<-Verification Pipeline Go to ToC Conformance Testing->

This section defines the complete decision logic for trust establishment between:

PI‑A (Requester)
Verifier
PI‑B (Target)

The protocol is deterministic: any failure at any step MUST terminate the pipeline with a TrustResponse(Failure).

0. Protocol Start

PI‑A → Verifier: TrustRequest(Target = PI‑B, Operation = O)

Verifier MUST execute all steps in order.

1. Identity Verification

1.1 Verify CII structure

IF CII is missing OR malformed
    THEN FAIL("InvalidCII")

1.2 Verify CII signature

IF CII.Signature is invalid under SAT
    THEN FAIL("InvalidCIISignature")

1.3 Verify roles

IF PI‑B.Roles does not include required role for Operation O
    THEN FAIL("MissingRequiredRole")

1.4 Verify taxonomy compliance

IF any role not in Cryptographic Instance Role Taxonomy
    THEN FAIL("UnknownRole")

If all checks pass

CONTINUE

2. Credential Verification

2.1 InstanceCredential

IF InstanceCredential missing
    THEN FAIL("MissingInstanceCredential")

IF InstanceCredential.Signature invalid
    THEN FAIL("InvalidInstanceCredentialSignature")

IF InstanceCredential validity interval expired
    THEN FAIL("ExpiredInstanceCredential")

2.2 ProcessLifecycleCredential

IF PLC missing
    THEN FAIL("MissingPLC")

IF PLC.Signature invalid
    THEN FAIL("InvalidPLCSignature")

IF PLC.LifecycleState != "Running"
    THEN FAIL("InvalidLifecycleState")

2.3 Credential issuer trust

IF InstanceCredential.Issuer NOT in TrustAnchors
    AND NOT validated via CredentialChain
        THEN FAIL("UntrustedCredentialIssuer")

If all checks pass

CONTINUE

3. Evidence Verification

3.1 Evidence presence

IF Evidence missing
    THEN FAIL("MissingEvidence")

3.2 Evidence type

IF Evidence.EvidenceType NOT in VerificationProfile.RequiredEvidenceTypes
    THEN FAIL("UnsupportedEvidenceType")

3.3 Evidence signature

IF Evidence.Measurements.Signature invalid
    THEN FAIL("InvalidEvidenceSignature")

3.4 Evidence hash

IF Evidence.Measurements.Hash does not match expected
    THEN FAIL("InvalidEvidenceHash")

3.5 Evidence freshness

IF NOW - Evidence.Timestamp > VerificationProfile.EvidenceFreshnessMax
    THEN FAIL("StaleEvidence")

If all checks pass

CONTINUE

4. Policy Evaluation

4.1 Load PolicyBinding

IF PolicyBinding missing OR invalid signature
    THEN FAIL("InvalidPolicyBinding")

4.2 Load VerificationProfile

IF VerificationProfile missing OR malformed
    THEN FAIL("InvalidVerificationProfile")

4.3 Evaluate rules

For each rule R in VerificationProfile.Rules:

IF R is not satisfied
    THEN FAIL("PolicyViolation:" + R)

If all checks pass

CONTINUE

5. Decision Logic

5.1 Aggregate results

IF any previous step failed
    THEN FAIL("TrustNotEstablished")
ELSE
    SUCCESS("TrustEstablished")

5.2 Produce TrustResponse

TrustResponse = {
    Status: Success | Failure,
    Reason: <failure reason or null>,
    Signature: VerifierSignature
}

6. Data Exchange (Only if Success)

IF TrustResponse.Status == Success
    THEN PI‑A → PI‑B: Data + DEM
ELSE
    NO DATA MUST BE SENT

7. DEM Enforcement (PI‑B)

IF PI‑B violates DEM constraints
    THEN PI‑B is non‑conformant

8. TrustOperations Logging

For each step:

Log {
    StepName,
    Status,
    Timestamp
}

Flowchart diagram

Reference Pseudocode

Process Instance Trust Framework (MPAI‑PTF) V1.0

This pseudocode defines the normative logic of the PTF Trust Establishment Protocol.
It expresses the required behavior of a Verifier when processing a TrustRequestin language‑agnostic form.

1. Function: VerifyTrust

function VerifyTrust(requesterID, targetID, operation):

    result = new VerificationResult()

    # ------------------------------------------------------------
    # 1. Identity Verification
    # ------------------------------------------------------------
    if not Exists(CII(targetID)):
        return Failure("InvalidCII")

    if not VerifySignature(CII(targetID)):
        return Failure("InvalidCIISignature")

    if not RoleRequiredForOperation(CII(targetID).roles, operation):
        return Failure("MissingRequiredRole")

    if not RolesInTaxonomy(CII(targetID).roles):
        return Failure("UnknownRole")


    # ------------------------------------------------------------
    # 2. Credential Verification
    # ------------------------------------------------------------
    if not Exists(InstanceCredential(targetID)):
        return Failure("MissingInstanceCredential")

    if not VerifySignature(InstanceCredential(targetID)):
        return Failure("InvalidInstanceCredentialSignature")

    if Expired(InstanceCredential(targetID)):
        return Failure("ExpiredInstanceCredential")

    if not Exists(PLC(targetID)):
        return Failure("MissingPLC")

    if not VerifySignature(PLC(targetID)):
        return Failure("InvalidPLCSignature")

    if PLC(targetID).lifecycleState != "Running":
        return Failure("InvalidLifecycleState")

    if not IssuerTrustedOrChainValid(InstanceCredential(targetID)):
        return Failure("UntrustedCredentialIssuer")


    # ------------------------------------------------------------
    # 3. Evidence Verification
    # ------------------------------------------------------------
    if not Exists(Evidence(targetID)):
        return Failure("MissingEvidence")

    if Evidence(targetID).type not in RequiredEvidenceTypes(operation):
        return Failure("UnsupportedEvidenceType")

    if not VerifySignature(Evidence(targetID).measurements):
        return Failure("InvalidEvidenceSignature")

    if not VerifyHash(Evidence(targetID).measurements):
        return Failure("InvalidEvidenceHash")

    if EvidenceTooOld(Evidence(targetID), MaxFreshness(operation)):
        return Failure("StaleEvidence")


    # ------------------------------------------------------------
    # 4. Policy Evaluation
    # ------------------------------------------------------------
    if not Exists(PolicyBinding(operation)):
        return Failure("InvalidPolicyBinding")

    if not Exists(VerificationProfile(operation)):
        return Failure("InvalidVerificationProfile")

    for rule in VerificationProfile(operation).rules:
        if not EvaluateRule(rule, targetID, operation):
            return Failure("PolicyViolation:" + rule)


    # ------------------------------------------------------------
    # 5. Decision Logic
    # ------------------------------------------------------------
    return Success()

2. Function: Failure(reason)

function Failure(reason):
    response = new TrustResponse()
    response.status = "Failure"
    response.reason = reason
    response.timestamp = Now()
    response.signature = Sign(response)
    return response

3. Function: Success()

function Success():
    response = new TrustResponse()
    response.status = "Success"
    response.reason = null
    response.timestamp = Now()
    response.signature = Sign(response)
    return response

4. Data Exchange Logic (PI‑A)

function OnTrustResponse(response, data, dem):

    if response.status == "Success":
        SendDataWithDEM(data, dem)
    else:
        AbortTransfer()

5. DEM Enforcement (PI‑B)

function EnforceDEM(data, dem):

    if dem.legality.noOnwardSharing:
        PreventOnwardSharing(data)

    if dem.legality.retentionLimit:
        ScheduleDeletion(data, dem.legality.retentionLimit)

    if dem.security.confidentiality == "High":
        ApplyConfidentialityControls(data)

    if dem.security.integrity == "Required":
        ApplyIntegrityControls(data)

    RecordProvenance(dem.provenance)

WDL representation

https://schemas.mpai.community/PTF/V1.0/wdl/TrustEstablishment.wdl

<-Verification Pipeline Go to ToC Conformance Testing->

Cookie	Duration	Description
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Technical".
CookieLawInfoConsent	1 year	The cookie is set by the GDPR Cookie Consent plug-in and is used to store whether the user has consented to the use of cookies or not. It does not store any personal data.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pk_id.6.08a8	13 months	Used to store a few details about the user such as the unique visitor ID
_pk_ses.6.08a8	30 minutes	Short lived cookies used to temporarily store data for the visit

MPAI-PTF V1.0 – Trust Establishment Protocol

0. Protocol Start

1. Identity Verification

1.1 Verify CII structure

1.2 Verify CII signature

1.3 Verify roles

1.4 Verify taxonomy compliance

If all checks pass

2. Credential Verification

2.1 InstanceCredential

2.2 ProcessLifecycleCredential

2.3 Credential issuer trust

If all checks pass

3. Evidence Verification

3.1 Evidence presence

3.2 Evidence type

3.3 Evidence signature

3.4 Evidence hash

3.5 Evidence freshness

If all checks pass

4. Policy Evaluation

4.1 Load PolicyBinding

4.2 Load VerificationProfile

4.3 Evaluate rules

If all checks pass

5. Decision Logic

5.1 Aggregate results

5.2 Produce TrustResponse

6. Data Exchange (Only if Success)

7. DEM Enforcement (PI‑B)

8. TrustOperations Logging

Flowchart diagram

Reference Pseudocode

Process Instance Trust Framework (MPAI‑PTF) V1.0

1. Function: VerifyTrust

2. Function: Failure(reason)

3. Function: Success()

4. Data Exchange Logic (PI‑A)

5. DEM Enforcement (PI‑B)

WDL representation

Notice