Makoto Levels Specification
Makoto (誠 — "sincerity") is a specification for describing and incrementally improving data supply chain security, established by industry consensus. It is organized into a series of levels that describe increasing security guarantees.
This is Version 0.1 of the Makoto specification. It defines the provenance levels (L1, L2, L3), as well as recommended attestation formats for producing DBOMs (Data Bills of Materials).
Overview
Makoto is a security framework that establishes trust in data artifacts through verifiable attestations. It brings SLSA-style assurance levels to data pipelines, addressing the unique challenges of data supply chains while sharing SLSA's philosophy of progressive security levels.
Core Principle: Every data artifact should be accompanied by attestations that document its origin, transformations, and lineage—enabling consumers to verify the data's integrity and provenance. The resulting DBOM proves where your data came from.
Why Makoto?
While SLSA effectively secures software build pipelines, data pipelines have fundamentally different characteristics:
| Characteristic | Software (SLSA) | Data (Makoto) |
|---|---|---|
| Artifact Type | Discrete builds | Streams and batches |
| Transformations | Single build step | Multi-stage ETL pipelines |
| Granularity | File/package | Record/window/table |
| Privacy | Generally public | May contain PII |
| Velocity | Per-release | Millions of events/sec |
| Output | SBOM | DBOM |
Makoto Levels
Makoto defines three progressive levels, each building on the previous with stronger guarantees.
L1 Provenance Exists
"Documentation exists for data origin and processing."
| Requirement | Description |
|---|---|
| Attestation Exists | Machine-readable attestation accompanies the data artifact |
| Origin Documented | Source of data is recorded (may be self-attested) |
| Transforms Documented | Processing steps are listed (best-effort completeness) |
| Format Compliance | Uses Makoto attestation schema with valid predicate type |
Adoption Difficulty: Low — Can be implemented with manual documentation or simple scripting.
L2 Provenance is Authentic
"Attestations are cryptographically signed and tamper-evident."
| Requirement | Description |
|---|---|
| All L1 Requirements | Plus additional controls below |
| Signed Attestations | Digital signatures using ECDSA P-256 or equivalent |
| Tamper-Evident | Consumers can verify signature validity against known keys |
| Timestamp Binding | Attestations include verifiable timestamps (RFC 3161 or similar) |
| Hash Chaining | Each transform attestation references cryptographic hash of inputs |
Adoption Difficulty: Medium — Requires key management infrastructure. Can use Sigstore.
L3 Provenance is Unforgeable
"Attestations are generated by isolated infrastructure that processing code cannot influence."
| Requirement | Description |
|---|---|
| All L2 Requirements | Plus additional controls below |
| Isolated Signing | Signing keys stored in secure enclave, inaccessible to processing code |
| Platform-Generated | Attestations created by trusted control plane, not user code |
| Deterministic Hashing | Data hashes computed by platform, not influenced by tenant |
| Immutable Audit Trail | All attestation operations logged to append-only store |
Adoption Difficulty: High — Requires platform support with TEE or HSM.
Attestation Model
Makoto attestations use the in-toto attestation framework with Makoto-specific predicate types.
Attestation Structure
{
"_type": "https://in-toto.io/Statement/v1",
"subject": [{
"name": "dataset:customer_transactions",
"digest": {
"sha256": "abc123...",
"recordCount": "1000000"
}
}],
"predicateType": "https://makoto.dev/origin/v1",
"predicate": {
// Predicate-specific content
}
}
Predicate Types
| Predicate Type | Purpose | Used For |
|---|---|---|
makoto.dev/origin/v1 |
Data origin and collection | Initial data ingestion |
makoto.dev/transform/v1 |
Data transformation | ETL, filtering, aggregation |
makoto.dev/stream-window/v1 |
Stream window attestation | High-throughput streaming |
Data Bill of Materials (DBOM)
A DBOM documents the complete lineage of a data artifact, similar to an SBOM for software.
{
"dbomVersion": "1.0.0",
"dataset": {
"name": "ml_training_dataset_v3",
"version": "3.0.0",
"makotoLevel": "L2"
},
"sources": [
{
"name": "customer_transactions",
"attestationRef": "https://attestations.example.com/origin/abc",
"makotoLevel": "L2"
}
],
"transformations": [
{
"order": 1,
"name": "Anonymize PII",
"attestationRef": "https://attestations.example.com/transform/def"
}
]
}
Verification
Consumers verify DBOMs and Makoto attestations through the following steps:
- Fetch attestation — Retrieve attestation from registry or alongside data
- Verify signature — Validate cryptographic signature against trusted keys
- Check data hash — Compute hash of data, compare to attestation subject
- Verify lineage — Recursively verify input attestations