Discuss: TWI Charter definition for Workload Provenance

[mbronk-intc]

This is a follow-up to a TWI Sig meeting at 6/17/2025 [mtg notes] which identified that the following definition:

governance/SIGs/TWI/TWI_Charter.md

Line 24 in 815d354

- **Workload Provenance** is a linkage between a Workload Credential and a trusted entity (e.g., a vendor, developer, or issuer) responsible for the creation and/or attestation of the corresponding Workload.

will require update to move away from perceiving the provenance as a dynamic binding of Workload to Credential, rather a static property of the artifact (be it Workload or Credential itself), established at its instantiation and stable going forward.

This issue is filed to track update of the charter doc to reflect the updated definition. Actual proposal is WIP (will update this to be consistent w/ TWI-wimse docs):

 - **Workload Provenance** is a... `TBD (mention what goes in it, and that it is stable from the time of workload instantiation)`
 - **Credential Provenance** is a... `TBD (mention what goes in it, and that it is stable from the time of credential instantiation).`
 - **Credential Provenance Binding** (? do we need to coin it as +1 term?) is a... `linkage linkage between a Workload Credential and a trusted entities (e.g., an Identity Provider and Verifier responsible for the creation and/or attestation of the corresponding Workload Credential.`

---

CC: @TheBankster @yogeshbdeshpande @henkbirkholz

[mbronk-intc]

Updated definition proposals

Extracted from:

• Provenance definition and description updates twi-wimse#33
  which is being retargeted towards TWIReferenceArchitecture (while the definitions hosted in this repo, for the time being)

Proposed wording:

Workload Provenance:

: the metadata describing the origin and composition of the Workload instance, as determined at Workload instantiation time.
:   It remains unchanged for the duration of the Workload’s execution.
:   The definition of Workload Provenance is compatible with the definition of Provenance by [SSDF_GenAI_Profile](https://doi.org/10.6028/NIST.SP.800-218A): `"Metadata pertaining to the origination or source of specified data"`.



Workload Credential Provenance:

: the metadata about a Workload Credential creation, describing where, when and how it got issued — including the attestation policies effective at credential issuance time.
:   Its definition is compatible with [SSDF_GenAI_Profile](https://doi.org/10.6028/NIST.SP.800-218A).



Provenance Binding:

: a unique linkage between a Workload (or Workload Credential) and its corresponding provenance record. 
:   A binding is said to be *strong* if it is anchored to the underlying [Root of Trust (RoT)](https://csrc.nist.gov/glossary/term/roots_of_trust), enabling audit of the integrity of the linkage - typically via attestation. 
:   Such a binding is non-repudiable, ensuring that the entity responsible for the Workload or Credential cannot later deny its origin or the integrity of its provenance.

Will shortly follow-up with a PR proposing an update in this direction.

[TheBankster]

Definitions have been moved to a separate file in a different github repository. You should close this issue and move it to that repository.