MPAI-AIF V3.0 Data Types – Data Exchange Metadata

1. The Data Exchange Metadata (DEM) SHALL act as the authoritative container for all per‑interaction Zero Trust evidence exchanged between AIMs and Process Instances.
2. Each DEM field SHALL be interpreted as a verifiable security claim contributing to:
   • Identity verification
   • Authentication
   • Authorization
   • Integrity protection
   • Confidentiality guarantees
   • Freshness and anti‑replay assurance
   • Provenance and trace
   • Auditability
3. No Process (defined as Process Instance or AIF) may claim Zero Trust compliance without using the DEM as the primary transport vehicle for its Zero Trust security assertions.
4. Data Exchange Metadata shall/may include the following fields.

Header (AIF‑DEM‑Vx.y)

• SHALL indicate the DEM version.
• SHALL be protected by integrity mechanisms.
• Older versions SHALL NOT be accepted without explicit downgrade‑approval policies.

MInstanceID

• SHALL uniquely identify the M‑Instance if the DEM is used in MMM-TEC contexts.
• SHALL be cryptographically bound to a valid identity (certificate, SPIFFE ID, DID, or equivalent).

The validity of a Certificate could be dependent on

1. An agreement between the implementer and the user
2. The CA is part of a list maintained by the MPAI Store.

DataExchangeMetadataID

• SHALL be globally unique.
• SHALL be used for anti‑replay detection.
• SHALL allow deterministic correlation with audit records.

DataID

• SHALL uniquely identify the Data Instance.
• SHALL be the anchor for verifying authorisation, integrity, and provenance.

DataType (AAA‑XYZ‑Vx.y)

• SHALL determine applicable legal, privacy, authorization, and rights constraints.
• Receiving Process Instances or AIMs SHALL reject DEMs whose DataType is incompatible with current authorisation policies.

Source (ProcessInstance)

• SHALL specify the authenticated identity of the producing Process.
• SHALL be supported by attestation evidence when available (TEE, TPM, VM‑attested identity).
• SHALL be verified for each interaction.

Authorisations[]

Each Authorisation entry:

• SHALL specify which Process may process the Data Instance.
• SHALL specify allowed DataType or DataID references.
• The receiving AIM or ProcessInstance SHALL refuse processing if:
  • No matching Authorisation is present, or
  • The Authorisation conflicts with local policy.

Legality

• SHALL contain machine-readable legal qualifiers.
• Implementations SHALL enforce these conditions as part of the authorisation process.

Privacy

• SHALL list Processes permitted to process the Data Instance under privacy rules.
• SHALL restrict propagation.
• DEM privacy constraints SHALL be strictly binding.

Security

The Security field SHALL declare:

• Sender identity and cryptographic technology used.
• Integrity protection mechanisms.
• Confidentiality (encryption) mechanisms.
  The receiving AIM SHALL validate all declared mechanisms and SHALL reject DEMs lacking verifiable protection.

Confidence

• Confidence values SHALL be incorporated into continuous Zero Trust risk evaluation.
• Low confidence MAY cause denial of processing according to policy.

Rights

• SHALL be enforced as binding Zero Trust attributes.
• Rights violations SHALL be treated as authorisation failures.

Trace

• SHALL provide complete provenance of the Data Instance.
• Each entry SHALL be cryptographically verifiable using signatures, hashes, or attestation tokens.
• Provenance inconsistencies SHALL cause immediate rejection.

DescrMetadata

• MAY be used for human-readable annotations