Cryptographic Provenance Attestation in Data Pipelines: Structural Guarantees for Data Trustworthiness via W3C VC/DID

AI decision-making structurally depends on data pipelines, yet current pipelines move data without cryptographically attesting its provenance. This paper proposes PipelinePassCredential, a design that issues W3C Verifiable Credential (VC) attestations signed with Decentralized Identifiers (DID) at each process boundary of a linear inter-organizational pipeline chain. The design assigns a DID to each process boundary, records input/output hashes and transformation metadata in each VC, and links successive VCs into a signature chain that enables recipients to independently verify data integrity, signer authenticity, and organizational attribution. An opt-in trust model and a delegation chain from owner DID to process DID address the near-zero cost of DID creation. We compare 8 existing provenance approaches using a five-axis classification framework, evaluate the proposed design against an extended seven-axis framework, and analyze security properties under a Dolev-Yao attacker model with STRIDE threat coverage verification. The design attests to who signed the data and the structure of the provenance chain, but not to the truthfulness of signed content. End-to-end performance of the full VC/Data Integrity stack remains unmeasured; empirical validation is an open challenge.