Skip to main content

SPICE Traceability CWT Claims
draft-prorock-spice-cwt-traceability-claims-00

Document Type Active Internet-Draft (individual)
Author Michael Prorock
Last updated 2024-11-05
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-prorock-spice-cwt-traceability-claims-00
Secure Patterns for Internet CrEdentials                      M. Prorock
Internet-Draft                                                  mesur.io
Intended status: Informational                           5 November 2024
Expires: 9 May 2025

                     SPICE Traceability CWT Claims
             draft-prorock-spice-cwt-traceability-claims-00

Abstract

   This document proposes additional claims for CBOR Web Tokens (CWT) to
   support traceability of physical goods across supply chains, focusing
   on items such as bills of lading, transport modes, and container
   manifests.  These claims aim to standardize the encoding of essential
   logistics and transport metadata, facilitating enhanced transparency
   and accountability in global supply chains.

About This Document

   This note is to be removed before publishing as an RFC.

   The latest revision of this draft can be found at
   https://mprorock.github.io/draft-prorock-spice-cwt-traceability-
   claims/draft-prorock-spice-cwt-traceability-claims.html.  Status
   information for this document may be found at
   https://datatracker.ietf.org/doc/draft-prorock-spice-cwt-
   traceability-claims/.

   Discussion of this document takes place on the Secure Patterns for
   Internet CrEdentials mailing list (mailto:spice@ietf.org), which is
   archived at https://mailarchive.ietf.org/arch/browse/spice/.
   Subscribe at https://www.ietf.org/mailman/listinfo/spice/.

   Source for this draft and an issue tracker can be found at
   https://github.com/mprorock/draft-prorock-spice-cwt-traceability-
   claims.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

Prorock                    Expires 9 May 2025                   [Page 1]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 9 May 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
     3.1.  4.  IANA Considerations . . . . . . . . . . . . . . . . .   4
     3.2.  CBOR Web Token (CWT) Claims . . . . . . . . . . . . . . .   4
       3.2.1.  Goods Identifier  . . . . . . . . . . . . . . . . . .   4
       3.2.2.  Shipment ID . . . . . . . . . . . . . . . . . . . . .   4
       3.2.3.  Bill of Lading Number . . . . . . . . . . . . . . . .   4
       3.2.4.  Transport Mode  . . . . . . . . . . . . . . . . . . .   4
       3.2.5.  Container ID  . . . . . . . . . . . . . . . . . . . .   5
       3.2.6.  Origin Location . . . . . . . . . . . . . . . . . . .   5
       3.2.7.  Destination Location  . . . . . . . . . . . . . . . .   5
       3.2.8.  Carrier ID  . . . . . . . . . . . . . . . . . . . . .   5
       3.2.9.  Estimated Delivery Date . . . . . . . . . . . . . . .   5
       3.2.10. Customs Declaration Number  . . . . . . . . . . . . .   6
       3.2.11. Commodity Description . . . . . . . . . . . . . . . .   6
       3.2.12. HS Code . . . . . . . . . . . . . . . . . . . . . . .   6
       3.2.13. Gross Weight  . . . . . . . . . . . . . . . . . . . .   6
       3.2.14. Temperature Min Requirement . . . . . . . . . . . . .   6
       3.2.15. Temperature Max Requirement . . . . . . . . . . . . .   7
       3.2.16. Last Known Location . . . . . . . . . . . . . . . . .   7
       3.2.17. Tariff Code . . . . . . . . . . . . . . . . . . . . .   7
       3.2.18. Country of Origin . . . . . . . . . . . . . . . . . .   7
       3.2.19. Customs Value . . . . . . . . . . . . . . . . . . . .   7
       3.2.20. Currency Code . . . . . . . . . . . . . . . . . . . .   8

Prorock                    Expires 9 May 2025                   [Page 2]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

       3.2.21. Import/Export License Number  . . . . . . . . . . . .   8
       3.2.22. Sanctions Reference . . . . . . . . . . . . . . . . .   8
       3.2.23. Legal Jurisdiction  . . . . . . . . . . . . . . . . .   8
       3.2.24. Importer Code . . . . . . . . . . . . . . . . . . . .   8
       3.2.25. Exporter Code . . . . . . . . . . . . . . . . . . . .   9
       3.2.26. Incoterms . . . . . . . . . . . . . . . . . . . . . .   9
       3.2.27. Regulatory Compliance Codes . . . . . . . . . . . . .   9
       3.2.28. Additional Documents Required . . . . . . . . . . . .   9
       3.2.29. Freight Charges . . . . . . . . . . . . . . . . . . .   9
       3.2.30. Insurance Charges . . . . . . . . . . . . . . . . . .  10
       3.2.31. Packing Costs . . . . . . . . . . . . . . . . . . . .  10
       3.2.32. Place of Loading  . . . . . . . . . . . . . . . . . .  10
       3.2.33. Place of Discharge  . . . . . . . . . . . . . . . . .  10
       3.2.34. Consignee Information . . . . . . . . . . . . . . . .  10
       3.2.35. Consignor Information . . . . . . . . . . . . . . . .  11
       3.2.36. Customs Declaration Date  . . . . . . . . . . . . . .  11
   4.  Normative References  . . . . . . . . . . . . . . . . . . . .  11
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  11
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   This document defines a set of claims for CBOR Web Tokens (CWT)
   intended to enable the traceability of physical goods across various
   stages of transportation and storage.  These claims capture critical
   information necessary for documenting the movement of goods in supply
   chains, thereby supporting regulatory compliance and operational
   efficiency.

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Security Considerations

   These claims are designed to enhance transparency in supply chain
   tracking but should be handled securely to prevent unauthorized
   access to sensitive data.  Confidentiality and integrity of these
   claims must be considered, particularly when shared across untrusted
   or unsecured networks.  Use of selective disclosure techniques and
   careful consideration of data minimization requirements SHOULD be
   considered when using these claims.

Prorock                    Expires 9 May 2025                   [Page 3]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.1.  4.  IANA Considerations

3.2.  CBOR Web Token (CWT) Claims

   IANA is requested to add the following entries to the CWT claims
   registry (https://www.iana.org/assignments/cwt/cwt.xhtml).

3.2.1.  Goods Identifier

   The following completed registration template per RFC8392 is
   provided:

   Name: product_id Label: TBD Value Type: text string Value Registry:
   (empty) Description: A unique identifier for the physical product(s)
   or shipment being tracked.  May correspond to SKU, product ID, or
   batch number.  Reference: RFC XXXX

3.2.2.  Shipment ID

   The following completed registration template per RFC8392 is
   provided:

   Name: shipment_id Label: TBD Value Type: text string Value Registry:
   (empty) Description: Unique identifier assigned to a specific
   shipment.  Reference: RFC XXXX

3.2.3.  Bill of Lading Number

   The following completed registration template per RFC8392 is
   provided:

   Name: bill_of_lading_number Label: TBD Value Type: text string Value
   Registry: (empty) Description: Identifier for the bill of lading
   associated with the goods.  Reference: RFC XXXX

3.2.4.  Transport Mode

   The following completed registration template per RFC8392 is
   provided:

   Name: transport_mode Label: TBD Value Type: text string (recommended
   values: “air,” “sea,” “rail,” “truck”) Value Registry: (empty)
   Description: Mode of transport used for the shipment.  Reference: RFC
   XXXX

Prorock                    Expires 9 May 2025                   [Page 4]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.5.  Container ID

   The following completed registration template per RFC8392 is
   provided:

   Name: container_id Label: TBD Value Type: text string Value Registry:
   (empty) Description: Unique identifier for the container used in the
   shipment.  Reference: RFC XXXX

3.2.6.  Origin Location

   The following completed registration template per RFC8392 is
   provided:

   Name: origin_location Label: TBD Value Type: text string Value
   Registry: (empty) Description: Geographical origin of the goods,
   represented as a location code (e.g., ISO country code) or specific
   address.  Reference: RFC XXXX

3.2.7.  Destination Location

   The following completed registration template per RFC8392 is
   provided:

   Name: destination_location Label: TBD Value Type: text string Value
   Registry: (empty) Description: Final destination of the goods in the
   shipment.  Reference: RFC XXXX

3.2.8.  Carrier ID

   The following completed registration template per RFC8392 is
   provided:

   Name: carrier_id Label: TBD Value Type: text string Value Registry:
   (empty) Description: Identifier for the carrier or logistics provider
   responsible for the shipment.  Reference: RFC XXXX

3.2.9.  Estimated Delivery Date

   The following completed registration template per RFC8392 is
   provided:

   Name: estimated_delivery_date Label: TBD Value Type: text string
   (ISO8601 format) Value Registry: (empty) Description: Expected
   delivery date for the shipment.  Reference: RFC XXXX

Prorock                    Expires 9 May 2025                   [Page 5]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.10.  Customs Declaration Number

   The following completed registration template per RFC8392 is
   provided:

   Name: customs_declaration_number Label: TBD Value Type: text string
   Value Registry: (empty) Description: Identifier for the customs
   declaration associated with the shipment.  Reference: RFC XXXX

3.2.11.  Commodity Description

   The following completed registration template per RFC8392 is
   provided:

   Name: commodity_description Label: TBD Value Type: text string Value
   Registry: (empty) Description: Description of the commodity or goods
   being transported.  Reference: RFC XXXX

3.2.12.  HS Code

   The following completed registration template per RFC8392 is
   provided:

   Name: hs_code Label: TBD Value Type: text string Value Registry:
   (empty) Description: Harmonized System (HS) code for the goods.
   Reference: RFC XXXX

3.2.13.  Gross Weight

   The following completed registration template per RFC8392 is
   provided:

   Name: gross_weight Label: TBD Value Type: integer Value Registry:
   (empty) Description: Gross weight of the shipment, in kilograms.
   Reference: RFC XXXX

3.2.14.  Temperature Min Requirement

   The following completed registration template per RFC8392 is
   provided:

   Name: temperature_requirement_min Label: TBD Value Type: float Value
   Registry: (empty) Description: Minimum temperature (in Celsius)
   required for transport or storage of the goods.  Reference: RFC XXXX

Prorock                    Expires 9 May 2025                   [Page 6]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.15.  Temperature Max Requirement

   The following completed registration template per RFC8392 is
   provided:

   Name: temperature_requirement_max Label: TBD Value Type: float Value
   Registry: (empty) Description: Maximum temperature (in Celsius)
   required for transport or storage of the goods.  Reference: RFC XXXX

3.2.16.  Last Known Location

   The following completed registration template per RFC8392 is
   provided:

   Name: last_known_location Label: TBD Value Type: text string Value
   Registry: (empty) Description: Most recent location update for the
   goods.  Reference: RFC XXXX

3.2.17.  Tariff Code

   The following completed registration template per RFC8392 is
   provided:

   Name: tariff_code Label: TBD Value Type: text string Value Registry:
   (empty) Description: Tariff code applicable to the goods, including
   national tariff classifications or specific duty codes.  Reference:
   RFC XXXX

3.2.18.  Country of Origin

   The following completed registration template per RFC8392 is
   provided:

   Name: country_of_origin Label: TBD Value Type: text string (ISO
   3166-1 alpha-2 country code) Value Registry: (empty) Description: The
   country where the goods were produced or manufactured.  Reference:
   RFC XXXX

3.2.19.  Customs Value

   The following completed registration template per RFC8392 is
   provided:

   Name: customs_value Label: TBD Value Type: float Value Registry:
   (empty) Description: Declared value of the goods for customs
   purposes, typically in the transaction currency.  Reference: RFC XXXX

Prorock                    Expires 9 May 2025                   [Page 7]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.20.  Currency Code

   The following completed registration template per RFC8392 is
   provided:

   Name: currency_code Label: TBD Value Type: text string (ISO 4217
   currency code) Value Registry: (empty) Description: Currency code for
   the customs value and other monetary amounts, as per ISO 4217.
   Reference: RFC XXXX

3.2.21.  Import/Export License Number

   The following completed registration template per RFC8392 is
   provided:

   Name: license_number Label: TBD Value Type: text string Value
   Registry: (empty) Description: License or permit number required for
   the import or export of the goods.  Reference: RFC XXXX

3.2.22.  Sanctions Reference

   The following completed registration template per RFC8392 is
   provided:

   Name: sanctions_reference Label: TBD Value Type: text string Value
   Registry: (empty) Description: Reference to applicable sanctions
   lists or regulations affecting the goods or involved parties.
   Reference: RFC XXXX

3.2.23.  Legal Jurisdiction

   The following completed registration template per RFC8392 is
   provided:

   Name: legal_jurisdiction Label: TBD Value Type: text string Value
   Registry: (empty) Description: Legal jurisdiction(s) governing the
   transaction, represented as country codes or specific legal
   identifiers.  Reference: RFC XXXX

3.2.24.  Importer Code

   The following completed registration template per RFC8392 is
   provided:

   Name: importer_code Label: TBD Value Type: text string Value
   Registry: (empty) Description: Code identifying the importer, such as
   a VAT number or EORI number.  Reference: RFC XXXX

Prorock                    Expires 9 May 2025                   [Page 8]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.25.  Exporter Code

   The following completed registration template per RFC8392 is
   provided:

   Name: exporter_code Label: TBD Value Type: text string Value
   Registry: (empty) Description: Code identifying the exporter, such as
   a VAT number or EORI number.  Reference: RFC XXXX

3.2.26.  Incoterms

   The following completed registration template per RFC8392 is
   provided:

   Name: incoterms Label: TBD Value Type: text string Value Registry:
   (empty) Description: International commercial terms defining
   responsibilities between buyer and seller, e.g., "FOB," "CIF."
   Reference: RFC XXXX

3.2.27.  Regulatory Compliance Codes

   The following completed registration template per RFC8392 is
   provided:

   Name: regulatory_compliance_codes Label: TBD Value Type: array of
   text strings Value Registry: (empty) Description: Codes indicating
   compliance with specific regulations or standards (e.g., safety
   certifications, environmental standards).  Reference: RFC XXXX

3.2.28.  Additional Documents Required

   The following completed registration template per RFC8392 is
   provided:

   Name: additional_documents_required Label: TBD Value Type: array of
   text strings Value Registry: (empty) Description: List of additional
   documents required for customs clearance, such as certificates of
   origin or inspection reports.  Reference: RFC XXXX

3.2.29.  Freight Charges

   The following completed registration template per RFC8392 is
   provided:

   Name: freight_charges Label: TBD Value Type: float Value Registry:
   (empty) Description: Transportation costs associated with the
   shipment, used for customs valuation.  Reference: RFC XXXX

Prorock                    Expires 9 May 2025                   [Page 9]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.30.  Insurance Charges

   The following completed registration template per RFC8392 is
   provided:

   Name: insurance_charges Label: TBD Value Type: float Value Registry:
   (empty) Description: Insurance costs for the shipment, used in
   determining customs value.  Reference: RFC XXXX

3.2.31.  Packing Costs

   The following completed registration template per RFC8392 is
   provided:

   Name: packing_costs Label: TBD Value Type: float Value Registry:
   (empty) Description: Costs associated with packing the goods,
   relevant for customs valuation.  Reference: RFC XXXX

3.2.32.  Place of Loading

   The following completed registration template per RFC8392 is
   provided:

   Name: place_of_loading Label: TBD Value Type: text string Value
   Registry: (empty) Description: Location where the goods were loaded
   for shipment, often a port or warehouse.  Reference: RFC XXXX

3.2.33.  Place of Discharge

   The following completed registration template per RFC8392 is
   provided:

   Name: place_of_discharge Label: TBD Value Type: text string Value
   Registry: (empty) Description: Location where the goods are scheduled
   to be unloaded.  Reference: RFC XXXX

3.2.34.  Consignee Information

   The following completed registration template per RFC8392 is
   provided:

   Name: consignee_information Label: TBD Value Type: map Value
   Registry: (empty) Description: Information about the consignee,
   including name, address, and contact details.  Reference: RFC XXXX

Prorock                    Expires 9 May 2025                  [Page 10]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

3.2.35.  Consignor Information

   The following completed registration template per RFC8392 is
   provided:

   Name: consignor_information Label: TBD Value Type: map Value
   Registry: (empty) Description: Information about the consignor,
   including name, address, and contact details.  Reference: RFC XXXX

3.2.36.  Customs Declaration Date

   The following completed registration template per RFC8392 is
   provided:

   Name: customs_declaration_date Label: TBD Value Type: text string
   (ISO8601 date format) Value Registry: (empty) Description: Date when
   the customs declaration was made.  Reference: RFC XXXX

4.  Normative References

   [BCP205]   Best Current Practice 205,
              <https://www.rfc-editor.org/info/bcp205>.
              At the time of writing, this BCP comprises the following:

              Sheffer, Y. and A. Farrel, "Improving Awareness of Running
              Code: The Implementation Status Section", BCP 205,
              RFC 7942, DOI 10.17487/RFC7942, July 2016,
              <https://www.rfc-editor.org/info/rfc7942>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [RFC8392]  Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
              "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
              May 2018, <https://www.rfc-editor.org/rfc/rfc8392>.

Acknowledgments

   TODO acknowledge.

Author's Address

Prorock                    Expires 9 May 2025                  [Page 11]
Internet-Draft        SPICE Traceability CWT Claims        November 2024

   Michael Prorock
   mesur.io
   Email: mprorock@mesur.io

Prorock                    Expires 9 May 2025                  [Page 12]