Expand description
§Compliance Module
This module implements the compliance system for traceability policies in the trace2e framework. It provides policy management and evaluation capabilities to control data flows between resources based on confidentiality, integrity, deletion status, and consent requirements.
§Overview
The compliance system enforces policies on resources and evaluates whether data flows between resources are permitted based on these policies. It supports four main policy dimensions:
- Confidentiality: Controls whether data is public or secret
- Integrity: Numeric level indicating data trustworthiness (higher = more trusted)
- Deletion: Tracks deletion status (not deleted, pending deletion, or deleted)
- Consent: Boolean flag indicating whether the resource owner has given consent for flows
§Policy Evaluation Rules
Data flows are permitted only when:
- Neither source nor destination is deleted or pending deletion
- Source integrity level >= destination integrity level
- Secret data cannot flow to public destinations (but public can flow to secret)
- Both source and destination have consent (when enforced)
Structs§
- Compliance
Service - The main compliance service that manages policies and evaluates flows.
- Policy
- Policy for a resource that controls compliance checking for data flows.
Enums§
- Confidentiality
Policy - Confidentiality policy defines the level of confidentiality of a resource.
- Deletion
Policy - Deletion policy defines the deletion status of a resource.