Every digital process needs to consume some data in order to work properly.
It is very common for applications to use some external data in their
processes, getting them by sources such as external APIs. Therefore, trusting
the received data becomes crucial in such scenarios, considering that if the
data are not self-produced by the consumer, the trust in the external data
source, or in the data that the source produces, can not always be taken for
granted. The most used approach to generate trust in the external source is
based on authenticated data structures, that are able to authenticate the
source when queried through the generation of proofs. Such proofs are useful to
assess authenticity or integrity, however, an external user could also be
interested in verifying the data history and its consistency. This problem
seems to be unaddressed by current literature, which proposes some approaches
aimed at executing audits by internal actors with prior knowledge about the
data structures. In this paper, we address the scenario of an external auditor
with no data knowledge that wants to verify the data history consistency. We
analyze the terminology and the current state of the art of the auditable data
structures, then we will propose a general framework to support external audits
from both internal and external users