Conformance
Status and normative language: See Status of This Document.
This document defines the OSAP v0.1 conformance levels and normative requirement checklists.
1. Conformance Levels
OSAP v0.1 defines three conformance levels. An implementation MAY claim more than one.
| Level | Applies to |
|---|---|
| OSAP Verifier (Basic) | Software that verifies attestations and presents results |
| OSAP Issuer (Basic) | Parties that create and publish attestations |
| OSAP Trust Bundle Maintainer | Parties that publish trust bundles |
Extension areas (transparency logs, relays, perceptual fingerprints, etc.) have no conformance levels in v0.1; implementations experimenting with them MUST NOT describe that behavior as OSAP-conformant.
2. OSAP Verifier (Basic)
A conforming basic verifier:
- MUST validate documents against the JSON Schemas in
../schemas/and reject documents that fail, per verification.md § 3, Step 1. - MUST implement JCS (RFC 8785) canonicalization and the signature verification procedure of envelope.md § 6.2, including strict Ed25519 verification and the 64-byte unpadded-base64url
proofValuerequirement (security-considerations.md § 2). - MUST compute exact-bytes SHA-256 fingerprints and compare them against
subject.asset_hashes(verification.md § 3, Step 3). - MUST resolve
did:webissuer metadata from/.well-known/osap.jsonover HTTPS, verify theidbinding, and decode Multikey Ed25519 keys (identity.md). - MUST evaluate key validity at the attestation's
issued_at, and MUST NOT invalidate signatures merely because the key has since expired (identity.md § 5, security-considerations.md § 6). - MUST execute the verification algorithm steps in the order given in verification.md and produce results conforming to
osap-verification-result.schema.json, distinguishingtrue/false/nulloutcomes. - MUST implement revocation checking, reporting an unreachable list as
null("could not be checked"), never as "not revoked" (verification.md § 3, Step 6). - MUST implement trust-bundle evaluation, including bundle signature verification, scope matching, and dual historical/current temporal evaluation (trust-bundles.md § 5, temporal-trust.md).
- MUST report historical and current trust status separately; current distrust MUST NOT erase or hide historical trust, and vice versa (temporal-trust.md § 3).
- MUST allow the user to select, replace, or deselect trust bundles; MUST NOT hard-code an irreplaceable default (trust-bundles.md § 7).
- MUST be able to verify fully offline given local attestation, asset, issuer metadata, revocation list, and bundle; MUST NOT phone home; MUST make hash lookup opt-in; MUST NOT reveal the user's bundle selection to any party (privacy.md).
- MUST implement the labeling requirements of ui-labels.md, including the prohibition on generic "verified" indicators, when it presents results to users. (A library verifier with no UI satisfies this by emitting the label catalogue in its results.)
- MUST support sidecar and well-known discovery, SHOULD support
Link-header and HTML<link>discovery, and MAY support hash lookup (discovery.md). - SHOULD pass the applicable test vectors (§ 5).
3. OSAP Issuer (Basic)
A conforming basic issuer:
- MUST publish issuer metadata at
https://<domain>/.well-known/osap.jsonover HTTPS, valid againstosap-issuer.schema.json, withidmatching the serving domain'sdid:webidentifier (identity.md § 3). - MUST publish at least one Multikey Ed25519 key and keep superseded keys published after rotation (identity.md § 5).
- MUST produce envelopes valid against
osap-envelope.schema.json, carrying"osap": "0.1", signed per envelope.md § 6.1 withissuer.key_idequal toproof.verificationMethod. - MUST compute fingerprints as SHA-256 over exact bytes, lowercase hex,
scope: "exact-bytes". - MUST make each attestation discoverable through at least one of the five mechanisms in discovery.md; SHOULD support sidecar files.
- MUST publish a revocation list valid against
osap-revocation-list.schema.json(which MAY be empty), SHOULD sign it, and SHOULD reference it viarevocation.status_urlin envelopes. - MUST use
RevocationAttestation/revocation-list entries to withdraw attestations, and MUST NOT attempt to retract by deleting or altering published attestations — a changed document simply fails its signature (claims.md § 4.4). - MUST follow the key-compromise procedure of identity.md § 6 when a key is compromised.
- MUST NOT describe OSAP attestations as proving content truth in the surrounding presentation; see ui-labels.md § 1.
- SHOULD issue
CorrectionAttestations for substantive corrections, and SHOULD includeevidencewhere claims rest on identifiable sources (claims.md).
4. OSAP Trust Bundle Maintainer
A conforming trust bundle maintainer:
- MUST publish bundles valid against
osap-trust-bundle.schema.json, signed per envelope.md § 6, with verification keys discoverable (SHOULD: viadid:webissuer metadata). - MUST express all trust as trust periods with explicit
statusvalues; MUST NOT publish any aggregate numeric trust score or truth rating. - MUST record status changes by closing and opening periods, preserving history rather than silently rewriting it (trust-bundles.md § 6).
- MUST version bundles, SHOULD set
expires_at, and SHOULD keep superseded versions retrievable. - SHOULD provide
reasonfor every period andevidenceforhigh_cautionanduntrustedperiods. - SHOULD document its claim-category scope vocabulary and a dispute process for listed issuers.
- MUST NOT present its bundle as an authority on truth or as the canonical OSAP trust source; bundles are replaceable and forkable (trust-bundles.md § 8).
5. Test Vectors
Conformance test vectors are in the ../test-vectors/ directory. Coverage includes:
- JCS canonicalization inputs and expected canonical bytes (
canonicalization/), including number- and Unicode-edge cases. - Signed scenarios with real keys (
keys/): one directory per case undervalid/(source, derivative, correction, context, revocation attestation) andinvalid/(modified envelope or asset after signing, malformed proof, unknown/expired/revoked key, missing issuer metadata, revoked attestation, trust-period and scope mismatches), each bundling the attestation, issuer metadata, revocation list, trust bundle, and expected verification result. - Temporal trust evaluation against bundles mirroring
../examples/trust-bundle-temporal.json, verifying dual historical/current status output.
The documents in ../examples/ additionally serve as structural fixtures; their proofValue fields are placeholders and do not verify cryptographically.