Signed Statement on DataTrails
    
 
      
 
    1. 
 
      Submit the Signed Statement to DataTrails, using the credentials in the DATATRAILS_CLIENT_ID and DATATRAILS_CLIENT_SECRET.
      
-
      python scitt/register_signed_statement.py \\
-  --signed-statement-file signed-statement.cbor \\
+
      python \${SCRIPTS}register_signed_statement.py \\
+  --signed-statement-file $SIGNED_STATEMENT_FILE \\
   --output-file $TRANSPARENT_STATEMENT_FILE \\
   --log-level INFO
 
      2. 
 
    2. 
 
      View the Transparent Statement, as a result of registering the Signed Statement
      
-
      python scitt/dump_cbor.py \\
-  --input transparent-statement.cbor
-
      3. 
-
    3. 
-
      Verify the signature of the receipt
      
-
      python scitt/verify_receipt_signature.py \\
-  --transparent-statement-file $TRANSPARENT_STATEMENT_FILE
+
      python datatrails_scitt_samples/dump_cbor.py \\
+  --input $TRANSPARENT_STATEMENT_FILE
 
      4. 
 
    
+
 
    Retrieve Statements for the Artifact
    
 
    The power of SCITT is the ability to retrieve the history of statements made for a given artifact.
 By querying the series of statements, consumers can verify who did what and when for a given artifact.
    
 
      
 
    1. 
 
      Query DataTrails for the collection of statements
      
-
      curl -H @$HOME/.datatrails/bearer-token.txt \\
-  https://app.datatrails.ai/archivist/v2/publicassets/-/events?event_attributes.subject=$SUBJECT | jq
+
      PARAMS="event_attributes.subject=\${SUBJECT}&page_size=3"
+curl "https://app.datatrails.ai/archivist/v2/publicassets/-/events?\${PARAMS}" \\
+  | jq
 
      2. 
 
    
-
    
-    
     Coming soon: Filter on specific content types, such as what SBOMs have been registered, or which issuers have made statements.
    
-  
    
 
    Summary
    
 
    The quickstart created a collection of statements for a given artifact.
 Over time, as new information is available, authors can publish new statements which verifiers and consumers can benefit from, making decisions specific to their environment.
    
-
    There are no limits to the types of additional statements that may be registered, which may include new vulnerability information, notifications of new versions, end of life (EOL) notifications, or more.
-By using the content-type parameter, verifiers can filter to specific types, filter statements by the issuer, or other headers & metadata.
    
+
    There are no limits to the types of additional statements that may be registered, which may include new information related to an AI Model, new vulnerability information, notifications of new versions, end of life (EOL) notifications, or more.
    
 
    For more information:
    
 
 
      
@@ -22871,7 +22913,7 @@ within the product, but its possible to retrieve and modify some configs program
                   
      
                       
                   
      
@@ -22879,11 +22921,11 @@ within the product, but its possible to retrieve and modify some configs program
                   
      
                     
      
                       
      
-                      
      get  /archivist/v1/tenancies/archivist/v1/tenancies/root_principals
      
+                      
      get  /archivist/v1/tenancies/archivist/v1/tenancies/self
      
                       
      
-                      
      Fetch the current list of tenant root user principals
      
+                      
      Get tenant record
      
                       
      
-                      
      Description: Fetch the current list of tenant root user principals.
      
+                      
      Description: Returns an administrator’s view of tenant for which they’re authenticated
      
 
                       
 
@@ -22903,14 +22945,17 @@ within the product, but its possible to retrieve and modify some configs program
                                 
      
                                   
      
                                     
      {
-  "root_principals": [
-    {
-      "display_name": "Bob Smith",
-      "email": "bob@job",
-      "issuer": "job.idp.server/1234",
-      "subject": "08838336-c357-460d-902a-3aba9528dd22"
-    }
-  ]
+  "display_name": "My First Tenancy",
+  "enterprise_sso_config": {
+    "client_id": "foo",
+    "client_secret": "",
+    "config_url": "foo",
+    "issuer": "foo",
+    "policy_id": "foo"
+  },
+  "enterprise_sso_enabled": true,
+  "identity": "tenant/08838336-c357-460d-902a-3aba9528dd22",
+  "verified_domain": "foo.com"
 }
      
                                   
      
                                 
      
@@ -22927,171 +22972,38 @@ within the product, but its possible to retrieve and modify some configs program
                               
                                 
                                 
-                                  root_principals
-                                  array
+                                  display_name
+                                  string
                                   
-                                    
-                                    
-                                    
-                                    The principal description assured by the configured Identity  Provider. All values are according to OIDC id token claims and  standard claims.  See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+                                    Customer friendly name for the tenant.
                                   
                                 
-                              
-                            
-                          
-                        
-                      
-                        
-                      
-                        
-                      
-
-                      
-                        
-                          
-                            
-                            
-                          
-                        
-                        
-                          
-                            
-                          
-                            
-                          
-                            
-                          
-                        
-                      
      ResponsesDescription
      200A successful response.
      401Returned when the user is not authenticated to the system.
      403Returned when the user is not authorized to update the root principals.
      
-
-                    
      
-                  
      
-
    - - - - - -
    -

    - -

    -
    -
    -
    -
    -

    patch  /archivist/v1/tenancies/archivist/v1/tenancies/root_principals

    -
    -
    Update the list of tenant root user principals
    -

    -

    Description: Replace the list of tenant root user principals. Note that you are not able to remove yourself from the list.

    - - - - - - - -
    -

    - -

    -
    -
    -
    - 
    {
-  "root_principals": [
-    {
-      "display_name": "Bob Smith",
-      "email": "bob@job",
-      "issuer": "job.idp.server/1234",
-      "subject": "08838336-c357-460d-902a-3aba9528dd22"
-    }
-  ]
-}
    -
    -
    -
    -
    - - - - - - - - - + + + - - - - - - - - - + - -
    ParameterTypeDescription
    enterprise_sso_config
    root_principalsarrayThe principal description assured by the configured Identity Provider. All values are according to OIDC id token claims and standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
    - - - - - - - - - - -
    -

    - -

    -
    -
    -
    - 
    {
-  "root_principals": [
-    {
-      "display_name": "Bob Smith",
-      "email": "bob@job",
-      "issuer": "job.idp.server/1234",
-      "subject": "08838336-c357-460d-902a-3aba9528dd22"
-    }
-  ]
-}
    -
    -
    -
    -
    - - + - - - - - - + + + + + - - + + - - - - + + + + + + + + @@ -23117,11 +23029,11 @@ within the product, but its possible to retrieve and modify some configs program - + - +
    Response ParameterTypeDescription
    enterprise_sso_enabledboolean
    root_principalsarrayidentitystringThe principal description assured by the configured Identity Provider. All values are according to OIDC id token claims and standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaimstenant identity {UUID}
    verified_domainstring
    200A successful response.
    400Returned when the request is badly formed. Including, but not limited to, attempting to remove yourself as a root uesr principal.
    400Supplied parameters were invalid
    401Returned when the user is not authenticated to the system.
    403Returned when the user is not authorized to update the root principals.
    403Returned when the user is not authorized to retrieve the tenant id.
    @@ -23132,29 +23044,31 @@ within the product, but its possible to retrieve and modify some configs program
    - -
    -

    -

    -
    +
    -

    get  /archivist/v1/tenancies/archivist/v1/tenancies/self

    +

    patch  /archivist/v1/tenancies/archivist/v1/tenancies/self

    -
    Get tenant record
    +
    Update tenant record

    -

    Description: Returns an administrator’s view of tenant for which they’re authenticated

    +

    Description: Enables a root principal of the tenant to update the tenant record.

    + + + + @@ -23163,12 +23077,12 @@ within the product, but its possible to retrieve and modify some configs program
    -

    -

    -
    + 
    {
@@ -23244,6 +23158,8 @@ within the product, but its possible to retrieve and modify some configs program
                       
                         
                       
+                        
+                      
 
                       
@@ -23256,11 +23172,13 @@ within the product, but its possible to retrieve and modify some configs program
                           
                             
                           
-                            
+                            
                           
-                            
+                            
+                          
+                            
    
                         
    200A successful response.
    400Supplied parameters were invalid
    400Returned when the request is badly formed.
                           
                             
    401Returned when the user is not authenticated to the system.
    403Returned when the user is not authorized to retrieve the tenant id.
    403Returned when the user is not authorized to perform this action.
    404Returned when the referenced tenant does not exist.
                           
                         
                       
    
@@ -23271,31 +23189,31 @@ within the product, but its possible to retrieve and modify some configs program
    + +
    -

    -

    -
    +
    -

    patch  /archivist/v1/tenancies/archivist/v1/tenancies/self

    +

    get  /archivist/v1/tenancies/archivist/v1/tenancies/{uuid}:publicinfo

    -
    Update tenant record
    +
    Public Tenant Information.

    -

    Description: Enables a root principal of the tenant to update the tenant record.

    +

    Description: Return the publically avaialble tenant information.

    - - @@ -23304,26 +23222,17 @@ within the product, but its possible to retrieve and modify some configs program
    -

    -

    -
    + 
    {
-  "display_name": "My First Tenancy",
-  "enterprise_sso_config": {
-    "client_id": "foo",
-    "client_secret": "",
-    "config_url": "foo",
-    "issuer": "foo",
-    "policy_id": "foo"
-  },
-  "enterprise_sso_enabled": true,
-  "identity": "tenant/08838336-c357-460d-902a-3aba9528dd22",
-  "verified_domain": "foo.com"
+  "identity": "tenant/add30235-1424-4fda-840a-d5ef82c4c96f",
+  "verified_domain": "exampleltd"
 }
    @@ -23340,33 +23249,12 @@ within the product, but its possible to retrieve and modify some configs program - display_name + identity string - Customer friendly name for the tenant. - - - - enterprise_sso_config - - - - - - - enterprise_sso_enabled - boolean - - - identity - string - - tenant identity {UUID} - - verified_domain string @@ -23379,14 +23267,6 @@ within the product, but its possible to retrieve and modify some configs program - - - - - - - - @@ -23399,14 +23279,6 @@ within the product, but its possible to retrieve and modify some configs program - - - - - - - -
    200A successful response.
    400Returned when the request is badly formed.
    401Returned when the user is not authenticated to the system.
    403Returned when the user is not authorized to perform this action.
    404Returned when the referenced tenant does not exist.
    @@ -23417,640 +23289,118 @@ within the product, but its possible to retrieve and modify some configs program - - - -
    -

    - -

    -
    -
    -
    -
    -

    get  /archivist/v1/tenancies/archivist/v1/tenancies/users

    -
    -
    List Users
    -

    -

    Description: Returns a list of Users active in or invited to the tenant.

    - - - - - - - - - - - - - - - - - -
    -

    - -

    -
    -
    -
    - 
    {
-  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR",
-  "users": [
-    {
-      "email": "frank123@example.com",
-      "identity": "users/87d349ed-44d7-43e1-9a83-5f2406dee5bd",
-      "issuer": "frank@example.com",
-      "subject": "franky123",
-      "user_status": "ACTIVE"
-    }
-  ]
-}
    -
    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Response ParameterTypeDescription
    next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
    usersarrayUser Data
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ResponsesDescription
    200A successful response.
    400Returned when the request is badly formed.
    401Returned when the user is not authenticated to the system.
    403Returned when the user is not authorized to read the users.
    404Returned when the identified users don’t exist.
    500Returned when the underlying storage system returns an error.
    +
    -
    -
    -
    -
    - - - - - - -
    -

    - -

    -
    -
    -
    -
    -

    delete  /archivist/v1/tenancies/archivist/v1/tenancies/users/{user_uuid}

    -
    -
    Deletes User
    -

    -

    Description: Deletes a User from the tenancy.

    +

    +`},{id:39,href:"https://docs.datatrails.ai/developers/yaml-reference/story-runner-components/",title:"YAML Runner Components",description:"Common Keys Used for the Yaml Runner",content:`
    +

    Note: To use the YAML Runner you will need to install the datatrails-archivist python package.

    +

    +Click here for installation instructions.

    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    KeyValue
    actionRequired for every operation, the action specifies what function will be performed.
    descriptionOptional string that describes what the step is doing. For example, “Create the Asset My First Container”.
    asset_labelFor a series of steps run as one file, the Asset label could be a friendly name used by later steps to refer back to an Asset created in a previous step. If the Asset already exists, this field may be used to reference the Asset ID in the form assets/<asset-id>.
    location_labelFor a series of steps run as one file, the location label could be a friendly name used by later steps to refer back to a location created in a previous step. If the location already exists, this field may be used to reference the Location ID in the form locations/<location-id>.
    subject_labelFor a series of steps run as one file, the Subject label could be a friendly name used by later steps to refer back to a Subject created in a previous step. If the Subject already exists, this field may be used to reference the Subject ID in the form subjects/<subject-id>.
    print_responseSpecifying this field as true emits a JSON representation of the response, useful for debugging purposes.
    wait_timeOptional field specifying a number of seconds the story runner will pause before executing the next step. Useful for demonstration and/or testing Compliance Policies.
    +

    Each step of the YAML Runner follows the same general pattern:

    +
    ---
+steps:
+  - step:
+      action: ASSETS_CREATE
+      description: Create new EV Pump with id 1.
+      wait_time: 10
+      print_response: true
+      asset_label: Radiation bag 1
+      location_label: Cape Town
+    ...definition of request body and other parameters
+

    Depending on the action, some fields are required but others are optional. We will discuss each action in further detail in the upcoming sections.

    +

    Once you have created a YAML file with your desired steps, run the file using the archivist_runner command to execute the actions you defined. The command follows this format:

    +
    $ archivist_runner \\
+      -u https://app.datatrails.ai \\
+      --client-id <your-client-id> \\
+      --client-secret <your-client-secret> \\
+      <path-to-yaml-file>
+
    `},{id:40,href:"https://docs.datatrails.ai/developers/yaml-reference/assets/",title:"Assets YAML Runner",description:"Asset Actions Used with the Yaml Runner",content:`
    +

    Note: To use the YAML Runner you will need to install the datatrails-archivist python package.

    +

    +Click here for installation instructions.

    +
    +
    +

    Assets Create

    +

    Adding an asset_label allows your Asset to be referenced in later steps of the story. For example, if you want to add a Compliance Policy for the Asset after it is created.

    +

    The arc_namespace (for the Asset) and the namespace (for the location) are used to distinguish between Assets and Locations created between runs of the story. Usually, these field values are derived from an environment variable ARCHIVIST_NAMESPACE (default value is namespace).

    +

    The optional confirm: true entry means that the YAML Runner will wait for the Asset to be committed before moving on to the next step. This is beneficial if the Asset will be referenced in later steps.

    +

    For example:

    +
    ---
+steps:
+  - step:
+      action: ASSETS_CREATE
+      description: Create new EV Pump with id 1.
+      asset_label: ev pump 1
+    behaviours:
+      - RecordEvidence
+    attributes:
+      arc_display_name: ev pump 1
+      arc_display_type: pump
+      arc_namespace: wipp
+      ev_pump: "true"
+    confirm: false
+

    The output of this action is available in the +DataTrails UI:

    - - - - - - - - - - -
    -

    - -

    -
    -
    -
    - 
    {
-  "email": "frank123@example.com",
-  "identity": "users/87d349ed-44d7-43e1-9a83-5f2406dee5bd",
-  "issuer": "frank@example.com",
-  "subject": "franky123",
-  "user_status": "ACTIVE"
-}
    -
    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Response ParameterTypeDescription
    displayNamestringdisplay name for the user
    emailstringUser email.
    identitystringuser identity {UUID}
    issuerstringoptional issuer of the principal identity. Where the issuer is not provided the subject is treated as a free string
    subjectstringunique identifier of the principal (within issuer context)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ResponsesDescription
    200A successful response.
    400Returned when the request is badly formed.
    401Returned when the user is not authenticated to the system.
    403Returned when the user is not authorized to read the user.
    500Returned when the underlying storage system returns an error.
    +
    + + + +
    ASSETS_CREATE Output
    +
    -
    -
    -
    -
    - - - - - - -
    -

    - -

    -
    -
    -
    -
    -

    get  /archivist/v1/tenancies/archivist/v1/tenancies/{uuid}:publicinfo

    -
    -
    Public Tenant Information.
    -

    -

    Description: Return the publically avaialble tenant information.

    - - - - - - - - - -
    -

    - -

    -
    -
    -
    - 
    {
-  "identity": "tenant/add30235-1424-4fda-840a-d5ef82c4c96f",
-  "verified_domain": "exampleltd"
-}
    -
    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - -
    Response ParameterTypeDescription
    identitystring
    verified_domainstring
    - - - - - - - - - - - - - - - -
    ResponsesDescription
    200A successful response.
    -
    -
    -
    -
    - - +
    \ No newline at end of file diff --git a/platform/administration/index.html b/platform/administration/index.html index 087169dd7..5c237a6cf 100644 --- a/platform/administration/index.html +++ b/platform/administration/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/platform/administration/sharing-access-inside-your-tenant/index.html b/platform/administration/sharing-access-inside-your-tenant/index.html index a8ad4e085..0ca2fdfff 100644 --- a/platform/administration/sharing-access-inside-your-tenant/index.html +++ b/platform/administration/sharing-access-inside-your-tenant/index.html @@ -115,4 +115,4 @@ -H "Content-type: application/json" \ -d "@/path/to/jsonfile" \ https://app.datatrails.ai/archivist/iam/v1/access_policies -

  • Check the Asset is appropriately shared

    Mandy should only be allowed to see the Asset’s name, type, image, length, and weight attributes.

    Mandy's view as a Non-Administrator

    For comparison with our Administrator, Jill who can see everything:

    Jill's view as a Administrator

    • We can see that Mandy can only view the Attributes specified in the policy.

    Our Administrator, Jill, can see every detail associated with the Asset.

    ← Verified Domain
    Managing External Access to Your Tenant →
    \ No newline at end of file +

  • Check the Asset is appropriately shared

    Mandy should only be allowed to see the Asset’s name, type, image, length, and weight attributes.

    Mandy's view as a Non-Administrator

    For comparison with our Administrator, Jill who can see everything:

    Jill's view as a Administrator

    • We can see that Mandy can only view the Attributes specified in the policy.

    Our Administrator, Jill, can see every detail associated with the Asset.

    ← Verified Domain
    Managing External Access to Your Tenant →
    \ No newline at end of file diff --git a/platform/administration/sharing-access-outside-your-tenant/index.html b/platform/administration/sharing-access-outside-your-tenant/index.html index 79881e285..3eaa25a5a 100644 --- a/platform/administration/sharing-access-outside-your-tenant/index.html +++ b/platform/administration/sharing-access-outside-your-tenant/index.html @@ -121,4 +121,4 @@ -d "@/path/to/jsonfile" \ https://app.datatrails.ai/archivist/iam/v1/access_policies

  • Once complete, check the Asset is shared appropriately; Mandy should only be able to see the Name, Type and an Image of the container as well as the Asset’s custom weight and length attributes.

    Mandy's view as an Administrator of the External Organization
    By comparison, our Administrator, Jill, can see the full details of the Asset:
    Jill's view as an Administrator

  • If Mandy wishes to share what she can to Non-Administrators within her organization, it is her responsibility to create an ABAC Policy as she would any other Asset she has access to.

    There are many possible fine-grained controls and as such ABAC and OBAC Policy Creation is an extensive topic. To find out more, head over to the -IAM Policies API Reference.

    • ← Managing Internal Access to Your Tenant
    Dropbox Integration →
    \ No newline at end of file +IAM Policies API Reference.

    ← Managing Internal Access to Your Tenant
    Dropbox Integration →
    \ No newline at end of file diff --git a/platform/administration/verified-domain/index.html b/platform/administration/verified-domain/index.html index cf33904db..458b47dce 100644 --- a/platform/administration/verified-domain/index.html +++ b/platform/administration/verified-domain/index.html @@ -11,4 +11,4 @@ Tenant Display Name. Tenant display names are internal, appearing only within your own Tenancy, and are not visible to anyone you share with. A verified domain name must be set by the DataTrails team, and will be visible to actors outside your Tenancy.

    Why is it important to verify my organization’s domain?

    Getting your organization’s domain verified indicates that you are who you say you are. This helps close the trust gap inherent to information sharing between organizations or with the public.

    Without domain verification, the Organization is noted as the publisher’s Tenant ID. Verifying your domain not only shows that this information comes from a legitimate actor on behalf of the organization, but also replaces the Tenant ID with your domain name so consumers can more easily identify the publishing organization. For example, someone attesting information on behalf of DataTrails would have datatrails.ai.

    Organization without Verified Domain
    Organization with Verified Domain
    Note: You do not see the badge if you are logged into DataTrails.
    Organization seen when logged in

    How can I get my organization’s domain verified?

    The DataTrails team is happy to help you obtain your verified domain badge. Please contact support@datatrails.ai from an email address which includes the domain you wish to verify. For example, email us from @datatrails.ai to verify the datatrails.ai domain. We will send you a confirmation email to make sure that the details are correct.

    In order to protect our user community, it is important for us to verify that the person making the request is authorized to do so by the owner of the domain. We will carry out some internal checks based on the information that we have been given and we may request further evidence from you to prove that you own or control the domain in question. Typically, this will be in the form of public company information or domain registration records. Please be prepared to share this evidence with us.

    Checking the Verified Domain of an External Organization

    If an organization has a verified domain with DataTrails, it will be displayed when you view a Public Asset they have published. You may also retrieve this information via the API if you know the organization’s Tenant ID.

    curl -v -X GET \
      -H "@$HOME/.datatrails/bearer-token.txt" \
      https://app.datatrails.ai/archivist/v1/tenancies/{uuid}:publicinfo
-

    ← Identity and Access Management
    Managing Internal Access to Your Tenant →
    \ No newline at end of file +

    ← Identity and Access Management
    Managing Internal Access to Your Tenant →
    \ No newline at end of file diff --git a/platform/index.html b/platform/index.html index 8591d3a71..bbe814027 100644 --- a/platform/index.html +++ b/platform/index.html @@ -5,4 +5,4 @@

    Platform

    If you are new to DataTrails, this is the place to start.

    The foundations of understanding the DataTrails platform are explained in the Overview. This will introduce the main concepts and take you through registering the first Events of your Audit Trail.

    The Administration section will show you how to manage your Tenancy and control access to the Events you create.

    Check out the sub-sections below for more information!

    Overview →
    Core concepts and tasks
    Administration →
    Create users, set access rights and share Events
    \ No newline at end of file +Sign Up

    Platform

    If you are new to DataTrails, this is the place to start.

    The foundations of understanding the DataTrails platform are explained in the Overview. This will introduce the main concepts and take you through registering the first Events of your Audit Trail.

    The Administration section will show you how to manage your Tenancy and control access to the Events you create.

    Check out the sub-sections below for more information!

    Overview →
    Core concepts and tasks
    Administration →
    Create users, set access rights and share Events
    \ No newline at end of file diff --git a/platform/overview/advanced-concepts/index.html b/platform/overview/advanced-concepts/index.html index 4a4330941..4a61ed9a9 100644 --- a/platform/overview/advanced-concepts/index.html +++ b/platform/overview/advanced-concepts/index.html @@ -152,4 +152,4 @@ }

    Once applied the GIS coordinates on Events are immutable.

    That’s it

    These are all the basics of DataTrails. With this knowledge you can now jump straight into the API or try other topics on the -DataTrails Platform.

    ← Core Concepts
    Creating an Asset →
    \ No newline at end of file +DataTrails Platform.

    ← Core Concepts
    Creating an Asset →
    \ No newline at end of file diff --git a/platform/overview/core-concepts/index.html b/platform/overview/core-concepts/index.html index e375f253c..2a8947c67 100644 --- a/platform/overview/core-concepts/index.html +++ b/platform/overview/core-concepts/index.html @@ -18,4 +18,4 @@ Public View which is visible to everyone. The purpose of this view is to allow anyone to verify that the document that they are using is genuine and has not been altered. When the document Audit Trail is combined with Instaproof a user of your data can easily find out which version of a document they have and confirm that it is genuine.

    The Golden Thread

    Putting all these concepts together, it is possible to create a Golden Thread of evidence that makes up the Data Trails Audit Trail. -This has many use cases relating to content authenticity but can also be applied to supply chain integrity and standards compliance, or fact anything where stakeholders need transparency and trust.

    The Golden Thread

    ← Introduction
    Advanced Concepts →
    \ No newline at end of file +This has many use cases relating to content authenticity but can also be applied to supply chain integrity and standards compliance, or fact anything where stakeholders need transparency and trust.

    The Golden Thread

    ← Introduction
    Advanced Concepts →
    \ No newline at end of file diff --git a/platform/overview/creating-an-asset/index.html b/platform/overview/creating-an-asset/index.html index 999734a24..7cef83b90 100644 --- a/platform/overview/creating-an-asset/index.html +++ b/platform/overview/creating-an-asset/index.html @@ -153,4 +153,4 @@ -H "@$HOME/.datatrails/bearer-token.txt" \ https://app.datatrails.ai/archivist/v2/assets?attributes.arc_display_name=My%20First%20Container Here we see all details entered: The extended attributes and a history of Events recorded on the Asset.

    Note: After registration, Assets cannot be updated using the asset creation screens but an Asset’s Asset Attributes can be updated as part of an Event.

    For more information on creating Events, -click here.

    The first Event will always be the Asset Creation. In the next section, we will cover how to create your own Events for your Asset.

    ← Advanced Concepts
    Creating an Event Against an Asset →
    \ No newline at end of file +click here.

    The first Event will always be the Asset Creation. In the next section, we will cover how to create your own Events for your Asset.

    ← Advanced Concepts
    Creating an Event Against an Asset →
    \ No newline at end of file diff --git a/platform/overview/creating-an-event-against-an-asset/index.html b/platform/overview/creating-an-event-against-an-asset/index.html index c69accd0c..66e9b9fb6 100644 --- a/platform/overview/creating-an-event-against-an-asset/index.html +++ b/platform/overview/creating-an-event-against-an-asset/index.html @@ -153,4 +153,4 @@ -H "@$HOME/.datatrails/bearer-token.txt" \ https://app.datatrails.ai/archivist/v2/assets/<asset-id>/events/<event-id> Please see the -Administration section for information on how to manage your assets

    In the next section we look at a specific type of Asset, the Document Profile Asset.

    ← Creating an Asset
    Registering a Document Profile Asset →
    \ No newline at end of file +Administration section for information on how to manage your assets

    In the next section we look at a specific type of Asset, the Document Profile Asset.

    ← Creating an Asset
    Registering a Document Profile Asset →
    \ No newline at end of file diff --git a/platform/overview/index.html b/platform/overview/index.html index 645a822f7..10cca32ad 100644 --- a/platform/overview/index.html +++ b/platform/overview/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/platform/overview/instaproof/index.html b/platform/overview/instaproof/index.html index e94c33f61..3292337a7 100644 --- a/platform/overview/instaproof/index.html +++ b/platform/overview/instaproof/index.html @@ -12,4 +12,4 @@ Document Profile more more information.

    Using the Instaproof UI

    1. Using the sidebar, select Instaproofand then drag a document into the search area

      Instaproof Search Area

    2. Document not found
      If the document that you are verifying has not been found, you will see a red response banner.

      Document Not Found
      The possible reasons for this outcome are:

      • The document owner has not registered the document in their DataTrails tenancy
      • The document owner has not published this version of the document as an event
      • The document has been modified since it was registered with DataTrails


      In all cases you should contact the document owner to find out whether your document version can be trusted.

    3. Document Found

      Note: In this screenshot we are using the file greenfrog.jpg which can be downloaded from our Instaproof Samples page.
      If the document has been registered with DataTrails, you will see a green response banner together with a list of all the matching Document Profile Assets. This means that the version of the document that you have has a verifiable provenance record and an immutable audit trail.
      Document Found

    At the top of the image you can see the document that was checked and found on Instaproof.

    Note: We don’t need to access your document to find its provenance, everything that you see in the Instaproof results is held locally and was recorded by the document owner when the document was registered or events were recorded.

    You can check additional documents by dragging them on top of this area.

    Some of the results may be from verified organizations and others from unverified members of the DataTrails community. All results contribute something to the provenance and life history of this document.

    A Verified Organization has a verified domain associated with their DataTrails account. This helps to confirm the identity of the document source and is likely the thing to look for if you want ‘official’ provenance records. A Verified Domain can be used to link an identity (such as a company or a brand name) to a DataTrails Tenancy.

    The Other Results results are those from from unverified DataTrails accounts - other members of the DataTrails community who have made claims or observations about the document you’re interested in.

    While they may seem less ‘official’ than verified account results, they may still be useful to you. The identity of all users making attestations in DataTrails is checked, recorded, and immutable, even if they are not (yet) associated with a verified domain name.

    What Do the Instaproof Results Mean?

    Immutable Audit Trail

    Click on a result to see details of the document history. You will see the Event details of the version that matches your document on the right with a partial view of the Asset details for the latest version on the left. Close the Event details to see the full Asset details view.

    Asset Details Tab

    The Asset details tab shows the information about the asset attributes. -Includes the current version, the organization, and Verified Domain badge, if applicable.

    Public attestation and visibility - Public means that the document is publicly accessible using the public URL. Permissioned means that it is private and requires shared access to be enabled for a user to be able to view it.

    Type - For Document Profile Assets this will always be ‘Document’.

    Description - an optional description of the Asset

    Attributes - This drop down section contains any custom attributes that were added to the asset.

    Versions - the published versions of the document

    Note: The share button allows you to access and copy the permissioned and public (if enabled) links for the asset to share with other users. Private links are for logged in users with permissions assigned in an Access Policy, Public links are for everyone.
    Share Links

    The Event History tab shows the full history of Events including custom Events, new Versions and Withdraw Events.

    Click on the tab and select an Event to view the details.

    Event History Overview Tab

    The Overview information about the Event

    Event Identity - The Event ID will always be of the format ‘publicassets/<asset_id>/events/<event_id>’ for public assets or ‘assets/<asset_id>/events/<event_id>’ for private assets.

    Asset Identity - the ID of the parent Asset for this Event.

    Transaction - This link contains the details of the Event transaction.

    Transaction Details

    Type - For Document Profile Events this will always be ‘Publish’

    Document changes - The version and document hash for new version Events. There is no data here for custom Events.

    The Event attributes and Asset attributes tabs contain information about any custom attributes that were added or modified as part this Event.

    ← Registering an Event Against a Document Profile Asset
    Public Attestation →
    \ No newline at end of file +Includes the current version, the organization, and Verified Domain badge, if applicable.

    Public attestation and visibility - Public means that the document is publicly accessible using the public URL. Permissioned means that it is private and requires shared access to be enabled for a user to be able to view it.

    Type - For Document Profile Assets this will always be ‘Document’.

    Description - an optional description of the Asset

    Attributes - This drop down section contains any custom attributes that were added to the asset.

    Versions - the published versions of the document

    Note: The share button allows you to access and copy the permissioned and public (if enabled) links for the asset to share with other users. Private links are for logged in users with permissions assigned in an Access Policy, Public links are for everyone.
    Share Links

    The Event History tab shows the full history of Events including custom Events, new Versions and Withdraw Events.

    Click on the tab and select an Event to view the details.

    Event History Overview Tab

    The Overview information about the Event

    Event Identity - The Event ID will always be of the format ‘publicassets/<asset_id>/events/<event_id>’ for public assets or ‘assets/<asset_id>/events/<event_id>’ for private assets.

    Asset Identity - the ID of the parent Asset for this Event.

    Transaction - This link contains the details of the Event transaction.

    Transaction Details

    Type - For Document Profile Events this will always be ‘Publish’

    Document changes - The version and document hash for new version Events. There is no data here for custom Events.

    The Event attributes and Asset attributes tabs contain information about any custom attributes that were added or modified as part this Event.

    ← Registering an Event Against a Document Profile Asset
    Public Attestation →
    \ No newline at end of file diff --git a/platform/overview/introduction/index.html b/platform/overview/introduction/index.html index 9a13b4845..1de4a95b8 100644 --- a/platform/overview/introduction/index.html +++ b/platform/overview/introduction/index.html @@ -8,4 +8,4 @@ Sign Up

    Introduction

    Welcome to DataTrails

    DataTrails provides Provenance as a Service to prove the origins and trustworthiness of the data that powers your applications.

    DataTrails enables enterprises to build trust in data such as documents, images and AI models by ensuring that you know the origin and history of the data that you are using. -This can also be applied to multi-party data such as software and supply chain artifacts allowing you to make sure that processes are fit for purpose to comply with IT controls, corporate policies, and government regulations.

    DataTrails permanently records evidence into an Immutable Audit Trail to bring a superior level of trust in data for faster, confident decisions with lower business risk by combining:

    • Metadata Governance - Empower the right people in organizations to set, enforce, and execute detailed sharing policies for provenance metadata.

    • Authenticated Provenance - Deliver full traceability on all internal and external data sources to speed and assure digital decisions.

    • Continuous Accountability - Instantly auditable evidence “Proves Who Did What When” for any shared data to speed audit and root cause investigations.

    • Persistent Integrity - Create a complete, unbroken, and permanent record of shared Event transactions, delivering continuous assurance for faster digital decisions.

    DataTrails delivers assured metadata in a single line of code in a way that makes recording and auditing the full lifecycle of data simple. Any authorized participant (including a user, a software agent or an endpoint device) can register the Events that they are involved in.

    Users of the data can see a full picture of the data’s origin and history and by understanding Who Did What When, human actors and software/AI systems can make stronger real-time judgments about the trustworthiness of your data.

    DataTrails Functionality

    Core Concepts →
    \ No newline at end of file +This can also be applied to multi-party data such as software and supply chain artifacts allowing you to make sure that processes are fit for purpose to comply with IT controls, corporate policies, and government regulations.

    DataTrails permanently records evidence into an Immutable Audit Trail to bring a superior level of trust in data for faster, confident decisions with lower business risk by combining:

    DataTrails delivers assured metadata in a single line of code in a way that makes recording and auditing the full lifecycle of data simple. Any authorized participant (including a user, a software agent or an endpoint device) can register the Events that they are involved in.

    Users of the data can see a full picture of the data’s origin and history and by understanding Who Did What When, human actors and software/AI systems can make stronger real-time judgments about the trustworthiness of your data.

    DataTrails Functionality

    Core Concepts →
    \ No newline at end of file diff --git a/platform/overview/public-attestation/index.html b/platform/overview/public-attestation/index.html index 8f6c57a8b..2bf916358 100644 --- a/platform/overview/public-attestation/index.html +++ b/platform/overview/public-attestation/index.html @@ -66,4 +66,4 @@ Assets API

    ← Instaproof
    Identity and Access Management →
    \ No newline at end of file +

    ← Instaproof
    Identity and Access Management →
    \ No newline at end of file diff --git a/platform/overview/registering-a-document-profile-asset/index.html b/platform/overview/registering-a-document-profile-asset/index.html index 2e6be4c84..42259c36f 100644 --- a/platform/overview/registering-a-document-profile-asset/index.html +++ b/platform/overview/registering-a-document-profile-asset/index.html @@ -187,4 +187,4 @@ https://app.datatrails.ai/archivist/v2/assets?attributes.arc_display_name=My%20First%20Document

    Here we see all details entered: The extended attributes and a history of Events recorded on the Document.

    Note: To update the details of your Asset after it has been created, you must create an Event containing Asset Attributes that conform to the Document Profile.

    For more information on creating Events, -click here.

    The first Event in the Event History will always be the Document Registration. In the next section, we will cover how to create your own Events for your Document.

    ← Creating an Event Against an Asset
    Registering an Event Against a Document Profile Asset →
    \ No newline at end of file +click here.

    The first Event in the Event History will always be the Document Registration. In the next section, we will cover how to create your own Events for your Document.

    ← Creating an Event Against an Asset
    Registering an Event Against a Document Profile Asset →
    \ No newline at end of file diff --git a/platform/overview/registering-an-event-against-a-document-profile-asset/index.html b/platform/overview/registering-an-event-against-a-document-profile-asset/index.html index 1f6283aad..209c53520 100644 --- a/platform/overview/registering-an-event-against-a-document-profile-asset/index.html +++ b/platform/overview/registering-an-event-against-a-document-profile-asset/index.html @@ -183,4 +183,4 @@

    To view the details of the Event you just created for My First Document, use:

    curl -v -X GET \
      -H "@$HOME/.datatrails/bearer-token.txt" \
      https://app.datatrails.ai/archivist/v2/assets/<asset-id>/events/<event-id>
-

    ← Registering a Document Profile Asset
    Instaproof →
    \ No newline at end of file +

    ← Registering a Document Profile Asset
    Instaproof →
    \ No newline at end of file diff --git a/sales/contactus/index.html b/sales/contactus/index.html index 628af0ce7..4828e61e1 100644 --- a/sales/contactus/index.html +++ b/sales/contactus/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/sales/index.html b/sales/index.html index 908d3326c..9f88cdf76 100644 --- a/sales/index.html +++ b/sales/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/support/contactus/index.html b/support/contactus/index.html index 1cda67f81..898196ea4 100644 --- a/support/contactus/index.html +++ b/support/contactus/index.html @@ -5,4 +5,4 @@

    Contact Us

    For any queries please contact support@datatrails.ai

    \ No newline at end of file +Sign Up

    Contact Us

    For any queries please contact support@datatrails.ai

    \ No newline at end of file diff --git a/support/index.html b/support/index.html index 7ba94f944..15483a3ef 100644 --- a/support/index.html +++ b/support/index.html @@ -5,4 +5,4 @@
    \ No newline at end of file +Sign Up
    \ No newline at end of file diff --git a/usecases/authenticity-media-files/index.html b/usecases/authenticity-media-files/index.html index d53382771..f109bd1e8 100644 --- a/usecases/authenticity-media-files/index.html +++ b/usecases/authenticity-media-files/index.html @@ -9,4 +9,4 @@ Use Cases

    Authenticity of Media and Files

    Assurance with DataTrails

    A very simple yet powerful pattern for using DataTrails is the Authenticity pattern. This is a good choice when dealing with data or documents where trust, integrity and authenticity are more important than secrecy. This could be data that is shared between business partners or more simply the relationship between creators and consumers of digital media.

    The DataTrails platform separates data from its provenance metadata. By recording the metadata in the DataTrails platform it becomes an irrefutable record of the origin, provenance, integrity and authenticity of the media asset. When the data is updated a corresponding Event updates the metadata in DataTrails to build an immutable audit trail of the history of that data.

    Together with fine-grained attribute based access controls the platform provides a trust and visibility layer to support trusted data sharing and provides evidence to resolve contested scenarios.

    Both private and public stakeholders can verify that what they see on their screen is authentic and and has not been tampered with.

    Example 1: Digital Media

    The obvious example of a piece of digital media is a photographic image but it equally applies to graphical images and also sound and video recordings.

    A provenance history helps to establish the authenticity and integrity of digital media content. It allows users to verify that the content that they are consuming or sharing is genuine and has not been tampered with or manipulated. In an era of declining trust in digital media caused by an increased awareness of misinformation, AI, and deepfakes, understanding the provenance of digital media is crucial for restoring trust and credibility.

    Digital media provenance ensures transparency, trustworthiness, and accountability benefiting both content creators and consumers.

    Considerations

    Media Origin: The provenance record helps with attributing credit to the original creators of digital media. It enables content creators to protect their intellectual property rights and ensures they receive appropriate recognition for their work.

    Consumers of the media can check the origin and history of the media to give confidence that the media is authentic and if it has been processed.

    Versions: Changes are recorded as Events. The immutable audit trail provided by DataTrails records the history of the media allowing users to verify that it contains no unofficial changes.

    Example 2: Evidential Documents

    There are a great many documents that serve as evidence in formal discussions: shipping manifests; pictures of a traffic accident; statements of account; education diplomas; contracts. DataTrails adds strong integrity to any document to allow easy verification.

    It is rare for a document to remain unchanged during it’s lifetime. Some documents are expected to go though many versions while others change much less frequently.

    The -Document Profile pattern is a suggested set of attributes for Assets and Events for recording the life cycle of a document.

    Considerations

    Track Documents: Create a very simple Asset structure with minimal attributes to identify the document and additional attributes to store the key metadata, such as a hash of the document.

    Collections: If the document is strongly related to another one, consider adding and tracking them all as Events against a single Asset record.

    Versions: If the document is a new version of something already stored in DataTrails, then use Events to replace the document’s metadata with the updated version. Any authorized stakeholder fetching the Asset record will automatically get the most up-to-date version, and prior versions can be retrieved if necessary from the Event history.

    Access: For each asset record, it is possible to choose if you want to share that publicly by creating a Public Asset, or with a select group of “friendly” associates by creating a Private asset that is protected by an Access Policy. By sharing publicly, your trail will be verifiable on our Instaproof service by anyone without the need for a DataTrails account.

    ← Responsible AI
    Supply Chain: Process Governance and Modelling →
    \ No newline at end of file +Document Profile pattern is a suggested set of attributes for Assets and Events for recording the life cycle of a document.

    Considerations

    Track Documents: Create a very simple Asset structure with minimal attributes to identify the document and additional attributes to store the key metadata, such as a hash of the document.

    Collections: If the document is strongly related to another one, consider adding and tracking them all as Events against a single Asset record.

    Versions: If the document is a new version of something already stored in DataTrails, then use Events to replace the document’s metadata with the updated version. Any authorized stakeholder fetching the Asset record will automatically get the most up-to-date version, and prior versions can be retrieved if necessary from the Event history.

    Access: For each asset record, it is possible to choose if you want to share that publicly by creating a Public Asset, or with a select group of “friendly” associates by creating a Private asset that is protected by an Access Policy. By sharing publicly, your trail will be verifiable on our Instaproof service by anyone without the need for a DataTrails account.

    ← Responsible AI
    Supply Chain: Process Governance and Modelling →
    \ No newline at end of file diff --git a/usecases/bill-of-materials/index.html b/usecases/bill-of-materials/index.html index 8b4b42e52..269416f74 100644 --- a/usecases/bill-of-materials/index.html +++ b/usecases/bill-of-materials/index.html @@ -11,4 +11,4 @@ NTIA SBOM Proof of Concept the need for strong stakeholder community management and a trusted SBOM data sharing mechanism which protects the interests of all parties.

    The DataTrails Software Package profile is a set of suggested Asset and Event attributes that offers a solution to this sharing and distribution problem: vendors retain control of their proprietary information and release processes while customers have assured and reliable visibility into their digital supply chain risks with reliable access to current and historical SBOM data for the components they rely on.

    As an Asset, a Software Package may hold many different SBOMs over its lifecycle representing the introduction of new releases and versions of the Software Package. Each ‘Release’ is recorded as an Event to capture the known SBOM at the time.

    If a particular Software Package has constituent components composed of other Software Package Assets this would be tracked within the SBOM of the component Supplied Software Package, ensuring full traceability across the Supply Chain.

    Considerations

    Key to any successful DataTrails integration is keeping the number of Asset attributes manageable and meaningful. Do not add every entry in the SBOM as an Asset attribute. Instead, preserve Asset attributes to carry essential metadata such as final build hashes and assured current versions, and put the full details of each released version in attachments and Events.

    Note: There are good standards for storing and exchanging SBOM data such as SWID/ISO/IEC 19770-2:2015, Cyclone DX, and -SPDX. DataTrails recommends adopting standard data formats wherever possible, as these vastly improve interoperability and utility of the data exchanged between DataTrails participants.

    SBOM as a living document: As a vendor, try to model each final software product as an Asset, and releases/updates to that software product as Events on that Asset. That way, a single Asset history contains all the patch versions of a pristine build standard.

    Link to real assets: In reality, not every machine is going to be patched and running identical versions of software, and certainly not the most up-to-date one. As a user of devices, try to link the SBOM from your vendor to the device by having Asset attributes for the Asset Identity of the vendor-published SBOM and the version installed on the device. That way it is easy to find devices that need attention following an SBOM update.

    Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Typically, very few parties need to update the SBOM record, but many people will need to read it.

    Remember that DataTrails is a shared evidence platform. It is there to help share and publish the SBOM and create the trust and transparency that is demanded of modern systems, to ensure the security of the digital supply chain.

    ← Supply Chain: Chain of Custody
    \ No newline at end of file +SPDX. DataTrails recommends adopting standard data formats wherever possible, as these vastly improve interoperability and utility of the data exchanged between DataTrails participants.

    SBOM as a living document: As a vendor, try to model each final software product as an Asset, and releases/updates to that software product as Events on that Asset. That way, a single Asset history contains all the patch versions of a pristine build standard.

    Link to real assets: In reality, not every machine is going to be patched and running identical versions of software, and certainly not the most up-to-date one. As a user of devices, try to link the SBOM from your vendor to the device by having Asset attributes for the Asset Identity of the vendor-published SBOM and the version installed on the device. That way it is easy to find devices that need attention following an SBOM update.

    Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Typically, very few parties need to update the SBOM record, but many people will need to read it.

    Remember that DataTrails is a shared evidence platform. It is there to help share and publish the SBOM and create the trust and transparency that is demanded of modern systems, to ensure the security of the digital supply chain.

    ← Supply Chain: Chain of Custody
    \ No newline at end of file diff --git a/usecases/index.html b/usecases/index.html index 2fa327477..b137f984b 100644 --- a/usecases/index.html +++ b/usecases/index.html @@ -7,4 +7,4 @@

    Use Cases

    DataTrails is a powerful and flexible platform enabling users to record Who Did What & When to any content. To get the best out of the DataTrails it is important to model your real-world assets and business processes efficiently into DataTrails Assets and -Events.

    The three most common patterns are:

    • Authenticity and Attestation: proving the state of documents and data at a point in time. Also known as ‘Provenance’.
    • Bill of Materials: tracing the contents and composition of assets.
    • State Machine and Supply Chains: following the progress of an asset as it moves through a business process or lifecycle states.

    These are laid out in more detail here:


    \ No newline at end of file +Events.

    The three most common patterns are:

    These are laid out in more detail here:

    Authenticity of Media and Files →
    Bill of Materials →
    Responsible AI →
    Supply Chain: Asset Lifecycle →
    Supply Chain: Chain of Custody →
    Supply Chain: Process Governance and Modelling →

    \ No newline at end of file diff --git a/usecases/responsible-ai/index.html b/usecases/responsible-ai/index.html index 70d49934b..bd33cbb6c 100644 --- a/usecases/responsible-ai/index.html +++ b/usecases/responsible-ai/index.html @@ -8,4 +8,4 @@ Sign Up

    Responsible AI

    As AI technologies become more common the need for trust in AI increases at a greater rate. There is a need to trust the AI model, the dataset that trains the AI machine, the statements about governance and compliance made by the AI vendor before you can trust the output of the AI machine.

    Responsible AI includes an ethical and legal viewpoint to ensure that AI works for the good of society, fundamental to this is Trust and Transparency.

    As consumers of the AI model:

    • We need to be certain that an AI machine is making decisions that are no worse than those that would be made by a trained and competent human.
    • We need to know that it has been trained on ‘good’ data, not ‘bad’ data.
    • We need to know that the system has been designed to be compliant with the correct standards and policies.
    • We need to know that it will not misuse our personal information.
    • We need to know that the system is being developed and improved to those same standards.

    Above all, we don’t want to take the vendors word for it, they need to prove it!

    DataTrails empowers this by providing an immutable lineage record (the data trail) for all aspects of the AI machine which supports responsible and ethical governance, coupled with transparency and traceability of the training data and output analysis. Together these enhance the explainability and interpretability of the AI machine’s output which results in trust and efficient decision making by the user whether that user is a human or another AI machine.

    Opportunities for Transparency

    RAG: Retrieval Augmented Generation
    SHAP: SHapley Additive exPlanations
    LIME: Local Interpretable Model-agnostic Explanations

    Considerations

    Policy and Standards Compliance: A set of Asset attributes can be created to record the baseline compliance of the AI system. This can include internal policies such as Bias, Discrimination and Copyright statements or external policies such as GDPR and other legal frameworks. Any policy changes or changes in compliance status can be recorded as an Event to build the immutable record of compliance over time.

    The AI Model and the Training Data: The versions of the AI process model, the AI machine software and of the Training datasets could also be recorded as Asset attributes. Other things to include could be changes to the Training model and any manual Training decisions that influence the output of the AI machine. -Recording updates as Events will transparently record the version history of the working components of the AI system as it is developed and improved.

    Access Policies: Use Access policies to enable fine-grained control over access to the data. Access Policies provide stakeholders with the transparent access to the untampered provenance record that they need to be able to make decisions and gain trust in the system.

    Authenticity of Media and Files →
    \ No newline at end of file +Recording updates as Events will transparently record the version history of the working components of the AI system as it is developed and improved.

    Access Policies: Use Access policies to enable fine-grained control over access to the data. Access Policies provide stakeholders with the transparent access to the untampered provenance record that they need to be able to make decisions and gain trust in the system.

    Authenticity of Media and Files →
    \ No newline at end of file diff --git a/usecases/sc-asset-lifecycle/index.html b/usecases/sc-asset-lifecycle/index.html index 1bdfa5a6d..44885d11f 100644 --- a/usecases/sc-asset-lifecycle/index.html +++ b/usecases/sc-asset-lifecycle/index.html @@ -6,4 +6,4 @@

    Supply Chain: Asset Lifecycle

    Tracking the lifecycle of physical Assets

    Tracking and tracing the lifecycle of physical Assets - from IoT Devices (embedded sensors, handheld equipment) to a whole distribution depot - is a key strength of DataTrails. The ability to collect and examine the entire life history of critical Assets - their provenance - is crucial to building secure and trustworthy systems.

    This also applies to digital assets such as software applications, equipment firmware, images and documents. Every item involved in the supply chain has a lifecycle.

    Asset lifecycle tracing

    Knowing what state an asset is in, whether or not it is compliant with organizational policy, and whether it needs any attention right now can help a connected system run smoothly. This eliminates the mundane in lifecycle management and allows expert resources to focus only on those parts of the estate that need attention.

    Asset Lifecycle

    Considerations

    Build the Asset over time: The Asset lifecycle covers its entire life, from design and build to procurement and use, and finally disposal. During this time the Asset evolves and develops new properties and characteristics which are not necessarily foreseeable at creation time. DataTrails supports the addition of new properties at any time in the lifecycle so there is no need to design and fill in everything up-front. Start with a simple - even empty - Asset and let DataTrails track and trace the new properties as they naturally occur.

    Verify and confirm security data: For digital Assets, a lot of the effort spent on lifecycle management will be spent on software and firmware management. DataTrails’s ‘Witness Statement’ approach to creating Asset histories enables statements of intent to be recorded alongside ground truths. For example, a claimed software update next to a digitally signed platform attestation proving that it was done.

    Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Generally, all parties will need read access to all the Events in the Asset history but it may be convenient to restrict Event write access to mirror real-world approvers and actors.

    ← Supply Chain: Process Governance and Modelling
    Supply Chain: Chain of Custody →
    \ No newline at end of file +Use Cases

    Supply Chain: Asset Lifecycle

    Tracking the lifecycle of physical Assets

    Tracking and tracing the lifecycle of physical Assets - from IoT Devices (embedded sensors, handheld equipment) to a whole distribution depot - is a key strength of DataTrails. The ability to collect and examine the entire life history of critical Assets - their provenance - is crucial to building secure and trustworthy systems.

    This also applies to digital assets such as software applications, equipment firmware, images and documents. Every item involved in the supply chain has a lifecycle.

    Asset lifecycle tracing

    Knowing what state an asset is in, whether or not it is compliant with organizational policy, and whether it needs any attention right now can help a connected system run smoothly. This eliminates the mundane in lifecycle management and allows expert resources to focus only on those parts of the estate that need attention.

    Asset Lifecycle

    Considerations

    Build the Asset over time: The Asset lifecycle covers its entire life, from design and build to procurement and use, and finally disposal. During this time the Asset evolves and develops new properties and characteristics which are not necessarily foreseeable at creation time. DataTrails supports the addition of new properties at any time in the lifecycle so there is no need to design and fill in everything up-front. Start with a simple - even empty - Asset and let DataTrails track and trace the new properties as they naturally occur.

    Verify and confirm security data: For digital Assets, a lot of the effort spent on lifecycle management will be spent on software and firmware management. DataTrails’s ‘Witness Statement’ approach to creating Asset histories enables statements of intent to be recorded alongside ground truths. For example, a claimed software update next to a digitally signed platform attestation proving that it was done.

    Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Generally, all parties will need read access to all the Events in the Asset history but it may be convenient to restrict Event write access to mirror real-world approvers and actors.

    ← Supply Chain: Process Governance and Modelling
    Supply Chain: Chain of Custody →
    \ No newline at end of file diff --git a/usecases/sc-chain-of-custody/index.html b/usecases/sc-chain-of-custody/index.html index 42eb9ca7a..c17586af5 100644 --- a/usecases/sc-chain-of-custody/index.html +++ b/usecases/sc-chain-of-custody/index.html @@ -6,4 +6,4 @@

    Supply Chain: Chain of Custody

    Tracking the Chain of Custody

    “Multi-party business processes” and “Asset lifecycle tracing” are examples of a more general pattern: Supply Chain Handling.

    The ‘State Machine’ and ‘Lifecycle Tracing’ pattens are very similar, but the former puts a greater emphasis on modeling and tracing the Events while the latter concentrates more on the evolving state of the Assets. Combining these concepts makes it possible to easily trace complex multi-party supply chains without stakeholders having to adapt to each other’s ways of working. Everyone participates on their own terms using their own tools and processes, and DataTrails bridges the gap to make data available where it is needed.

    The Chain of Custody is a documented record of the people or entities that physically or digitally handle a product as it moves from constituent parts to the end customer.

    By combining all three, to complete the Supply Chain, DataTrails allows you to:

    • Enable global visibility to all stakeholders
    • Provide continuous data assurance for accessibility, integrity and resilience
    • Integrate with physical items and devices in a platform agnostic way
    • Comply with internal and external regulatory standards
    • Use defined and continuously improving process

    Chain of Custody

    The DataTrails platform records who did what when (and where when appropriate) to build an immutable and auditable account of the entire history of an product as it passes through the supply chain. This is the Data Trail.

    The platform allows multi-party sharing and visibility of supply chain data which empowers trusted data exchange and verification. Supply chain partners have a single source of truth that gives them confidence that decisions are made by the right people, at the right step of the process, using the right data and with confidence that the data is the correct version and is untampered.

    It also provides proof of the ownership and operational status of both digital and physical assets and enhances statements of compliance and quality assurance.

    Chain of Custody

    Considerations

    Custom Attributes: A core set of attributes can be created specifically to suit each asset and event type. DataTrails has the flexibility to allow these to be modified as the business needs develop over time. They are not set in stone.

    GIS position information: Make good use of the arc_gis_* attributes of Events in order to trace Where Who Did What When. Remember that physical environment can make a lot of difference to the virtual security of your Assets.

    Access Policies 1: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Nonetheless, complete supply chain operations are complex and thought must be given to Access Policy configuration to account for changes of custody.

    Access Policies 2: Consider how far up or down the supply chain visibility should be offered. For example, a customer/operator should be able to see manufacturing data but the manufacturer may or may not be entitled to see usage data.

    ← Supply Chain: Asset Lifecycle
    Bill of Materials →
    \ No newline at end of file +Use Cases

    Supply Chain: Chain of Custody

    Tracking the Chain of Custody

    “Multi-party business processes” and “Asset lifecycle tracing” are examples of a more general pattern: Supply Chain Handling.

    The ‘State Machine’ and ‘Lifecycle Tracing’ pattens are very similar, but the former puts a greater emphasis on modeling and tracing the Events while the latter concentrates more on the evolving state of the Assets. Combining these concepts makes it possible to easily trace complex multi-party supply chains without stakeholders having to adapt to each other’s ways of working. Everyone participates on their own terms using their own tools and processes, and DataTrails bridges the gap to make data available where it is needed.

    The Chain of Custody is a documented record of the people or entities that physically or digitally handle a product as it moves from constituent parts to the end customer.

    By combining all three, to complete the Supply Chain, DataTrails allows you to:

    Chain of Custody

    The DataTrails platform records who did what when (and where when appropriate) to build an immutable and auditable account of the entire history of an product as it passes through the supply chain. This is the Data Trail.

    The platform allows multi-party sharing and visibility of supply chain data which empowers trusted data exchange and verification. Supply chain partners have a single source of truth that gives them confidence that decisions are made by the right people, at the right step of the process, using the right data and with confidence that the data is the correct version and is untampered.

    It also provides proof of the ownership and operational status of both digital and physical assets and enhances statements of compliance and quality assurance.

    Chain of Custody

    Considerations

    Custom Attributes: A core set of attributes can be created specifically to suit each asset and event type. DataTrails has the flexibility to allow these to be modified as the business needs develop over time. They are not set in stone.

    GIS position information: Make good use of the arc_gis_* attributes of Events in order to trace Where Who Did What When. Remember that physical environment can make a lot of difference to the virtual security of your Assets.

    Access Policies 1: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Nonetheless, complete supply chain operations are complex and thought must be given to Access Policy configuration to account for changes of custody.

    Access Policies 2: Consider how far up or down the supply chain visibility should be offered. For example, a customer/operator should be able to see manufacturing data but the manufacturer may or may not be entitled to see usage data.

    ← Supply Chain: Asset Lifecycle
    Bill of Materials →
    \ No newline at end of file diff --git a/usecases/sc-state-machine/index.html b/usecases/sc-state-machine/index.html index 95dd27018..330e6e6a9 100644 --- a/usecases/sc-state-machine/index.html +++ b/usecases/sc-state-machine/index.html @@ -6,4 +6,4 @@

    Supply Chain: Process Governance and Modelling

    Tracking multi-stakeholder business processes

    A common pattern for tracking an Asset lifecycle is the State Machine pattern for Multi-party business processes. This is a good choice for multi-stakeholder process modelling, particularly where the order of operations is important or activities are triggered by actions of partners. Tracing multi-stakeholder business processes in DataTrails not only ensures transparency and accountability among parties, but is also faster and more reliable than typical cross-organization data sharing and process management involving phone calls and spreadsheets.

    Modelling such systems in DataTrails can help to rapidly answer questions like “are my processes running smoothly?”, “do I need to act?”, and “has this asset been correctly managed?”. In audit situations, the Asset histories also allow stakeholders to look back in time and ask “who knew what at the time? Could process violations have been detected earlier?”

    Multi-party change management and approvals

    This pattern uses a purely virtual Asset to represent a policy or process and coordinate movement through that process, complete with multi-party inputs and approvals. The emphasis here is on Events rather than Asset attributes: What Happened? Who Was There? What evidence was used to decide to move to the next sage of the process?

    Process Governance

    Considerations

    Map the business process: DataTrails is here to support business operations, not disturb them. Try to define one Event type for each stage of the process, so decisions and artifacts can be recorded naturally and completely during normal operations. In a mature business, there may be formal documents such as a Process Map (PM), Business Process Model (BPM) or Universal Modeling Language description of the process, its steps, and its approvers. Use this as a base if it is available.

    Record decisions clearly: Future decisions will depend on the evidence of past ones. Make sure that all relevant information is recorded in Event records in the right format for the intended consumer: if decisions are made by humans, rich attachments are a good option. If software or AI are involved, then Event attributes are often a stronger choice.

    Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Generally, all parties will need read access to all the Events in a Trail history, but it may be convenient to restrict Event write access to mirror real-world approvers and actors.

    ← Authenticity of Media and Files
    Supply Chain: Asset Lifecycle →
    \ No newline at end of file +Use Cases

    Supply Chain: Process Governance and Modelling

    Tracking multi-stakeholder business processes

    A common pattern for tracking an Asset lifecycle is the State Machine pattern for Multi-party business processes. This is a good choice for multi-stakeholder process modelling, particularly where the order of operations is important or activities are triggered by actions of partners. Tracing multi-stakeholder business processes in DataTrails not only ensures transparency and accountability among parties, but is also faster and more reliable than typical cross-organization data sharing and process management involving phone calls and spreadsheets.

    Modelling such systems in DataTrails can help to rapidly answer questions like “are my processes running smoothly?”, “do I need to act?”, and “has this asset been correctly managed?”. In audit situations, the Asset histories also allow stakeholders to look back in time and ask “who knew what at the time? Could process violations have been detected earlier?”

    Multi-party change management and approvals

    This pattern uses a purely virtual Asset to represent a policy or process and coordinate movement through that process, complete with multi-party inputs and approvals. The emphasis here is on Events rather than Asset attributes: What Happened? Who Was There? What evidence was used to decide to move to the next sage of the process?

    Process Governance

    Considerations

    Map the business process: DataTrails is here to support business operations, not disturb them. Try to define one Event type for each stage of the process, so decisions and artifacts can be recorded naturally and completely during normal operations. In a mature business, there may be formal documents such as a Process Map (PM), Business Process Model (BPM) or Universal Modeling Language description of the process, its steps, and its approvers. Use this as a base if it is available.

    Record decisions clearly: Future decisions will depend on the evidence of past ones. Make sure that all relevant information is recorded in Event records in the right format for the intended consumer: if decisions are made by humans, rich attachments are a good option. If software or AI are involved, then Event attributes are often a stronger choice.

    Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Generally, all parties will need read access to all the Events in a Trail history, but it may be convenient to restrict Event write access to mirror real-world approvers and actors.

    ← Authenticity of Media and Files
    Supply Chain: Asset Lifecycle →
    \ No newline at end of file