Content Trust Framework (CTF)
The Content Trust Framework is a module responsible for digitally certifying and signing content (FHIR resources) to maintain trustworthiness, integrity, and traceability across the production chain in FOSPS.
Purpose
CTF ensures that all content in FOSPS is:
- Trustworthy: From verified sources
- Intact: Not tampered with
- Traceable: Full provenance chain available
- Certifiable: Digitally signed and verifiable
Components
Integrity Module
Ensures content has not been modified:
- Digital signatures
- Hash verification
- Tamper detection
Provenance Engine
Creates and manages Provenance statements tracking:
- Who created/modified content
- When changes occurred
- Why modifications were made
- What resources were involved
Trust Functions
Trust Functions that:
- Analyze provenance trees
- Calculate trust scores
- Provide trust metrics to users
Technology Stack
- Digital Signatures: Cryptographic signing of FHIR resources
- Blockchain Backend: Guardtime KSI for immutability
- Rsyslog Integration: Secure log management
- Audit Log: Activity tracking
Resources Protected
CTF applies to:
- ePI bundles
- IPS records
- Lenses
- Supporting Material
- Provenance records themselves
Verification Process
- Retrieve FHIR resource
- Extract digital signature
- Verify against blockchain ledger
- Check Provenance chain
- Calculate trust score via Trust Function
Integration Points
- Connectors: Generate provenance on data retrieval
- Focusing Manager: Verify ePI integrity
- FHIR Server: Store signed resources
- CTF Inspector: User interface for verification
Related Concepts
- Provenance - Traceability records
- Trust Function - Trust scoring
- Audit Log - Activity logging
- CTF Inspector - Inspection tool
- FOSPS - Platform architecture