Ir al contenido principal

R-CON: Consent & Benefit Rules

R-CON-01 Revocation Cascades Immediately

When a Community Sovereign revokes FPIC for a territory, all downstream credentials (DCCs, EUDR DDS) that relied on data from that territory are immediately flagged status: suspended. Third parties holding those credentials are notified via webhook within 60 seconds.

Implementation: FPIC revocation event triggers cascade_revoke() Postgres function. Downstream credential IDs stored in fpic_dependencies table. Webhook queue processes within 60s SLA.
R-CON-02 Purpose Limitation Enforced at Runtime

Data may only be used for the purposes declared in the FPIC credential and the submission metadata. An agent or API call requesting data for an undeclared purpose (e.g. using EUDR data for a carbon market without explicit consent) is rejected by OPA.

Implementation: OPA purpose.rego compares request.purpose claim against fpic.permitted_purposes[] array. Rejection logged as PROV-O wasInvalidatedBy event.
R-CON-03 Benefit-Sharing Terms in Ledger

Any commercial use of community data (carbon credits, premium certification fees, data licensing) requires a benefit-sharing agreement recorded in the governance ledger before data access is granted. Minimum 20% of net commercial value must flow to contributing community.

Implementation: Benefit-sharing contract hash stored in benefit_agreements table. OPA commercial.rego blocks commercial data access if no valid agreement present.
⚠️ Important: R-CON-01 is the hardest rule in the framework. Revocation can cascade to invalidate export documents that third parties (coffee buyers, EU customs) are relying on. CTH Data Stewards must proactively manage community relationships to avoid surprise revocations.

No hay comentarios para mostrar

Volver arriba