PROV-O Provenance

PROV-O gives you three core classes:

• prov:Entity — the data (e.g. a graph, a document)
• prov:Activity — the process that produced it
• prov:Agent — the human or service responsible

Plus connectors like prov:wasGeneratedBy, prov:wasAttributedTo, prov:wasDerivedFrom. Together they let you reconstruct who added what when — the audit trail your security team will eventually demand.

PROV-O is the git log of your knowledge graph. Without it you can't tell an authoritative triple from one a junior service injected by accident.

And like git blame, the value is greatest at 3am during an incident: when a dashboard goes weird you can trace each suspicious triple back to the activity that produced it and the agent who ran it — instead of guessing.

Worked example — a complete provenance record.

You imported a graph using activity :import_42, run by user :alice. Record the full audit trail like this:

@prefix prov: <http://www.w3.org/ns/prov#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

:graph_2025_05_18 a prov:Entity ;
  prov:wasGeneratedBy :import_42 .

:import_42 a prov:Activity ;
  prov:wasAssociatedWith :alice ;
  prov:startedAtTime "2025-05-18T10:30:00Z"^^xsd:dateTime .

:alice a prov:Agent ;
  foaf:name "Alice" .

How to read it: the Entity points to the Activity that produced it (prov:wasGeneratedBy); the Activity points to the Agent responsible (prov:wasAssociatedWith). For the playground below you only need those two connector triples — declaring the classes (a prov:Entity / Activity / Agent) is recommended but the grader accepts the minimal form.