- 1 Why use provenance and PROV?
- 2 Use Case Summaries
- 2.1 Compliance Risk (a type of Risk Management):
- 2.2 Health Care (Finding contradictory / complementary findings on the same topic in medical text)
- 2.3 Epistemological Bias (Bias in scientic / research texts)
- 2.4 Expert Systems (Notions of trust and confidence in ingested data)
- 2.5 Supply Chain (source of ingredients)
- 2.6 Social Business (trust, confidence, reputation)
- 2.7 General Ledger (greater tranparency for auditing)
Why use provenance and PROV?
There are a wide variety of use cases for provenance and in particular for interchanging provenance using PROV. You can find a list of use cases and three scenarios gathered by the W3C Provenance Incubator Group here:
- The Importance of Provenance
- These are also documented in the paper Requirements for Provenance on the Web
Below are a series of focused use case descriptions in various domains and how PROV is applicable there.
Use Case Summaries
Compliance Risk (a type of Risk Management):
What is Compliance Risk?
Companies are subject to a wide range of rules and regulations that apply directly to their internal operations and the products and services they provide. Compliance to these regulations are essential for a company to operate transparently and ethically in their particular markets. They are required to prove compliance to the imposed regulations through internal and external auditing processes .
These processes are usually manual where the auditors sample and inspect the process documentation generated by the company being audited. This is both time consuming and potentially subject to error. Applying the Provenance architecture and methodology to business processes as they execute has the potential to improve the quality of the auditing processes, improve the transparency of a company’s compliance to the regulations and provide cost benefits which impact profitability.
How can Provenance help?
The question of whether (or how) the content of a particular electronic document has changed since its creation is very much an integrity question in the security world; it is equally well a proper question for the analysis for a document’s provenance .
An assessment of the trustworthiness of information sources and the products derived from them is of fundamental importance. Not only is the trustworthiness of a source of interest, but the way in which information changes as it is processed and disseminated between people and groups .
Health Care (Finding contradictory / complementary findings on the same topic in medical text)
Epistemological Bias (Bias in scientic / research texts)
Expert Systems (Notions of trust and confidence in ingested data)
Supply Chain (source of ingredients)
Suppose I had an app on my mobile phone which I could take to a supermarket and could scan the barcode of a product. From that, I could get a history of its creation. I might now want to know all the details as a consumer, but for a given soup I could scan the barcode and know when and where the ingredients were manufactured.
Social Business (trust, confidence, reputation)
Finding experts, trust relationships and reputation - goes beyond LinkedIn concept of a 1st relationship. Provenance can be used to see who interacts, how frequently that interaction occurs, when and where, etc.
General Ledger (greater tranparency for auditing)
The General Ledger is the core component of any company’s accounting system. It contains the set of “books” containing records of all the financial transactions that flow through the company and therefore provides a permanent record of the financial history of the company. The General Ledger may contain other sub-ledgers for items such as cash, accounts receivable and accounts payable. All entries posted to these sub-ledgers will be reconciled and visible through the General Ledger account. The set of financial transactions contained within the General Ledger are periodically audited by external auditors who then certify the financial health of a company; the company is then able to report its financial results to external investors.
In addition to the transactions recorded in a General Ledger, companies must also describe the processes they use to update entries in the General Ledger. These transparency requirements are imposed to combat fraudulent transactions that may influence a company’s financial state. In this case, an auditor has not only to certify the accounts of a company but also the processes used by the company in generating the accounts.
Enabling provenance would require the following information items within a Provenance data model:
- Identifiers for each General Ledger transaction
- The roles and identities of users preparing, approving and posting the General Ledger transactions
- Timestamps recording when the individual process steps took place
- Codes confirming that each process step completed satisfactorily
- For security and protection against tampering, the Provenance documentation can be cryptographically signed
With provenance enabled in the process, an auditor may pose the following types of queries:
- For a particular transaction in the General Ledger, did the users approving the transaction have sufficient authority?
- Were the defined steps in the accounting process followed sequentially?
- Were the supporting documents for a particular transaction approved at the correct time?
- Are there any transactions in the General Ledger that were inserted that did not follow the necessary process?
- Have any transactions been altered since they were first entered into the General Ledger?