Why we built openclearance
One question, a dozen vocabularies.
Ask whether you may reuse a museum artwork and the answer arrives in fragments. Is it CC0 or a Public Domain Mark? Does the museum's own terms page qualify the licence? Is there a rights statement, a provenance record, a certificate of authenticity? Each answers a different part of the question, in a different format, and none of them tells you the thing you actually need: may I print this and sell it?
The landscape we surveyed
Rights and provenance for cultural works live in separate, non-interoperable systems, each solving one layer well.
| Layer | What carries it today |
|---|---|
| Rights status | Creative Commons (CC0, CC BY…) and the Public Domain Mark; RightsStatements.org (In Copyright, No Known Copyright…) for what CC does not cover |
| Description + provenance | schema.org CreativeWork and Dublin Core: who made it, when, where it lives |
| Determination provenance | W3C PROV: who decided the status, when, on what evidence |
| Content authenticity | C2PA: tamper-evident, signed provenance that travels with the file |
| Institutional terms | each museum's bespoke terms-of-use page, often qualifying the licence in prose |
| Certificates of authenticity | the art world's existing trust documents, built for objects, not reuse |
Each is good at its layer. None binds them into a single, verifiable answer to "what may I do with this?"
What openclearance does, and doesn't
The Clearance Manifest adds no new licence and no new rights vocabulary to the pile. It composes the ones that already exist. Through one JSON-LD context it binds Creative Commons and RightsStatements.org (status), schema.org and Dublin Core (description and provenance), and W3C PROV (the determination event), and adds just one original thing: a thin clearance layer that translates "what the rights say" into "what you may do," as binary, auditable answers.
- Commercial reproduction yes / no
- Derivatives yes / no
- Attribution required yes / no
Each answer carries its basis: the rule and the input that produced it, so a person or an agent can check the reasoning, not just the verdict.
It carries the determination; it does not make the law
An external authority, a museum or an engine, decides; the manifest carries that decision, immutably and auditably, in a tamper-evident envelope aligned to C2PA. A manifest is emitted for cleared and non-cleared works alike: a deny is a valid answer, not an error.
Compose, don't reinvent. Everything that already works keeps working; openclearance is the thin layer that makes them answer one question together.
Integrity that travels with the work
A manifest's integrity is defined over bytes, the way DSSE, JWS, COSE, and C2PA all define it. The default Tier 0 envelope is keyless and byte-exact: it carries the payload as its exact UTF-8 JSON string alongside a SHA-256 over those exact bytes, so any consumer can recompute the hash and confirm nothing changed in transit. No signing keys, no canonicalization library, no canonicalization attack surface.
Signed tiers build on the same payload. Tiers 1 and 2 carry it as a C2PA assertion and add a signature, which lets the manifest support authenticity claims where a commercial use needs them. The payload is unchanged across tiers; only the envelope around it grows.
The reference engine, open-museum-mcp, emits Tier 0 today. It is a strict, fail-closed rights gate: any signal that is missing, ambiguous, or not affirmatively permissive resolves to a deny.