Every digital process needs to consume some data in order to work properly. It is very common for applications to use some external data in their processes, getting them by sources such as external APIs. Therefore, trusting the received data becomes crucial in such scenarios, considering that if the data are not self-produced by the consumer, the trust in the external data source, or in the data that the source produces, can not always be taken for granted. The most used approach to generate trust in the external source is based on authenticated data structures, that are able to authenticate the source when queried through the generation of proofs. Such proofs are useful to assess authenticity or integrity, however, an external user could also be interested in verifying the data history and its consistency. This problem seems to be unaddressed by current literature, which proposes some approaches aimed at executing audits by internal actors with prior knowledge about the data structures. In this paper, we address the scenario of an external auditor with no data knowledge that wants to verify the data history consistency. We analyze the terminology and the current state of the art of the auditable data structures, then we will propose a general framework to support external audits from both internal and external users.

翻译：每个数字流程都需要消耗某些数据才能正常运行。应用在其流程中经常使用外部数据，例如通过外部API获取数据。因此，在这种情况下，信任所接收的数据变得至关重要，考虑到如果数据不是由消费者自行产生的，那么对外部数据源或该数据源所生成数据的信任就并非总能理所当然地成立。生成对外部数据源信任的最常用方法基于认证数据结构，这类结构能够在被查询时通过生成证明来认证数据源。此类证明有助于评估真实性或完整性，然而，外部用户可能也有兴趣验证数据的历史记录及其一致性。当前文献似乎未解决此问题，虽然文献中提出了一些旨在由具有先前数据结构知识的内部参与者执行审计的方法。在本文中，我们探讨了一个外部审计者（无数据知识）希望验证数据历史一致性的场景。我们分析了可审计数据结构的术语和当前技术现状，随后将提出一个通用框架，以支持来自内部和外部用户的外部审计。