Two of the near-neighbour mechanisms were examined early in this review from their specifications: provenance, through the W3C standard, and policy, through the dominant policy engine. Reading a specification establishes what a mechanism does. It does not establish that the mechanism sits at the edge of a whole field that stops in the same place. This entry widens both, from the spec to the field around it, to confirm that the boundary found in the specification is the boundary of the discipline, and to trace where each field came from.
Provenance, from its foundations
The provenance field has a founding survey, and it draws the line this work depends on in its own opening words. Provenance, it says, offers the means to verify data products, to infer their quality, and to decide whether they can be trusted (Moreau, 2010). The verb is telling. Provenance offers the means to decide; the deciding is done by someone, or something, else. The survey is explicit that on the emerging Semantic Web, reasoners will need explicit representations of provenance in order to make the trust judgements they use (Moreau, 2010). Provenance is the input to a trust judgement made by a separate reasoner. It is not the judgement.
The genealogy explains why. Provenance grew from the database, workflow, and e-science communities, where it served as a logbook: a record capturing the steps involved in the actual derivation of a result, so that the derivation could be replayed and validated. A logbook records what happened. It does not rule on what may happen next. And those early systems, the survey notes, dealt with closed worlds, where a workflow or database engine had full control of the data it managed and tracked provenance within its own scope but not beyond. The entire motivation for provenance on the web was to break out of that closed scope, to let a record of origin travel across systems that do not control one another. That crossing is the handover boundary at the centre of this work. The provenance field built a vocabulary to describe what happened across that boundary. It did not build a mechanism to decide, at that boundary, whether what arrives is sufficient to act on.
The field does reach toward adjudication at one point, and it is worth being precise about where it stops. The survey covers provenance-based auditing: using a record of past processes to check them against rules or regulations. But this is retrospective and it presupposes standing. It checks whether a process that already happened conformed to a policy, and it depends on the provenance itself first being authentic. It is a check on the past, not a representation of a claim's basis for a prospective action. Nearer the question this work asks, and still short of it.
That this is the shape of the whole field, and not one survey's view, is worth establishing, because a single source is an opinion and three independent ones are a finding. The earlier e-science survey of provenance techniques draws the identical line, and in almost the same words: it is not enough, it argues, to have an abstract notion that a dataset is from a reliable source; this has to be backed by a detailed history of the data that will allow the user to apply their own metrics to determine if the data is acceptable. The record is the history; the acceptability judgement is the user's, made with the user's own metrics. And the survey of provenance for security enforcement, which is the nearest the field comes to using provenance to make decisions, keeps the same separation. There, provenance is captured as a trace of what happened, and a separate analyzer, invoked after the fact, reconstructs an attack from it (Alam and Wang, 2021). The provenance records; the analyzer determines. Even in the branch built expressly for enforcement, the record and the decision are two different things, and the decision is retrospective, a reconstruction of a past event rather than a judgement on a present one. Three surveys, spanning the web, e-science, and security branches of the field, reach the same boundary independently.
The same field, aimed at machine learning
A recent strand of provenance-shaped work aims directly at machine learning, in the form of model cards (Mitchell et al., 2019) and datasheets (Gebru et al., 2018): short documents that accompany a model or a dataset and record what it is, how it was made, and what it is and is not suited for. These come closer to this work's concern than classical provenance does, because they explicitly address use. A model card names a model's intended uses and its out-of-scope uses, in the spirit of a warning label: not for use on inputs shorter than a certain length, and so on. A datasheet records a dataset's recommended and discouraged uses.
But they stop at the same boundary, and for the same reason as everything else in this review. They describe the model or dataset in general, at the time it is created, for a human reader to consult. They are documentation and transparency artefacts, not mechanisms that adjudicate an individual output at the moment of use. A model card's statement of intended use is guidance to a person choosing whether to adopt a model; it is not a representation, carried with a particular prediction, of whether that prediction's basis suffices for the specific action about to be taken on it. The strand reaches toward fitness-for-purpose and then hands it, as a written note, to a human. That is the recurring shape: description, however much it gestures at use, is not permission.
Policy, confirmed from its field
The policy engine was already shown, from its own documentation, to be a general-purpose evaluator that reasons over whatever attributes it is given and supplies no model of what those attributes mean. The surrounding field, defined authoritatively by the standard guide to attribute-based access control, confirms rather than complicates this. That standard defines the access control mechanism as the component that receives a request, decides, and enforces, while the policy it applies is authored separately, from the perspective of the object being protected. The mechanism evaluates supplied policy over supplied attributes; it does not originate either. Attribute-based access control is, by design, a framework for evaluating rules over attributes of a subject, a resource, an action, and an environment, supplied to it from outside. The whole point of the paradigm is that it is content-neutral: it will enforce whatever policy it is handed, over whatever attributes are provided. It presupposes that someone has defined the attributes and what they should permit. That definitional work, for a claim's evidentiary basis and the actions that basis can warrant, is precisely the contribution this work makes and precisely what the policy field expects to receive rather than to produce.
The access-control standard contains one passage that comes strikingly close to this work, and it is worth meeting head on. It describes an optional idea it calls a metaattribute: a measure of confidence attached to an attribute, combining a score for the authority behind it, its freshness, and how often it is validated, and it notes that such a measure may even be used as input to the access decision. This is nearer to admissibility than anything else the policy field offers, because it is a score about how far an attribute can be trusted, feeding a decision. But it remains, on inspection, the same shape as the rest. The measure is something an implementer must define and supply; it concerns the attribute's authority and freshness, not a claim's evidentiary basis for a specific action; and the standard offers it as a consideration, not a model. What the passage actually shows is that the policy field has left a slot open, a place where a measure of basis could be fed in, without itself providing what fills it. That is the strongest possible form of this review's recurring conclusion about policy: the engine is ready to evaluate a model of basis, and waits to be given one.
What widening the two fields settles
Neither field survey changed the finding; both deepened it. Provenance, from its foundations, is a discipline of describing origin, whose relationship to trust is to feed a judgement made elsewhere, and whose newest ML-facing forms gesture at use but still only in a document for a human. Policy, across its field, is a discipline of evaluating supplied rules over supplied attributes, which presupposes the model this work builds. The boundary that the specifications drew is the boundary the fields draw. The gap sits between them, where a claim's basis would have to be represented and carried and adjudicated for an action, and neither the field that records origin nor the field that evaluates rules occupies it.
References
Moreau, L. (2010). The Foundations for Provenance on the Web. Foundations and Trends in Web Science, 2(2-3). doi.org/10.1561/1800000010 · read copy
Mitchell, M., Wu, S., Zaldivar, A., Barnes, P., Vasserman, L., Hutchinson, B., Spitzer, E., Raji, I. D. and Gebru, T. (2019). Model Cards for Model Reporting. FAT* 2019. arxiv.org/abs/1810.03993
Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J. W., Wallach, H., Daumé III, H. and Crawford, K. (2018). Datasheets for Datasets. arXiv:1803.09010. arxiv.org/abs/1803.09010
Simmhan, Y. L., Plale, B. and Gannon, D. (2005). A Survey of Data Provenance Techniques. Indiana University TR IUB-CS-TR618. scholarworks.iu.edu · read copy
Alam, M. M. and Wang, W. (2021). A Survey on Data Provenance Approaches for Security Enforcement. Journal of Computer Security 29(4). arxiv.org/abs/2107.01678 · read copy
NIST (Hu, V. C., et al.) (2014). Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST SP 800-162. doi.org/10.6028/NIST.SP.800-162 · read copy