Skip to main content

AIPS DPP Consumer’s Guide

Purpose

This guide explains how AI Product consumers — such as internal users, partners, auditors, or regulators — can discover, retrieve, verify, and interpret Digital Product Passports (DPPs) for AI Products that follow the AIPS DPP Profile and the BPS DPP Core.

AIPS DPPs provide transparent, verifiable metadata about AI systems, including origin, model documentation, evaluation results, and risk information.
Consumers can use them to understand what the model is, how it was built, and how trustworthy it is before onboarding or integration.

1. Accessing DPPs

1.1 Discovery

AI Product DPPs are typically accessible through one of the following:

  • Marketplace UI — a QR code or “View Passport” button beside each AI Product.
  • Direct API — REST endpoint following the BPS DPP contract.
    Example:

GET [https://aips.kivanura.org/api/v1/dpp/{productId}?lite=true](https://aips.kivanura.org/api/v1/dpp/{productId}?lite=true)

  • Enterprise registry — internal data and AI catalogs that store or index DPPs.

1.2 Lite vs Full Views

TypeDescriptionAccess
Lite DPPFlattened, public version; contains inline summaries only.Open access; QR-code resolvable.
Full DPPIncludes Inline + ByRef sections, cryptographic proofs, and detailed artifacts.Requires authorization; available to onboarded users or auditors.

Consumers should begin with the Lite DPP to decide whether onboarding or deeper review is warranted.

2. Understanding DPP Structure

Each AIPS DPP inherits the same structural pattern from BPS DPP Core, extended with AI-specific sections.

2.1 Core Metadata (from BPS DPP Core)

FieldMeaning
subjectUnique identifier of the AI Product.
issuerEntity that issued or maintains the passport.
issuedAtDate and time the DPP was published.
statusLifecycle state (Valid, Revoked, Superseded).
signatureDigital signature verifying authenticity.
contentHashHash of the canonicalized content for integrity checking.

2.2 AIPS-Specific Sections

SectionExample ContentsPurpose
modelCardInlineModel name, version, framework, intended use, license.Understand what the AI system is and how it should be used.
evalInlineKey metrics (e.g., AUC, accuracy, recall).Gauge model performance at a glance.
trainingDataInlineDataset names and source descriptions.Identify the provenance of training data.
riskInlineKnown risks and mitigations.Assess governance and safety posture.
policyInlinePolicy compliance checks and results.Confirm conformance to internal or regulatory rules.

3. Verifying Integrity and Authenticity

3.1 Hash Verification

Each DPP contains a contentHash field (typically SHA-256).
Consumers can recompute this hash on the downloaded JSON-LD to verify that it has not been altered.

3.2 Signature Verification

The signature field stores a JWS or W3C Verifiable Credential signature.
To verify it:

  1. Retrieve the issuer’s public key or DID document.
  2. Use a standard library such as did-jwt-vc or jose to validate the signature.
  3. Confirm that:
  • The signature is valid.
  • The issuer matches the expected organization.
  • The DPP’s status is Valid.

3.3 Revocation and Supersession

To confirm whether a DPP is current, query:


GET /api/v1/dpp/{productId}/status

A valid response will indicate whether the passport has been revoked or superseded by a newer version.

4. Interpreting AIPS DPP Information

4.1 Model Transparency

  • Review modelCardInline to understand:
    • The intended purpose of the model.
    • Key design choices (framework, architecture).
    • Any stated limitations or conditions of use.

4.2 Performance Evaluation

  • Inspect evalInline.metrics or the referenced evaluation file in evalByRef.
  • Confirm that evaluation data and metrics align with the intended deployment context.

4.3 Training Data Provenance

  • trainingDataInline and trainingDataByRef identify datasets and sources.
    If external references are provided, confirm that appropriate data rights exist and that datasets align with ethical and compliance standards.

4.4 Risk and Compliance

  • riskInline summarises known risks (e.g., bias, drift, misuse) and mitigation actions.
  • policyInline shows results of automated or manual policy checks (e.g., data residency, fairness thresholds).

Together, these help consumers decide whether the AI Product is fit for use and compliant with internal or external obligations.

5. Using DPPs in Onboarding Workflows

PhaseConsumer Action
DiscoveryRetrieve Lite DPP; assess purpose and availability.
EvaluationAccess Full DPP; review provenance, metrics, and risks.
OnboardingRegister as a consumer through marketplace or registry.
Operational UseMonitor DPP updates or supersession events.
Audit or RenewalValidate hash/signature and request updated DPP if model retrained.

6. Privacy and Access Boundaries

  • Lite DPPs are designed for public viewing — no personal or confidential information should appear.
  • Full DPPs may contain sensitive internal data (e.g., dataset lineage, performance logs) and should require authentication.
  • Consumers must handle any obtained artifacts under the issuer’s data-sharing policy.

7. Tools for Consumers

PurposeExample ToolNotes
Fetch and parse JSON-LDjq, rdflib, pyldFor reading and filtering DPPs.
SHACL validationrdf-validate-shaclOptional client-side validation.
Signature verificationdid-jwt-vc, jose, opensslTo verify authenticity.
VisualizationLocal JSON-LD viewer or marketplace UIFor readable display of Lite DPPs.

8. Summary

As a consumer, use AIPS DPPs to:

  1. Understand what the AI Product is intended for.
  2. Verify its integrity and authenticity.
  3. Evaluate performance and risk transparency.
  4. Comply with governance requirements before integration.
  5. Monitor the DPP lifecycle for updates or revocations.

By following this approach, consumers can make informed, traceable, and compliant decisions when adopting AI Products within or beyond the enterprise ecosystem.