Skip to content

Demo

Non-normative examples. The demo illustrates draft v0.1 behavior; it is not production UX guidance. Normative label requirements are defined in UI Labels.

Labels below use the exact catalogue strings; {…} values are supplied by the verifier.

A. Signed asset from an issuer trusted for the scope

Applicable labels include:

  • ✓ Signature valid: signed by
  • ✓ Exact asset matches signed fingerprint
  • ✓ Attestation not revoked
  • ✓ Source trusted for {scope} under selected bundle

B. Misleading content signed by its issuer

The asset matches the fingerprint signed by an issuer outside the selected trust bundle. A valid signature does not establish that the claim is true.

  • ✓ Signature valid: signed by
  • ✓ Exact asset matches signed fingerprint
  • ⚠ Issuer outside selected trust bundle
  • ⚠ Claim is made by issuer, not proven as true
  • ⚠ Earlier matching source found from

The chronology label applies only when the verifier has corresponding earlier-source evidence.

C. Ownership change

For an older attestation issued during a trusted period:

  • ⓘ Published during previously trusted period
  • ⚠ Source currently marked {current status} by selected trust bundle

For a later attestation within a high_caution period:

  • ⚠ Source marked high caution by selected trust bundle
  • ⚠ Claim is made by issuer, not proven as true

Scope determines whether a trust period applies.

D. Asset changed after signing

When the local bytes differ from the signed fingerprint:

  • ✕ Asset hash does not match signed fingerprint

Signature validity is reported separately.

E. Attestation metadata removed

Removing an embedded reference, sidecar, or discovery link does not create a negative verification label. A byte-identical file can still be associated with an attestation already held by the verifier or found through an opt-in hash lookup.

An absent embedded reference or a successful hash lookup is a discovery event, not a normative verification label. After discovery, the verifier reports the applicable catalogue labels.

CLI flow

The reference CLI supports this sequence:

sh
osap keygen
osap hash ./photo.jpg
osap sign ./photo.jpg --claim published_by
osap verify ./photo.jpg
osap trust check ./photo.jpg --bundle ./trust-bundle.json

Repository material:

The verifier presents signature validity, issuer identity, exact-byte integrity, chronology, revocation, and trust-bundle interpretation as separate results.