Remove the trustScore and sustainabilityScore data definitions from the Digital Product Passport

[JohnOnGH]

Issue raised as an outcome of discussing issue #78 on Trust Graphs. Meeting attendees on May 8/9 (depending on timezone) agreed that these should be removed. This ticket raised to enable discussion/conclusion

[JohnOnGH]

As I write this comment, these definitions are shown here: https://github.com/uncefact/spec-untp/blob/main/website/docs/specification/DigitalProductPassport.md#productpassport

as follows:

Property	Definition	Type
trustScore	An aggregate numeric metric that represents the level of trustworthiness associated with the product. This score is derived based on the credibility and reliability of the issuing bodies that substantiate the claims being made about the product. The calculation rules are defined in the UNTP trust graph specification.	Numeric
sustainabilityScore	An aggregate numeric metric calculated based on the various sustainability claims vs benchmarks associated with the product. It amalgamates scores assigned to individual sustainability claims, which are validated by various issuing bodies. The score provides a comprehensive view of the product's overall sustainability performance, giving users a quantifiable measure of the product's environmental and social impacts.	Numeric

[mxshea]

I would like to raise a counter point on removal.

Using the data quality market sector as an example. In scrubbing data there are many different algorithms that are used in apply rules for correcting data in enterprise systems. By using these algorithms it is possible to set a "confidence score" is returned back to the calling process. The calling process then determines, based on their own policies whether to accept/reject/adjudicate the response.

Some data quality examples.

• Common Character substitution. There are algorithms that allow for 'fat finger' miss-typing when data is entered into a system. These are based on language keyboard layout and the word entered.
• short name / proper name mapping : Is Bob the same as Rob the same as Robert.
• https://www.ibm.com/docs/en/iis/11.7?topic=uqar-data-quality-score

It may be that the any standardized algorithms that to determine confidence score for the Sustainability claims are still emergent (or non-existent), but having a way for the consumer of the DPP to decide whether to trust the data based on their own policies is important.

[JohnOnGH]

For me the issue isn't whether scoring is useful as a concept, it is. The issue is whether the UNTP should provide a space for such scores, and if it does, what does that mean.

For me, the UNTP core spec should be as small as possible (but no smaller), "trust scores" and other concepts are best handled as something that can be built on top of UNTP, or as an extension, not part of the core specification. They do not seem to be part of a minimal viable functionality for UNTP.

If a party wishes to make some claim about a "trust score" about themselves, their products, their processes or another party, then they can do so as a Verifiable Credential in the normal manner.

[JohnOnGH]

This was the original comment in Issue 78:

"I've just come across (sorry for being slow on this), the inclusion of terms "trustScore" and "sustainabilityScore" in the DPP section. These trouble me because I don't think that any such score can be calculated algorithmically without reliance on one of two approaches (and neither are attractive):

• Social trust score methods (A trusts B and C trusts B and D trusts A so D trusts C etc etc.). These can be gamed.
• A centralised score keeper. Won't scale and won't be accepted easily across the globe unless a recognised authority asserts it (which I guess could be the UN? Doesn't feel like the UNs role though?)

I'm worried that we're heading down the path of CA's and roots of trust or a Standard & Poor / Moody's credit rating. The UNTP is meant to be a decentralised system (which would make 1 the possible thinking, but I believe this to be flawed)."

[onthebreeze]

Agree with @JohnOnGH - I think the scoring is something that must be assessed by the verifier or attested by an independent auditor/certifier.

[JohnOnGH]

Shall I raise a pull request?

Sent from Proton Mail Android

-------- Original Message -------- On 6/5/24 04:53, Steven Capell wrote:

Agree with @.***(https://github.com/JohnOnGH) - I think the scoring is something that must be assessed by the verifier or attested by an independent auditor/certifier.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[onthebreeze]

no that's ok - I'm just about to PR some updates including that one.