Provenance¶
Core Idea¶
Provenance is the traceable, documented record of an entity's origin, custody transfers, and transformations over time, as Moreau and Missier (2013) formalize in the W3C PROV-DM data model. It establishes authenticity, enables verification of claims, and creates accountability by making visible the chain through which something came to exist and passed through successive hands, contexts, or states. [1] The concept emerged from art-historical authentication and archival science but now extends across software supply chains, scientific data management, food safety, cryptocurrency, legal evidence, and organizational decision trails. Provenance answers a foundational epistemic problem: how do we verify that something is what it claims to be, and how do we assign responsibility or credit for subsequent transformations?
How would you explain it like I'm…
Where-It-Came-From Story
Origin and History Record
Origin and Custody Record
Structural Signature¶
Provenance encodes a sequential pattern: origin-point → custody-chain → documented-transfers → gap-detection → claim-verification, an organizing schema Simmhan, Plale, and Gannon (2005) document in their survey of data provenance in scientific computing. It separates an item's earliest known state from its present state and names every documented hand-off and custody change in between. [2] The structure is retrospective and evidence-dependent: provenance is only as strong as the weakest link in the chain, and any unwitnessed gap can render the entire record suspect.
Recurring features:
- Traceable record of origin and ownership history
- Chain of custody and documented transfers
- Verification of authenticity through documented chain
- Earliest recorded state and subsequent transitions
- Gap detection and explanation of missing links
- Attribution and responsibility assignment
- Tamper-evidence and custody integrity
The structural pattern is domain-agnostic: a painting's ownership history, a software artifact's build lineage, a dataset's preprocessing pipeline, a legal exhibit's handling chain, and a supply-chain shipment's route all exhibit the same logic of linking origin to present state through documented intermediates, a substrate-independence Moreau et al. (2008) develop in the open provenance model (PASOAR). [3]
What It Is Not¶
Provenance is not mere origin-statement. A label reading "made in Japan" names an origin but conveys no provenance; it is not documentary, not traceable, not verifiable through custody chain. Provenance requires witnesses, documentation, and sequential linking, a distinction Duranti (1995) elaborates in her diplomatic-archival treatment of authenticity. [4]
It is also not identical to traceability. Traceability is the capacity to trace backward (often through technical infrastructure like supply-chain logs or git commit history); provenance is the claim that a documented chain exists and supports authenticity or attribution. A system can be highly traceable (every step is logged) yet yield weak provenance if documentation is sparse, incomplete, or contradicts itself.
Nor is provenance equivalent to "pedigree" in the sense of categorical lineage (this object belongs to a museum collection, this data comes from a reputable lab). Provenance is more specific: it names the actual history of the item, not just its class, as Pearce (1992) develops in her museological account of object biography. [5]
Broad Use¶
Art history & authentication: Painting provenance (ownership history from creation through sales and museum acquisition); attribution of authorship through documented chain; market-driven value where objects without provenance command zero price or face legal seizure.
Archives & museums: Chain of custody for manuscripts, artifacts, evidence; archival finding aids mapping the provenance of document collections; conservation protocols that preserve provenance integrity by not separating items from their original context.
Supply chain & food safety: Tracing food origin through producer-processor-distributor-retailer chain to enable contamination accountability; conflict-mineral certification requiring provenance documentation; manufacturer recall requiring provenance to identify affected batches and destinations, applications Olsen and Borit (2013) catalogue in their review of food-supply traceability mechanisms. [6]
Software & build systems: Software artifact provenance (dependencies, compiler versions, build environment); SLSA (Supply-chain Levels for Software Artifacts) framework for attesting build integrity; reproducible builds verifying that source code converts to binary through documented, repeatable provenance.
Data science & FAIR principles: Data provenance (preprocessing history, outlier removal, feature engineering); citation chains enabling researchers to credit original data sources; metadata preservation supporting later reanalysis and error correction.
Legal evidence & admissibility: Chain of custody for physical evidence (whose hands has it passed through, were conditions controlled, was tampering prevented); electronic evidence requiring timestamps and access logs; authentication of signatures or documents through documentary chain.
Cryptocurrency & NFT: On-chain provenance (transaction history of blockchain artifacts, public key signatures verifying transfers), the architecture Nakamoto (2008) introduced in the Bitcoin whitepaper; NFT provenance often problematic—the blockchain records token transfer but not the authenticity or original creation of the underlying asset. [7]
Organizational & decision trail: Records of decision-making process (who recommended what, when was it approved, what evidence was cited); institutional memory through documented chains; accountability and audit trails.
Clarity¶
A core function of provenance is to convert the abstract worry "is this authentic?" into a structured, auditable investigation: What is the earliest documented state? Who has had custody? What gaps exist in the record? Are gaps explicable or suspicious?, a forensic decomposition Cheney, Chiticariu, and Tan (2009) systematize in their treatment of database provenance. [8] This shift from philosophy to forensics is powerful. It also clarifies the asymmetry between forward creation (easy to witness and document at the time) and backward verification (retroactively reconstructing a chain from remnants, assuming witnesses cooperate and record-keepers have not destroyed evidence).
Provenance also clarifies what cannot be verified even with strong chain-of-custody practice. A painting can have perfect provenance from 1950 onward but remain deeply uncertain about its creation or condition before 1950. A software artifact can have flawless build provenance but cannot prove that the source code itself is what the developer intended (was it exfiltrated? deliberately introduced with backdoors?). Provenance operates within bounds; it does not guarantee metaphysical certitude.
Manages Complexity¶
Provenance converts a potentially infinite verification problem—"How do I independently verify this object's authenticity from first principles?"—into a bounded forensic task: "Can I establish a plausible, documented chain from origin to present, and are the gaps explicable?"—a reframing Davidson and Freire (2008) argue underwrites scientific-workflow provenance research. [9] This is not certainty, but it is actionable. A museum curator cannot chemically verify a painting's age but can interview previous owners, consult sales records, cross-reference catalogs, and detect breaks in the story. A food-safety investigator cannot retroactively sample every batch but can map the supply chain and identify which facilities or distributors likely harbored the pathogen.
By bounding investigation to the documented chain, provenance also manages the risk of infinite skepticism: "How do I know the documentary evidence itself is not fabricated?" At some point, trust in witnesses, institutions, and record-keepers is necessary. Provenance does not eliminate this requirement; it makes it explicit.
Abstract Reasoning¶
Provenance encourages thinking in terms of sequential linking, witness testimony, gap analysis, and reversibility. It highlights the asymmetry between creating and verifying: it is trivial to witness an event in the moment and record it, but extraordinarily difficult to reconstruct the event from fragments. This asymmetry implies that metadata preservation is an investment decision: if I do not document now, verification later becomes probabilistic, costly, or impossible, an implication Buneman, Khanna, and Tan (2001) make precise in their why-and-where formal model of database provenance. [10]
It also enables reasoning about chain brittleness: a single broken link—one missing document, one uncooperative witness, one destroyed record—can invalidate the entire chain. This brittleness contrasts with systems that tolerate redundancy or repair. A painting's provenance depends on finding every owner; one missing owner and the chain is broken. A software artifact's provenance depends on finding every build environment; one missing configuration and reproducibility fails.
Knowledge Transfer¶
The structural pattern—origin, custody transfer, documentation, gap detection, claim verification—recurs across disparate domains. The forensic logic of mapping a chain, spotting gaps, and evaluating credibility is the same whether you are authenticating a painting, reconstructing a patient's disease timeline from medical records, tracing a email exfiltration through access logs, certifying supply-chain origin, or auditing a financial transaction trail, a cross-domain claim Ram and Liu (2009) operationalize in their W7 (who-what-when-where-why-how-which) provenance model. [11] Tools and workflows from one domain transfer readily: archival finding aids (history) map onto software dependency trees (computer science); conservation ethics (preventing contamination of artifacts) parallel data-handling protocols (preventing corruption of experimental data); legal chain-of-custody procedures (ensuring evidence integrity) parallel blockchain consensus (ensuring transaction integrity).
Conversely, gaps in provenance in one domain reveal what other domains take for granted. Software builds can now achieve full reproducibility (every dependency, compiler flag, environment variable documented); art provenance rarely reaches this precision. This disparity raises questions: What would it cost to achieve painting-level provenance detail in food supply chains? What barriers prevent it? Can we learn from software practices to improve archival documentation?
Structural Tensions¶
T1: Completeness vs. cost of recordkeeping. Perfect provenance requires documenting every state transition and custody transfer from origin to present. But this is expensive: manuscript provenance requires hiring archivists; supply-chain provenance requires rfid tags and distributed ledger systems; software provenance requires recording every compiler configuration and transitive dependency. Organizations must choose: invest heavily in provenance infrastructure, or accept gaps and probabilistic verification. A museum might prioritize provenance for paintings over sketches; a pharmaceutical company might track raw-material origin but not intermediate manufacturing steps. The choice is economic, not purely epistemic.
T2: Tamper-evidence vs. tamper-proof. No provenance system is truly tamper-proof; all are tamper-evident to varying degrees. A signed certificate, a notary seal, or a blockchain hash increases the cost of undetected tampering but does not eliminate it. A forensically skilled attacker can forge documents, fake witness testimony, or compromise a blockchain validator. Provenance systems defend against incompetent tampering (accidental corruption, deletion) and low-motivation attack (casual fraud). But they do not protect against state-level adversaries with forging capability and control over records. This creates asymmetry: provenance is strong enough for most civil and commercial purposes but brittle against determined adversaries with institutional resources, a tamper-evidence/tamper-resistance distinction Torres-Arias et al. (2019) develop in the in-toto framework for software supply-chain integrity. [12]
T3: Privacy vs. provenance transparency. Full provenance often requires transparency about origins, previous owners, and custody history. But transparency can expose private information: a painting's provenance reveals wealthy collectors' identities and tastes; supply-chain transparency exposes manufacturing locations and supplier relationships; medical-record provenance exposes private health information. Organizations often resist transparency to protect privacy, yet transparency is necessary for verification. A compromise is selective provenance: certify key facts (authenticity, origin) without revealing full custody history. But this undermines the power of provenance, which depends on traceability.
T4: Chain brittleness and the problem of one missing link. Provenance chains are brittle: a single broken link voids the entire chain. One lost document, one uncooperative owner, one destroyed record, and authentication fails. This is very different from systems with redundancy or repair capability. A spacecraft component can tolerate one defective joint if others are sound; a provenance chain cannot tolerate one missing link. Practitioners must invest heavily in finding every link, or accept that some claims remain unverified. This brittleness makes provenance expensive and sometimes impossible for long historical chains, a fragility Jenkinson (1922) anticipated in his foundational manual on archive administration and the principle of unbroken custody. [13]
T5: Divergent provenance and the problem of forks. What happens when an object is copied, reproduced, or split? A digital file can be copied perfectly; does the copy have the same provenance as the original? An artwork can be loaned to multiple institutions; during the loan period, custody diverges. A manuscript can have multiple versions or editions; which version is the "authentic" one with provenance, and which are derivatives? Provenance assumes a linear chain, but many real objects have complex histories with branching, splitting, or convergence. The concept strains in these cases.
T6: Attribution that flattens collaborative work and obscures process. Provenance chains often attribute final output to a single origin-point or creator, obscuring the collaborative process behind it. A scientific paper is attributed to authors, but the work involved reviewers, editors, funding agencies, and countless earlier researchers. A painting is attributed to an artist, but it emerges from school traditions, apprenticeship systems, and material suppliers. A software artifact is attributed to a developer, but it depends on libraries, frameworks, and a toolchain. By flattening collaboration into linear origin, provenance can misrepresent the actual genealogy of creation, a critique Biagioli and Galison (2003) develop in their study of scientific authorship and credit. [14] This is not merely a documentation problem; it reflects power dynamics: whose contribution is visible and attributed, and whose is rendered invisible?
Structural–Framed Character¶
Provenance is a hybrid on the structural–framed spectrum. Part of it is a bare pattern that means the same thing in any field — an origin point followed by a chain of custody transfers and transformations, with gaps that can be detected and claims that can be checked against the record. But a substantial part is a frame inherited from art-historical authentication and archival science: the assumption that an unbroken, documented chain confers authenticity and trustworthiness, and that gaps are grounds for suspicion.
The sequence itself — something comes into being, passes through successive hands or states, and leaves a trail — is purely relational, and it shows up the same way whether you are tracing a painting, a dataset, or a shipment of goods. To that extent it asks only that you recognize a structure already present in how the thing moved through the world. Yet the concept does not stay neutral when it moves into new fields. It carries a built-in verdict: a clean chain is good, a broken one is questionable, custody implies accountability. Applied to digital data lineage, museum acquisitions, or supply chains, it imports that evaluative posture and the documentary vocabulary that comes with it — records, transfers, authentication — rather than simply naming a sequence. The structural skeleton is real, but the frame it brings does substantial work, placing it toward the framed side of the middle.
Substrate Independence¶
Provenance is a highly substrate-independent prime — composite 4 / 5 on the substrate-independence scale. The chain it traces — origin point, custody, documented transfers, verification — is fully substrate-agnostic, and it reaches across historical and archival work, software supply chains, art authentication, knowledge management, and food safety with the same skeleton intact. Domain breadth and structural abstraction are both strong, marking it as a pattern that lifts cleanly off any one medium. What keeps it just under the top tier is thin example documentation: the alternate origin domains signal genuine cross-substrate transfer, but the entry shows fewer worked instances than the abstraction deserves.
- Composite substrate independence — 4 / 5
- Domain breadth — 4 / 5
- Structural abstraction — 4 / 5
- Transfer evidence — 3 / 5
Relationships to Other Primes¶
Parents (1) — more general patterns this builds on
-
Provenance presupposes Traceability
Provenance presupposes traceability because the documented record of an entity's origin, custody transfers, and transformations is the content claim that traceability's infrastructure makes verifiable. Without traceability's backward-and-forward linkage capability — the navigable chain from any element to its derivation history — provenance assertions would be unsupported claims about origin with no way to audit them. Traceability supplies the infrastructure; provenance supplies the specific content of authentic-origin claims that traceability's chain makes inspectable and assignable for credit, blame, or verification.
Path to root: Provenance → Traceability → Observability
Neighborhood in Abstraction Space¶
Provenance sits among the more crowded primes in the catalog (22nd percentile for distinctiveness): several abstractions describe nearly the same structure, so a description that fits it will tend to fit its neighbors too — transporting it usually means disambiguating within this family rather than landing on it exactly.
Family — Provenance & Integrity (7 primes)
Nearest neighbors
- Traceability — 0.85
- Information Asymmetry — 0.81
- Interleaving — 0.81
- Recurrence — 0.80
- Exaptation — 0.80
Computed from structural-signature embeddings · 2026-05-29
Not to Be Confused With¶
Provenance must be distinguished from Traceability, its closest neighbor, despite their apparent overlap. Traceability is the technical capacity to follow a trail of evidence backward or forward through a system—whether documentation exists, whether logs are accessible, whether the infrastructure permits reconstruction. Provenance is the substantive claim that a documented chain exists, is complete, and supports a conclusion about authenticity or origin. A software build system can be highly traceable (every compiler invocation, every dependency version is logged) yet have weak provenance if the logs are incomplete, inconsistent, or span multiple undocumented platforms. Conversely, a painting authenticated through painstaking archival research and interviews may have strong provenance but poor technical traceability (ownership records are scattered across auction houses, private collections, and oral history). Traceability is infrastructure; Provenance is narrative. A museum implementing a digital-provenance system invests in traceability (better logging, digitized records) to support the provenance story, but the two remain distinct. Traceability enables provenance but does not guarantee it; provenance claims must be evaluated on completeness and credibility, not merely on the existence of traceable infrastructure.
Nor is provenance identical to Legitimacy, though they can be related. Legitimacy addresses a normative question—Is this object rightfully owned? Is this authority justified? Is this claim authorized within the system? Provenance addresses an epistemic question—Where did this object originate? Through whose hands did it pass? What documentary evidence records its history? A stolen painting can have excellent provenance (its ownership trail is completely documented, even if one link is a theft) but zero legitimacy (the current possessor has no rightful claim). Conversely, an object with unclear provenance (origin lost, custody gaps, missing links) may still be legitimate if authorities have granted legal title. The distinction is critical: establishing provenance does not resolve legitimacy disputes; it merely provides evidence that may inform legitimacy judgments. A legal claim to ownership might rest on provenance documentation, but provenance itself is neutral to the normativity question. A historian documenting a colonial-era artifact's provenance is doing forensic work; determining whether the artifact should be repatriated is a legitimacy question informed but not determined by provenance.
Provenance also differs fundamentally from Transaction, though transactions appear in provenance chains. A transaction is an exchange or recorded event at a specific moment—buyer acquires goods from seller, ownership passes, money changes hands, the moment is discrete and bounded. Provenance is the aggregated sequence of such moments, linked and interpreted into a narrative. A single transaction "dealer X sells painting to museum Y on 15 May 2005" becomes one link in the painting's provenance chain, which stretches back through dozens of prior transactions to the artist's studio. Transactions are atomic events; provenance is their collective history. A cryptocurrency blockchain records thousands of transactions (wallet X sends coins to wallet Y), but provenance of a specific coin asks: Can we trace this coin's current state back to its original mining or creation, through every intervening transaction? Transactions supply the raw data; provenance imposes narrative and verification structure.
Finally, provenance is distinct from Data Integrity, despite both appearing in data management. Data Integrity answers the question "Is this data complete, accurate, internally consistent, and unaltered?" It focuses on the present state of the data—are all fields filled? Are values within expected ranges? Are there logical contradictions? Provenance answers "Where did this data come from, how was it processed, who handled it, and what transformations occurred?" Data Integrity is synchronic (a snapshot assessment); Provenance is diachronic (a historical narrative). A dataset can have perfect data integrity (all values are valid, internally consistent, well-formatted) but opaque provenance (source unknown, preprocessing steps undocumented, original collection methods unclear). Conversely, a dataset with meticulous provenance documentation (every step recorded, every researcher credited, original source cited) might contain data-integrity problems (outliers, missing values, measurement errors) that became apparent only in analysis. In practice, provenance supports data integrity by documenting transformations; if a researcher applied an outlier-removal procedure, that step appears in the provenance trail, allowing downstream users to assess integrity decisions. But the questions are fundamentally different: Integrity asks "Is the data good now?" Provenance asks "Where did this data come from, and how did it become what it is?"
Examples¶
Art market & museums¶
A museum acquires a painting attributed to a 17th-century master. Its provenance claim rests on: (1) a handwritten inscription on the back identifying a 1920s Paris dealer; (2) an insurance certificate from a 1960 London estate sale listing the work; (3) exhibition catalogs from a 1975 retrospective showing the work in the collection; (4) technical analysis confirming the painting's composition matches known works from the school and period; (5) stylistic comparison with authenticated pieces. None of these independently proves authorship, but together they create a persuasive chain. A single break—say, the insurance certificate proves fraudulent—does not invalidate the entire provenance but reduces confidence. A museum curator's job includes managing this probabilistic landscape: declaring ownership confident, provisionally attributed, disputed, or unknown pending further investigation.
Software supply chain¶
A developer downloads a Python package from PyPI (Python Package Index). The package's provenance includes: (1) the source repository (GitHub, GitLab), with commit history and author identities; (2) the package metadata (version, dependencies, build configuration); (3) the compiled binary signature (hash); (4) the package manager's record (PyPI's log of when the package was published, by whom, with what contents); (5) optional cryptographic signatures from the developer attesting to the package's integrity. If the developer's account is compromised and a malicious version is published, provenance mechanisms allow detection: the package signature no longer matches the source repository, the build environment differs, or the dependencies list unexpected changes. Modern supply-chain standards require documenting these links so that downstream users can audit the artifact's lineage and reject suspicious versions.
Food safety & contamination tracing¶
A restaurant's customers fall ill with listeria. Public-health investigators must trace the contamination's origin. They work backward from product to source: (1) the restaurant's ingredient supplier records (who supplied the cheese?); (2) the supplier's source (which dairy facility produced the batch?); (3) the dairy facility's records (which cow herds, which production dates, which processing equipment was involved?); (4) environmental testing at each facility (was listeria present in the facility's environment?); (5) statistical analysis (which batches do all cases have in common?). A complete provenance chain identifies the specific facility, production date, and source, enabling targeted recalls and remediation. Gaps in provenance—a supplier who kept no records, a facility closed years ago, a batch number not recorded—slow the investigation and may leave the source unidentified. This failure doesn't just delay response; it means that contaminated product may continue circulating from other retailers supplied by the same source.
Scientific data & reproducibility¶
A researcher publishes a machine-learning model trained on a proprietary dataset. The model's provenance includes: (1) the dataset's origin (collected by this lab, or acquired from another source?); (2) preprocessing steps (outlier removal, feature scaling, missing-value imputation); (3) the train/test split (which data points went into which set?); (4) hyperparameter choices (learning rate, regularization strength); (5) the version of libraries and code used (which sklearn version? which numpy version?); (6) the computational environment (GPU, CPU, memory constraints). If the model is used to make critical decisions (medical diagnosis, criminal risk assessment) and later proves wrong, investigators need complete provenance to understand what failed: Was it the data? The preprocessing? The model choice? The implementation? A published paper without provenance documentation makes reproduction and error analysis nearly impossible. FAIR principles in data science increasingly demand that all of these links be documented and made accessible.
Legal evidence & chain of custody¶
A murder investigation collects a knife suspected of being the murder weapon. Its legal provenance includes: (1) photographed location in the crime scene; (2) the detective who first handled it (name, badge number, time); (3) each subsequent custodian (forensics lab, evidence storage, prosecutors office) with dates and signatures; (4) conditions of storage (sealed plastic bag, climate-controlled locker, photographed state); (5) any testing performed (DNA extraction, fingerprint lifting) with documentation of what was removed and how residue was preserved. In court, the chain of custody is entered as evidence. If any link is broken—the detective cannot recall where she got the knife, a storage log is missing, a test was performed but not documented—the prosecution's argument weakens. Defense attorneys routinely attack chain of custody; they argue that an unbroken chain is absent and that the evidence was potentially contaminated or substituted. The jury's confidence in the evidence depends entirely on the documentation's completeness.
Solution Archetypes¶
Solution archetypes in the catalog that build on this prime — directly (this prime is a source ingredient) or as a related prime.
Also a related prime in 2 archetypes
Notes¶
Provenance is often confused with provenance metadata, which is the formal, structured documentation of origin and history (timestamps, signatures, actor identities). The distinction matters: metadata is necessary for provenance but not sufficient. Rich metadata without credible witnesses or independent verification is merely paperwork; weak metadata with strong institutional backing and public accountability can establish credible provenance despite gaps. A blockchain transaction has perfect metadata (timestamp, signatures, sender and receiver identities all cryptographically verified), yet the blockchain alone says nothing about whether the underlying asset (the NFT's image, the cryptocurrency's economic value) is genuine or valuable.
The concept is heavily domain-dependent in what constitutes "sufficient" provenance. For art-market authentication, a written receipt and expert attribution may suffice; for legal evidence, chain-of-custody documentation and witness testimony are required; for scientific reproducibility, source code, compiler versions, and computational environment must be preserved. Organizations must define their provenance standard before disputes arise. An informal organization might accept a spreadsheet documenting who did what and when; a pharmaceutical company operating under FDA regulation must maintain formal records with signatures, timestamps, and audit trails.
Provenance is also culturally and politically laden. The question "Whose provenance counts?" masks power asymmetries: formal institutional records (museums, governments, corporations) are presumed credible; oral histories and non-Western documentation practices are often dismissed as insufficiently rigorous. Colonial-era artifacts, for example, often lack indigenous provenance but possess colonial provenance; Western museums prioritize the colonial record, marginalizing the indigenous one. This asymmetry extends to modern contexts: a patent office trusts corporate technical documentation but scrutinizes independent inventor claims; an academic journal trusts established laboratories but demands unusual rigor for results from newly founded institutions in the Global South. Provenance claims are not neutral; they reflect who is trusted to document and attest.
The rise of supply-chain transparency and data-lineage frameworks reflects growing recognition that provenance is not merely retroactive (establishing past authenticity) but prospective: knowing the lineage of your data, dependencies, and materials is operationally critical. Modern organizations are increasingly investing in provenance infrastructure not for authentication alone but for real-time traceability, error recovery, and accountability. A company using machine-learning models in production needs to know, at any moment, which data was used to train them, which features are included, which populations are represented and underrepresented. A software company maintaining thousands of open-source dependencies needs to track when vulnerabilities are discovered and whether its systems were affected. This shift from historical curiosity (proving past authenticity) to operational necessity (managing present and future risk) has dramatically increased investment in provenance systems and standards.
Provenance also intersects deeply with questions of data governance and intellectual property. Who owns the right to declare and attest to an item's provenance? Is it the custodian (the museum, the company), the original creator, the current owner, the community of origin (indigenous peoples, cultural groups)? These questions have no universal answer but are increasingly contested. Museums are being pressured to repatriate artifacts to indigenous communities, and repatriation often turns on provenance: recovering the indigenous origin story and authority to attest to authenticity. Similarly, data provenance in AI systems raises questions about credit and consent: whose labor was used to create the training data, did they consent to its use, and how should that credit be reflected in the data's documented lineage?
References¶
[1] Moreau, L., & Missier, P. (Eds.). (2013). PROV-DM: The PROV Data Model (W3C Recommendation, 30 April 2013). World Wide Web Consortium. Standard model defining provenance as a record of entities, activities, and agents linking origin, custody, and transformation; foundational specification for cross-domain provenance interchange. ↩
[2] Simmhan, Y. L., Plale, B., & Gannon, D. (2005). A survey of data provenance in e-science. ACM SIGMOD Record, 34(3), 31–36. Survey establishing the canonical decomposition of data provenance into origin, transformation, and verification phases across scientific computing systems. ↩
[3] Moreau, L., Groth, P., Miles, S., Vazquez-Salceda, J., Ibbotson, J., Jiang, S., Munroe, S., Rana, O., Schreiber, A., Tan, V., & Varga, L. (2008). The provenance of electronic data. Communications of the ACM, 51(4), 52–58. Develops the substrate-independent open provenance architecture (PASOA/PASOAR), demonstrating that the same origin–custody–transformation pattern applies across heterogeneous computing systems. ↩
[4] Duranti, L. (1995). Reliability and authenticity: The concepts and their implications. Archivaria, 39, 5–10. Diplomatic-archival treatment of authenticity: distinguishes mere origin-statement from documented provenance, requiring identifiable witnesses, custodial chain, and formal records. ↩
[5] Pearce, S. M. (1992). Museums, Objects, and Collections: A Cultural Study. Smithsonian Institution Press. Foundational museological text developing object biography and the distinction between categorical class-membership ("museum-quality") and the specific documented history of an individual artifact. ↩
[6] Olsen, P., & Borit, M. (2013). How to define traceability. Trends in Food Science & Technology, 29(2), 142–150. Review of food-supply traceability frameworks (including ISO 22005 and GS1 standards), connecting batch-level provenance documentation to contamination accountability and recall capability. ↩
[7] Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. Whitepaper. Introduces an append-only hash-chained ledger in which editing any prior block invalidates every subsequent block, making history structurally fixed and tampering self-evident—trust without a trusted editor, the abstract payoff of immutability instantiated cryptographically. ↩
[8] Cheney, J., Chiticariu, L., & Tan, W.-C. (2009). Provenance in databases: Why, how, and where. Foundations and Trends in Databases, 1(4), 379–474. Survey developing the formal separation between provenance (assertional claim about origin) and the operational lineage infrastructure (queryable evidence structure) that supports it. ↩
[9] Davidson, S. B., & Freire, J. (2008). Provenance and scientific workflows: Challenges and opportunities. In Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data (pp. 1345–1350). ACM. Argues that scientific-workflow provenance reframes verification from first-principles reproducibility to bounded chain-of-derivation auditing. ↩
[10] Buneman, P., Khanna, S., & Tan, W.-C. (2001). Why and where: A characterization of data provenance. In J. Van den Bussche & V. Vianu (Eds.), Database Theory — ICDT 2001, LNCS 1973 (pp. 316–330). Springer. Distinguishes "why" provenance (source data influencing existence) from "where" provenance (location of extraction); foundational separation of provenance claims from their underlying evidence structures. ↩
[11] Ram, S., & Liu, J. (2009). A new perspective on semantics of data provenance. In Proceedings of the 1st International Workshop on the Role of Semantic Web in Provenance Management (SWPM 2009). CEUR-WS. Introduces the W7 model (who, what, when, where, why, how, which) as a domain-agnostic schema for provenance, demonstrating cross-domain transfer of chain-mapping logic. ↩
[12] Torres-Arias, S., Afzali, H., Kuppusamy, T. K., Curtmola, R., & Cappos, J. (2019). in-toto: Providing farm-to-table guarantees for bytes and bits. In 28th USENIX Security Symposium (pp. 1393–1410). USENIX Association. Software supply-chain framework formalizing the gap between tamper-evident chains (signatures, attestations) and tamper-proof guarantees, with explicit threat-model analysis against state-level adversaries. ↩
[13] Jenkinson, H. (1922). A Manual of Archive Administration. Clarendon Press. Foundational archival-science text establishing the principle that unbroken custody is the basis of archival authenticity, and that any single break in the custody chain compromises the evidentiary value of the entire record. ↩
[14] Biagioli, M., & Galison, P. (Eds.). (2003). Scientific Authorship: Credit and Intellectual Property in Science. Routledge. Edited volume documenting how attribution practices flatten collaborative scientific work into single-author or principal-author provenance, obscuring contributors and reflecting institutional power dynamics over credit. ↩
[15] Bruyn, J., Haak, B., Levie, S. H., van Thiel, P. J. J., & van de Wetering, E. (1982). A Corpus of Rembrandt Paintings, Volume I: 1625–1631. Stichting Foundation Rembrandt Research Project / Martinus Nijhoff. Canonical attribution methodology combining documentary provenance, technical conservation analysis (X-ray, paint composition, dendrochronology), and stylistic comparison to produce layered probabilistic authentication where no single line of evidence is conclusive. ↩