Skip to content

Manifesto

Information often loses its provenance as it moves between publishing systems. Statements are quoted without their source, screenshots replace originals, and excerpts and reuploads separate content from the context that supplied its meaning. These ordinary transformations make attribution difficult to check.

A generic verification badge does not solve this problem. It can obscure several different questions: whether a signature is valid, whether the content matches the signed fingerprint, whether the signing key belongs to the named issuer, and whether that issuer is considered reliable. A single mark encourages readers to treat all of those questions as one conclusion.

Cryptography has a narrower and useful role. A valid signature can establish that an issuer signed particular claims about a fingerprint at a recorded time. It cannot establish that those claims are accurate, complete, or honest.

OSAP is an attempt to preserve that distinction in the protocol and its interfaces. Verification reports individual evidence checks, and the labeling rules avoid an aggregate “verified” result.

Trust remains a matter of policy. A trust bundle records a maintainer's assessment of issuers by scope and time. Bundles are signed and replaceable, and a verifier lets the user choose one or proceed without one. Different groups can therefore interpret the same evidence without giving the protocol control over whom they must trust.

OSAP v0.1 is an experimental draft. Its immediate aim is modest: make provenance claims portable, make the available checks explicit, and keep policy separate from cryptographic evidence.