Artifact Glossary

Artifact Context (context)

The schema reference URL defining the specification for the Consent Artifact. It ensures interoperability and standard validation across implementations.

Artifact Version (version)

Denotes the schema version (e.g., v1, v2) for backward compatibility and audit traceability.

Timestamp (timestamp)

The system-generated time when the consent record was created and logged.

Operation (operation)

Specifies the type of event recorded — such as insert, update, or revoke.

Data Hash (data_hash)

Cryptographic hash of the full artifact body, ensuring immutability and non-repudiation.

Record Hash (record_hash)

Unique hash identifying the final signed record in the audit chain.

Previous Record Hash (prev_record_hash)

Links to the hash of the previous audit record, creating a verifiable blockchain-like sequence of consent transactions.

Signature (signature)

Digital signature of the artifact record generated using the foundation’s signing key for integrity and authenticity verification.

Signed With Key ID (signed_with_key_id)

Identifier of the signing key (e.g., cm-key-2025-01) used to produce the digital signature.

Is Legacy (is_legacy)

Indicates whether the artifact was generated using an earlier schema version. Useful for backward compatibility.

Agreement ID (agreement_id)

Unique identifier assigned to the consent agreement between the data principal and data fiduciary.

Agreement Hash ID (agreement_hash_id)

Cryptographic hash derived from the original agreement text to ensure integrity and prevent tampering.

Agreement Version (agreement_version)

Version of the consent agreement or policy document.

Linked Agreement Hash (linked_agreement_hash)

Hash reference to a previously signed agreement, enabling version chaining or amendment tracking.

Consent Purpose ID (cp_id)

Unique identifier for the specific consent purpose within the Consent Directory.

Consent Purpose Name (cp_name)

Human-readable title describing the purpose for which consent is collected (e.g., “Job Application”).

Data Principal (data_principal)

The individual to whom the personal data relates.

Data Principal ID (dp_id)

Unique system identifier for the data principal.

Data Fiduciary Reference ID (dp_df_id)

Internal linkage identifier between the fiduciary’s system and the data principal.

Encrypted Identifier (dp_e)

Cryptographically protected version of the data principal’s ID for secure cross-system reference.

Masked Identifier (dp_m)

Privacy-preserving masked token derived from the data principal’s ID.

Residency (dp_residency)

Geographic residency of the data principal (e.g., india, non-resident).

Verification (dp_verification)

Boolean flag indicating whether the data principal’s identity has been verified through KYC or equivalent means.

Child Flag (dp_child)

Indicates if the data principal is below the lawful age and subject to parental consent workflows.

Parental / Guardian Information (dp_parental)

Details of a parent or guardian authorized to provide consent on behalf of a minor.

Attorney Information (dp_attorney)

Details of a legally authorized representative acting on behalf of the data principal.

Data Fiduciary (data_fiduciary)

The entity or organization that determines the purpose and means of processing personal data.

Data Fiduciary ID (df_id)

Unique identifier representing the fiduciary within the ecosystem.

Agreement Date (agreement_date)

Timestamp marking the creation or acceptance of the consent agreement.

Consent Scope (consent_scope)

The structured section that maps each data element to one or more consent purposes.

Data Element (data_element)

A specific category of personal data collected (e.g., email_address, mobile_number).

Data Element ID (de_id)

Unique system identifier for a data element.

Data Element Hash (de_hash_id)

Hash ensuring integrity and non-alteration of the data element definition.

Data Retention Period (data_retention_period)

The date until which the data fiduciary retains the specific data element.

Data Element Status (de_status)

Indicates the operational state of the element (e.g., active, revoked).

Purpose ID (purpose_id)

Unique identifier of the consent purpose as defined in the Consent Directory.

Purpose Hash ID (purpose_hash_id)

Hash of the purpose definition to ensure consistency with registered standards.

Purpose Title (purpose_title)

Human-readable purpose description.

Description (description)

Detailed explanation of why the data is collected.

Consent Status (consent_status)

Current state of consent (e.g., approved, revoked, pending).

Consent Mode (consent_mode)

Indicates how consent was obtained or stored (e.g., STORE, SHARE, REALTIME).

Consent Timestamp (consent_timestamp)

Exact time when consent was recorded.

Consent Expiry Period (consent_expiry_period)

Duration or timestamp after which the consent expires.

Retention Timestamp (retention_timestamp)

Expiry date for data storage tied to this purpose.

Shared (shared)

Boolean field indicating if the data is shared with other processors.

Cross-Border (cross_border)

Indicates whether the data is transferred outside India.

Is Legal Mandatory (is_legal_mandatory)

Identifies if data collection is legally required.

Is Service Mandatory (is_service_mandatory)

Identifies if consent is required to deliver core service functionality.

Re-Consent (reconsent)

Flag determining whether fresh consent is required due to changes in processing.

IP Address (ip_address)

Source IP from which the consent action originated.

Request Header Hash (request_header_hash)

Hash of the request headers to verify authenticity and prevent tampering.

Request Header (request_header)

Original HTTP headers stored for forensic or compliance review.

Audit Chain (audit)

Immutable record of all artifact transactions with cryptographic signatures and chained hashes.

Hash (*_hash_id)

SHA-256 or SHA-512 hash ensuring content integrity and traceability.

Signature (signature)

Base64-encoded digital signature proving artifact authenticity.

Key ID (signed_with_key_id)

Reference to the signing key pair used by the Consent Manager or Foundation.

Chain Verification

The process of verifying the hash chain from prev_record_hash to record_hash to confirm record immutability.

Consent Artifact

The complete, signed data structure representing a user’s consent instance under DPDPA.

Consent Directory

The standardized registry of consent purposes linked to the artifact.

Data Veda

The standardized directory of personal data elements used to define scope within the artifact.

Audit Log

The immutable ledger entry storing changes to consent artifacts.

Revoke Event

A consent update operation marking a data element or purpose as revoked.

Hash Chain

A linked sequence of record hashes ensuring chronological order and tamper evidence.