dispatch N. Lukianets
Internet-Draft Open Ethics Initiative
Intended status: Experimental 3 August 2024
Expires: 4 February 2025
Open Ethics Transparency Protocol
draft-lukianets-open-ethics-transparency-protocol-latest
Abstract
The Open Ethics Transparency Protocol (OETP) is an application-level
protocol for publishing and accessing ethical Disclosures of IT
Products and their Components. The Protocol is based on HTTP
exchange of information about the ethical "postures", provided in an
open and standardized format. The scope of the Protocol covers
Disclosures for systems such as Software as a Service (SaaS)
Applications, Software Applications, Software Components, Application
Programming Interfaces (API), Automated Decision-Making (ADM)
systems, and systems using Artificial Intelligence (AI). OETP aims
to bring more transparent, predictable, and safe environments for the
end-users. The OETP Disclosure Schema is an extensible JSON-based
format.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 4 February 2025.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction
2. Requirement Levels
3. Terminology
4. Protocol Model
4.1. Creation of Disclosure
4.1.1. Cryptographic Signature
4.1.2. Immutable Storage
4.1.3. Visual Labeling
4.2. Access to Disclosure
4.2.1. Initial Request to a Disclosure file
4.2.2. Access to Visual Trust Labels
4.2.3. Requirements for placement of Integrity Signature in
Visual Label
4.2.4. Conformity assessment marks
4.2.5. Accessibility considerations
4.3. Verification and Validation of Disclosure
4.3.1. Automated Disclosure processing
4.3.2. Validation of Vendor's Disclosures
4.3.3. Verification of Vendor's Disclosures
4.3.4. Progressive Verification
4.4. End-to-end transparency and formation of the composite
Disclosure
4.4.1. Open Supplier Policy
4.4.2. Request for Supplier's Disclosures
4.4.3. Disclosure Chaining
4.4.4. Generation of the Composite Disclosure
5. Example OETP Disclosure File
6. Security Considerations
6.1. Response content
6.2. Spoofing
6.3. Falsification
7. IANA Considerations
8. Areas for Future Study
9. References
9.1. Normative References
9.2. Informative References
Appendix A. Appendix
A.1. Figures
A.1.1. Creation of Disclosure
A.1.2. Basic Disclosure Submission
A.1.3. Progressive Verification Scheme for Disclosures
A.1.4. Disclosure Chaining: Request-Response
A.1.5. Disclosure Chaining: Level Order Traversal
Acknowledgments
Author's Address
1. Introduction
The Open Ethics Transparency Protocol (OETP or Protocol) describes
the creation and exchange of voluntary ethics Disclosures for IT
products. It is brought as a solution to increase the transparency
of how IT products are built and deployed. This document provides
details on how disclosures for data collection and data processing
practice are formed, stored, validated, and exchanged in a
standardized and open format.
OETP provides facilities for:
* *Informed consumer choices* : End-users able to make informed
choices based on their own ethical preferences and product
disclosure.
* *Industrial-scale monitoring* : Discovery of best and worst
practices within market verticals, technology stacks, and product
value offerings.
* *Legally-agnostic guidelines* : Suggestions for developers and
product-owners, formulated in factual language, which are legally-
agnostic and could be easily transformed into product requirements
and safeguards.
* *Iterative improvement* : Digital products, specifically, the ones
powered by artificial intelligence could receive nearly real-time
feedback on how their performance and ethical posture could be
improved to cover security, privacy, diversity, fairness, power
balance, non-discrimination, and other requirements.
* *Labeling and certification* : Mapping to existing and future
regulatory initiatives and standards.
The Open Ethics Transparency Protocol (OETP) is an application-level
protocol for publishing and accessing ethical Disclosures of IT
products and their components. The Protocol is based on HTTP
exchange of information about the ethical "postures", provided in an
open and standardized format. The scope of the Protocol covers
Disclosures for systems such as Software as a Service (SaaS)
Applications, Software Applications, Software Components, Application
Programming Interfaces (API), Automated Decision-Making (ADM)
systems, and systems using Artificial Intelligence (AI). OETP aims
to bring more transparent, predictable, and safe environments for the
end-users. The OETP Disclosure Schema is an extensible JSON-based
format.
2. Requirement Levels
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Terminology
Disclosure: Disclosure (Ethics Disclosure, or self-disclosure) is
application-specific information about the data collection, data
processing, and decision-making practices of a Product, provided
by the Product Vendor (an individual developer or an
organization).
Disclosure Feed: A historical sequence of Disclosures, made for a
specific Product.
Disclosure Identity Provider: The automated Disclosure processing is
enabled by requests to both the Open Ethics Disclosure database
powered by Disclosure Identity Providers (DIP) and the Product's
OETP Disclosure file, stored in the product's website root
following OETP specification. DIP serves as a service point to
generate and retrieve generated disclosures.
OETP Disclosure Schema: A predefined structure for Disclosure,
supplied in the form of the JSON schema.
Transparency Manifest: A JSON file, typically named OETP.json or
transparency.json, storing the Disclosure using the defined OETP
Disclosure Schema.
Vendor: A legal person (an individual developer or an organization)
that owns one or several end-user Products, or acts as a Supplier
and provides Components for other Vendors.
Integrator: A legal person (an individual developer or an
organization) that deploys technology-powered services to the end-
users based on Product(s) from third-party Vendors.
Product: An IT system in the form of software, software as a service
system, application, software component, application programming
interface, or a physically embodied automated decision-making
agent.
Component: An IT system supplied by Vendor and integrated/embedded
into end-user Products. Components themselves do not necessarily
interface with end-users.
Upstream Component: A Component that sends its outputs to the
Product Downstream in the data processing chain. Disclosure for
the Upstream Component is represented as a Child relative to the
Disclosure node of the Downstream Product.
Downstream Component: A Component that receives inputs from the
Components Upstream in the data processing chain. Disclosure for
the Downstream Component is represented as a Parent relative to
the Disclosure node of the Upstream Component.
Automated Decision-Making (ADM): Automated decision-making is the
process of making a decision by automated means without any human
involvement. These decisions can be based on factual data, as
well as on digitally created profiles or inferred data.
Validation: A sequence of automated software-based checks to control
validity and security elements in the OETP Disclosure.
Auditor: A third-party legal person trusted to perform Verification
checks and to issue Verification Proofs.
Auditing software: An automated software-based tool authorized to
perform Verification checks and to issue Verification Proofs.
Verification: A procedure to control the correspondence of the
elements in the OETP Disclosure and the actual data processing and
data collection practices of the Vendors.
Verification Proof: A result of the formal Disclosure Verification
procedure presented to a requestor.
Chaining: A process of combining Disclosures of individual
Components into a composite high-level Disclosure for a Product.
Label: User-facing graphical illustrations and textual descriptions
of the Product that facilitate understanding of the values and
risks the Product carries.
4. Protocol Model
The Disclosure creation and delivery consist of the two parts,
starting from (I) the submission of the Disclosure form, chaining of
the Suppliers' Disclosures, Signature of the disclosed information,
and the delivery part (II) that first checks that the Disclosure is
Valid, and then that the information specified in it is Verified by
the third-parties. Figure 4 shows disclosure creation steps.
4.1. Creation of Disclosure
The initial Disclosure is created by filling out a standardized
disclosure form (for example, see 1. https://openethics.ai/label/
(https://openethics.ai/label/)). A Vendor representative, a Product
Owner, or a Developer, MUST submit data-processing and data-
collection information about the Product. The information about the
end-point URL, as well as a contact email address, MUST be specified.
Disclosure MAY also be created in a fully automated way as a part of
the CI/CD DevOps pipeline. Figure 5 shows basic disclosure
submission process.
4.1.1. Cryptographic Signature
The Disclosure is organized into a predefined data schema and MUST be
cryptographically signed by the Signature Generator (Open Ethics or
federated providers) using standard SHA3-512 hash implementation.
The integrity hash MUST be appended to a disclosure as the
OETP.schema.integrity element.
4.1.2. Immutable Storage
Both the signature integrity hash and the Disclosure SHOULD be stored
in the log-centric root database and MAY be mirrored by other
distributed databases for redundancy and safety.
4.1.3. Visual Labeling
Open Ethics Label SHOULD be automatically generated by mirroring the
submitted Disclosure into a set of graphical icons and simple human-
readable descriptions. Additional Labels MAY be generated following
successful third-party Verification and by mapping the regulatory
requirements to Verified Disclosures.
4.2. Access to Disclosure
4.2.1. Initial Request to a Disclosure file
The most recent OETP file SHOULD be stored in the root of the
Product's specified end-point URL, allowing requests to the OETP file
from third-party domains. When establishing a Vendor relationship,
the Integrator or a downstream Vendor MAY examine the Disclosure for
their Components using the following HTTP request: GET
https://testexample.com/oetp.json, where _testexample.com_ is the URL
of the Supplier's end-point.
4.2.2. Access to Visual Trust Labels
A Vendor SHOULD place a visual Label generated as a result of the
Disclosure process in the Product informational materials (for
example Marketing Materials, User Guides, Safety Instructions,
Privacy Policy, Terms of Service, etc). The Label reflects the
content of the Disclosure and SHOULD be displayed in any digital
media by embedding a software widget. Visual labels in the print
media SHOULD carry a visually distinguishable Integrity signature to
enable manual Validation by the User.
4.2.3. Requirements for placement of Integrity Signature in Visual
Label
* *Labels in the online digital media* MUST be generated
automatically based on the content of the Disclosure and MUST
contain a URL allowing to check the complete Integrity hash and
explore more detailed information about the Disclosure.
* *Labels in the offline media* MUST be generated automatically
based on the content of the Disclosure and should carry the first
10 digits of the corresponding Integrity hash.
4.2.4. Conformity assessment marks
Based on the Verification performed for the OETP Disclosure file, the
labels MAY include Conformity assessment marks, Certification marks,
as well as marks showing adherence to certain standards. These marks
MAY be generated and displayed automatically based on the
Verification Proofs.
4.2.5. Accessibility considerations
Accessibility of the Labels for the visually impaired Users SHOULD be
considered. The OETP Processing system MUST provide alternative
forms of the Label so that text-to-speech tools could be used to
narrate the Label without the lost of meaning.
1) A Label MUST contain a title. Title could be either marked by the
aria-label attribute for the narration software or be labeled by
another content tag(s) present via aria-labelledby attribute,
pointing to the ID(s) describing the label content.
Figure 1: Example Label Snippet Content
2) Every icon that is present in the visual Label MUST contain a
title, describing the property illustrated by the icon. A more
extended description MAY be provided when necessary. The following
patterns are suggested:
* Pattern for images embedded using SVG tags: + role="img" +
alt="[title text here]" OR + role="img" + aria-label="[title
text here]"
* Pattern for images embedded using IMG tags: