DPP Implementation Guide for Producers

Purpose

This guide explains how producers of products (whether physical, data, or AI products) should implement the Digital Product Passport (DPP).
The goal is to ensure that every product can present a trustworthy, standardized, and consumer-ready passport at the moment of discovery and onboarding.

Key Principles

Flattened First
- Every DPP must provide Inline data for immediate inspection.
- Inline data should be concise, human-readable, and machine-usable without additional API calls.
ByRef for Depth
- For full audits, external validation, and regulatory checks, producers should also provide ByRef references to authoritative artifacts (schemas, lineage, provenance logs, etc.).
- ByRef objects must include:
  - uri (content-addressed or resolvable link)
  - hash (cryptographic digest, e.g. sha256-…)
  - mediaType (IANA-registered)
  - size (bytes)
Content-Addressing & Integrity
- All ByRef URIs must include a hash to guarantee immutability.
- Consumers should be able to verify integrity independently of the provider.
Lite vs Full DPP
- Lite DPP: Inline sections only. Optimized for product marketplaces, quick inspection, mobile use cases.
- Full DPP: Inline + ByRef. Intended for regulators, auditors, or enterprise partners requiring verifiability.
Standard Sections
Every DPP must include at least one Inline or ByRef entry for each section:
- Schema
- Lineage
- Provenance
- Quality
- Policy Findings
- Knowledge Graph

Producer Workflow

Step 1. Generate Product Identifiers

Assign a stable product identifier (URI or URN) for the product/version.
Example: urn:ant:cb:prod:payment:v1.3.0

Step 2. Capture Trust Signals

Extract relevant metadata from product lifecycle:
- Schema: Source schema definition at this version.
- Lineage: Processing graph (nodes, edges, capturedAt).
- Provenance: Pipeline/job run logs, code versions.
- Quality: Metrics (availability, timeliness, accuracy).
- Policy Findings: Automated checks (residency, GDPR, PII).
- Knowledge Graph: Semantic subgraph representing product semantics and relationships.

Step 3. Flatten into Inline Format

Serialize each trust signal into lightweight Inline JSON.
Ensure payload is human-readable and UI-friendly.
Example: simplified lineage graph with only key nodes/edges.

Step 4. Package ByRef Artifacts

For deeper records (e.g. full schema JSON, full lineage graph, detailed provenance logs), publish artifacts separately.
Wrap them with ByRef objects containing uri, hash, mediaType, size.

Step 5. Construct the Passport

Combine Inline and ByRef into a DPP payload.
Add required top-level fields:
- subject (product ID)
- issuer (organization / DID)
- issuedAt (timestamp)
- contentHash (hash of passport itself)
- signature (digital signature)
- status (Valid, Revoked, Superseded)

Step 6. Sign and Seal

Compute a contentHash of the normalized DPP payload.
Sign the passport using JWS or Verifiable Credential signature formats.
Publish signature with the DPP.

Step 7. Expose via API and QR Code

Make the DPP available through:
- DPP API endpoint: /api/dpp/{productId}/{version}
- QR Code printed on product interface (physical goods) or embedded in marketplace UI (data/AI products).

Implementation Checklist

Assign a stable product identifier.
Generate Inline summaries for schema, lineage, provenance, quality, policies, and KG.
Publish ByRef artifacts with hash and metadata.
Build the combined DPP JSON-LD payload.
Validate against DPP SHACL shapes.
Compute contentHash and add digital signature.
Publish to DPP API and expose via QR code.
Maintain lifecycle: revoke, supersede, or renew passports when products evolve.

Producer Recommendations

Start simple: Generate Lite DPPs first for discovery/onboarding.
Automate: Integrate DPP generation into CI/CD or product build pipelines.
Secure: Use cryptographic hashes and signatures to ensure tamper resistance.
Align: Ensure your DPP matches the BPS DPP Core schema and passes SHACL validation.
Iterate: Begin with Inline trust signals, then enrich with ByRef artifacts as maturity increases.

Example (Minimal Lite DPP)

{
  "type": "dpp:Passport",
  "subject": "urn:ant:cb:prod:payment:v1.3.0",
  "issuer": "did:ant:cb:govl:platform",
  "issuedAt": "2025-10-04T10:00:00Z",
  "status": "Valid",
  "contentHash": "sha256-AAA",
  "signature": "REPLACE",

  "schemaInline": {
    "entities": [
      { "name": "Payment", "fields": [
        {"name":"payment_id","type":"string","key":true},
        {"name":"amount","type":"decimal"},
        {"name":"currency","type":"string(3)"}
      ]}
    ]
  },
  "lineageInline": {
    "nodes": [{ "id":"src:swift", "type":"source" }, { "id":"view:payments", "type":"view" }],
    "edges": [{ "from":"src:swift", "to":"view:payments", "op":"ingest" }]
  },
  "qualityInline": { "window":"P30D", "aggregates": { "availabilityPct": 99.9 } }
}

Summary

By following this guide, producers can ensure that every product delivers a flattened, verifiable, and consumer-ready Digital Product Passport. This strengthens trust, compliance, and discoverability across marketplaces, regulators, and partner ecosystems.

Purpose​

Key Principles​

Producer Workflow​

Step 1. Generate Product Identifiers​

Step 2. Capture Trust Signals​

Step 3. Flatten into Inline Format​

Step 4. Package ByRef Artifacts​

Step 5. Construct the Passport​

Step 6. Sign and Seal​

Step 7. Expose via API and QR Code​

Implementation Checklist​

Producer Recommendations​

Example (Minimal Lite DPP)​

Summary​