Skip to content

FAQ

Non-normative overview. The specification is authoritative for OSAP v0.1 requirements.

Does OSAP determine whether content is true?

No. A successful verification shows that an issuer signed claims about a particular content fingerprint at a particular time. It does not establish that the claims are true. The distinction is defined in Claims and Verification.

How is OSAP different from C2PA?

C2PA supports manifests in media workflows. OSAP v0.1 uses detached attestations that may be carried in sidecar files or found through well-known records, HTTP links, HTML links, or exact-hash lookup. Interoperability with C2PA is a possible future extension, not part of v0.1.

Does OSAP require a blockchain?

No. Attestations carry signed timestamps. Transparency logs are described as an informative extension, while other anchoring mechanisms are outside v0.1.

Who decides which issuers to trust?

The user chooses a trust bundle, or chooses not to apply one. A bundle is a signed policy maintained independently of the protocol. It evaluates issuers by scope and time.

What happens when an issuer's status changes?

A trust bundle contains dated trust periods. A verifier evaluates the issuer's status both when the attestation was issued and at verification time, so a later status change does not rewrite the earlier assessment. See Temporal Trust.

What about screenshots and modified copies?

OSAP v0.1 uses exact-byte hashes. It can match an unchanged copy, but not a screenshot, crop, resized image, or recompressed file. Perceptual and content-aware fingerprints are outside the scope of v0.1.

Can verification reveal what I am reading?

A verifier can work offline when its inputs are available locally. Remote hash lookup may reveal interest in a particular fingerprint, so it is privacy-sensitive and requires a warning. See Privacy.

Can attestations be revoked?

Yes. OSAP defines revocation lists and signed RevocationAttestation records. Revocation withdraws the issuer's claim but does not erase the earlier attestation. A verifier keeps the record visible and labels it as revoked.

Is OSAP ready for production use?

No. OSAP is experimental draft v0.1. The schemas, examples, CLI, demos, and website support standards discussion and reference implementation work.

What is a signed claim?

A claim is an issuer's statement inside an attestation envelope. The signature binds the envelope, including its claims, issuer, time, and subject fingerprint. Verification attributes the statement to the issuer; it does not prove the statement true.