| 1. Definition | 2. Functional Requirements | 3. Syntax | 4. Semantics |
1 Definition
A Trust Operation is a structured description of an action performed within the MPAI‑PTF Trust Framework that affects trust establishment, verification, or lifecycle management. Trust Operations provide a machine‑readable record of what trust‑related action occurred, who performed it, when, on what object, and with what outcome.
Trust Operations enable:
- auditability
- traceability
- policy enforcement
- verification workflows
- compliance reporting
They are intentionally generic so they can describe operations such as:
- verifying a signature
- validating a credential
- checking evidence freshness
- evaluating a policy
- binding a policy
- issuing a credential
- revoking a credential
- updating lifecycle state
2 Functional Requirements
A Trust Operation shall:
- Identify the operation
- Include a header indicating the version.
- Include a unique operation identifier.
- Include the time at which the operation occurred.
- Describe the operation
- Include an operation type from the Trust Operation Taxonomy.
- Include the target object (e.g., CII, ICR, PLC, Evidence).
- Record the actor
- Include the identifier of the entity performing the operation.
- Record the outcome
- Include a status (e.g., Success, Failure).
- Optionally include a reason for failure.
- Support cryptographic integrity
- Include a digital signature using an algorithm from the Security Algorithm Taxonomy.
- Support metadata
- Include optional descriptive metadata.
- Include optional Data Exchange Metadata.
- Forbid undeclared fields
- Reject any properties not defined in the schema.
3 Syntax
https://schemas.mpai.community/PTF/V1.0/data/TrustOperation.json
4 Semantics
| Label | Description |
|---|---|
| Header | Version header of the form PTF-TRO-Vx.y. |
| MInstanceID | Optional managing instance identifier. |
| TrustOperationID | Unique identifier of the trust operation. |
| TrustOperationTime | Time at which the operation occurred (OSD Time). |
| OperationType | Operation type identifier from the Trust Operation Taxonomy. |
| TargetType | Type of object the operation applies to (e.g., CII, ICR, PLC, Evidence). |
| TargetID | Identifier of the target object. |
| ActorID | Identifier of the entity performing the operation. |
| Status | Outcome of the operation: Success, Failure. |
| FailureReason | Optional human‑readable reason for failure. |
| Signature | Digital signature over the Trust Operation. |
| Signature.Algorithm | Signature algorithm from the Security Algorithm Taxonomy. |
| Signature.Value | Base64url‑encoded signature value. |
| DataXMData | Data Exchange Metadata. |
| DescrMetadata | Optional descriptive metadata (max 2048 chars). |
