Skip to content

OSAP Data Model

Status: See Status of This Document.

This document normatively defines the OSAP v0.1 object types. The JSON Schemas in ../schemas/ are authoritative for structure; this document is authoritative for semantics.

1. General Rules

  • All OSAP documents are JSON (RFC 8259) encoded as UTF-8.
  • All OSAP documents MUST carry the version member "osap": "0.1", except that the verification result (an output produced by a verifier, not a published document) carries it as an OPTIONAL member.
  • All timestamps are RFC 3339 date-time strings. Timestamps SHOULD be expressed in UTC with the Z suffix.
  • Unknown members are not permitted: every schema sets additionalProperties: false. Extensions require a new version or a defined extension mechanism (see index.md § 11).
  • Signed document types (attestation envelope, trust bundle, revocation list when signed) are canonicalized with the JSON Canonicalization Scheme (JCS, RFC 8785) before signing. See envelope.md.

2. Document Types

DocumentSchemaSigned
Attestation envelopeosap-envelope.schema.jsonREQUIRED
Issuer metadataosap-issuer.schema.jsonNo (integrity via HTTPS + did:web)
Trust bundleosap-trust-bundle.schema.jsonREQUIRED
Revocation listosap-revocation-list.schema.jsonRECOMMENDED (proof is optional in schema)
Transparency log entryosap-transparency-log-entry.schema.jsonExtension area, non-normative
Verification resultosap-verification-result.schema.jsonNo (local verifier output)

3. Attestation Envelope

Schema: osap-envelope.schema.json. Full semantics and signing procedure: envelope.md.

Required members: osap, id, type, issuer, issued_at, proof.

MemberTypeReq.Meaning
osap"0.1"MUSTProtocol version.
idstringMUSTStable attestation identifier, e.g. osap:attestation:sha256:<hex>. See envelope.md § Identifier.
typeenumMUSTOne of SourceAttestation, DerivativeAttestation, CorrectionAttestation, RevocationAttestation, ContextAttestation.
issuerissuerRefMUSTReference to the signing issuer (see § 3.1).
subjectsubjectOPTIONALThe asset this attestation is about (see § 3.2). REQUIRED in practice for all types except RevocationAttestation; see claims.md.
claimsarray of claimOPTIONALClaims made by the issuer (see § 3.4).
issued_atdate-timeMUSTWhen the issuer states the attestation was issued.
valid_fromdate-timeOPTIONALStart of the attestation's stated validity.
valid_untildate-timeOPTIONALEnd of the attestation's stated validity.
derived_fromarray of derivationRefOPTIONALLineage references (see § 3.5).
correctsstringOPTIONALAttestation id corrected by this CorrectionAttestation.
revokesstringOPTIONALAttestation id revoked by this RevocationAttestation.
evidencearray of evidenceRefOPTIONALSupporting evidence references (see § 3.6).
revocationobjectOPTIONALObject with required status_url (URI): where the issuer's revocation list is published.
proofproofMUSTData integrity proof (see § 3.7).

3.1 issuerRef

Required members: id, key_id.

MemberTypeReq.Meaning
idstringMUSTIssuer identifier. v0.1: a did:web identifier.
namestringOPTIONALHuman-readable issuer name. Display only; carries no identity weight.
key_idstringMUSTIdentifier of the key used to sign, e.g. did:web:publisher.example#key-2026. MUST match proof.verificationMethod.

3.2 subject

Required members: asset_hashes.

MemberTypeReq.Meaning
typestringOPTIONALMedia type of the asset, e.g. image/jpeg.
canonical_urlURIOPTIONALWhere the issuer states the asset is canonically published.
titlestringOPTIONALHuman-readable title.
asset_hashesarray of assetHashMUSTOne or more fingerprints; MUST contain at least one entry.

3.3 assetHash

Required members: alg, scope, value.

MemberTypeReq.Meaning
alg"sha256"MUSTv0.1 defines only SHA-256.
scope"exact-bytes"MUSTv0.1 defines only exact-bytes. Perceptual scopes are a future extension area.
valuestringMUSTLowercase hexadecimal digest (^[0-9a-f]+$). For SHA-256 this is 64 characters.

3.4 claim

Required members: type.

MemberTypeReq.Meaning
typestringMUSTClaim type, e.g. published_by. See claims.md for the baseline registry.
valueanyOPTIONALClaim value; type depends on the claim type.
notestringOPTIONALFree-text explanation by the issuer.

Note (non-normative): Verifying an attestation establishes that the issuer signed the claim, not that the claim is true.

3.5 derivationRef

Required members: attestation_id.

MemberTypeReq.Meaning
attestation_idstringMUSTid of the attestation covering the source asset.
relationenumOPTIONALOne of crop, resize, transcode, excerpt, translation, composite, other.
notestringOPTIONALFree-text description of the transformation.

3.6 evidenceRef

Required members: type.

MemberTypeReq.Meaning
typestringMUSTKind of evidence, e.g. official-statement, archived-publication.
urlURIOPTIONALWhere the evidence can be inspected.
notestringOPTIONALFree-text explanation.

3.7 proof

Required members: type, cryptosuite, created, verificationMethod, proofPurpose, proofValue.

MemberTypeReq.Meaning
type"DataIntegrityProof"MUSTFixed in v0.1.
cryptosuite"eddsa-jcs-2026"MUSTEd25519 over JCS canonical form. Fixed in v0.1.
createddate-timeMUSTWhen the proof was created.
verificationMethodstringMUSTKey identifier resolvable via issuer metadata, e.g. did:web:publisher.example#key-2026.
proofPurpose"assertionMethod"MUSTFixed in v0.1.
proofValuestringMUSTUnpadded base64url encoding of the raw 64-byte Ed25519 signature.

The signing input is defined in envelope.md § Canonicalization and Signing.

4. Issuer Metadata

Schema: osap-issuer.schema.json. Served at https://<domain>/.well-known/osap.json. Full semantics: identity.md.

Required members: osap, id, keys.

MemberTypeReq.Meaning
osap"0.1"MUSTProtocol version.
idstringMUSTIssuer identifier. v0.1: did:web.
namestringOPTIONALHuman-readable issuer name.
keysarray of publicKeyMUSTOne or more signing keys; MUST contain at least one entry.
revocations_urlURIOPTIONALWhere the issuer's revocation list is published.
outbox_urlURIOPTIONALWhere the issuer publishes a feed of its attestations.
lookup_urlURIOPTIONALBase URL of the issuer's hash lookup API (see discovery.md).

4.1 publicKey

Required members: id, type, publicKeyMultibase.

MemberTypeReq.Meaning
idstringMUSTKey identifier, e.g. did:web:publisher.example#key-2026.
type"Multikey"MUSTFixed in v0.1.
publicKeyMultibasestringMUSTMultibase base58btc (z...) encoding of the ed25519-pub multicodec prefix 0xed 0x01 followed by the 32-byte Ed25519 public key.
valid_fromdate-timeOPTIONALStart of the key's validity.
valid_untildate-timeOPTIONALEnd of the key's validity. See security-considerations.md on expired keys vs historical validity.

5. Trust Bundle

Schema: osap-trust-bundle.schema.json. Full semantics: trust-bundles.md and temporal-trust.md.

Required members: osap, type, id, maintainer, issued_at, entries, proof.

MemberTypeReq.Meaning
osap"0.1"MUSTProtocol version.
type"TrustBundle"MUSTFixed.
idstringMUSTBundle identifier, e.g. trustbundle:basic-example:v0.1.
maintainerobjectMUSTRequired id (string); optional name (string).
descriptionstringOPTIONALHuman-readable description of the bundle's policy.
issued_atdate-timeMUSTWhen this bundle version was issued.
expires_atdate-timeOPTIONALWhen this bundle version should be considered stale.
entriesarray of entryMUSTIssuer entries.
proofproofMUSTSame proof structure as § 3.7, signed by the maintainer.

5.1 entry

Required members: issuer, trust_periods.

MemberTypeReq.Meaning
issuerstringMUSTIssuer identifier this entry applies to.
trust_periodsarray of trustPeriodMUSTOne or more trust periods; MUST contain at least one entry.

5.2 trustPeriod

Required members: valid_from, status.

MemberTypeReq.Meaning
valid_fromdate-timeMUSTStart of the period.
valid_untildate-timeOPTIONALEnd of the period; absent means open-ended.
statusenumMUSTOne of trusted, limited_trust, high_caution, untrusted.
scopearray of stringOPTIONALClaim categories this period applies to. Absent means all categories.
topicsarray of stringOPTIONALTopic areas the maintainer associates with this period.
reasonstringOPTIONALWhy the maintainer assigned this status. SHOULD be present.
evidencearrayOPTIONALEvidence objects: required type (string), optional url (URI), optional note (string).

6. Revocation List

Schema: osap-revocation-list.schema.json. Typically published at /.well-known/osap/revocations.json.

Required members: osap, type, issuer, updated_at.

MemberTypeReq.Meaning
osap"0.1"MUSTProtocol version.
type"RevocationList"MUSTFixed.
issuerstringMUSTIssuer identifier the list belongs to.
updated_atdate-timeMUSTWhen the list was last updated.
revoked_attestationsarrayOPTIONALEntries with required id (string) and revoked_at (date-time); optional reason (string) and replacement_id (string).
revoked_keysarrayOPTIONALEntries with required key_id (string) and revoked_at (date-time); optional reason (string).
proofproofOPTIONALSame proof structure as § 3.7. Issuers SHOULD sign revocation lists.

7. Transparency Log Entry (Extension Area)

Schema: osap-transparency-log-entry.schema.json. Non-normative in v0.1; see transparency-logs.md.

Required members: osap, type, log_id, index, logged_at, attestation_id, attestation_hash.

MemberTypeReq.Meaning
osap"0.1"MUSTProtocol version.
type"TransparencyLogEntry"MUSTFixed.
log_idstringMUSTIdentifier of the log.
indexinteger ≥ 0MUSTPosition in the log.
logged_atdate-timeMUSTWhen the entry was appended.
attestation_idstringMUSTid of the logged attestation.
attestation_hashobjectMUSTRequired alg ("sha256") and value (lowercase hex): digest of the attestation document.
issuerstringOPTIONALIssuer of the logged attestation.
asset_hashstringOPTIONALLowercase hex exact-bytes hash of the subject asset, to support earlier-source queries.

8. Verification Result

Schema: osap-verification-result.schema.json. Produced locally by verifiers; full semantics: verification.md.

Required members: valid_signature, labels.

MemberTypeReq.Meaning
osap"0.1"OPTIONALProtocol version.
valid_signatureboolean or nullMUSTWhether the proof verified. null when the check could not be performed.
asset_hash_matchboolean or nullOPTIONALWhether the local asset matches a signed fingerprint. null when the asset was not available.
issuerstring or nullOPTIONALIssuer identifier, when known.
issuer_key_validboolean or nullOPTIONALWhether the signing key was valid (per issuer metadata) at issued_at.
revokedboolean or nullOPTIONALWhether the attestation is revoked. null when revocation status could not be checked.
attestation_idstringOPTIONALThe id of the attestation.
earlier_sourceobject or nullOPTIONALEarlier matching source, when discovered: required issuer, attestation_id, issued_at.
trust_resultobject or nullOPTIONALTrust-bundle interpretation (see § 8.1). null when no evaluation was performed.
labelsarrayMUSTLabel objects with required level (one of success, info, warning, error, unknown) and text (string). See ui-labels.md.

8.1 trust_result

Required members: status, bundle.

MemberTypeReq.Meaning
statusenumMUSTTrust status at the attestation's issued_at time under the selected bundle: trusted, limited_trust, high_caution, untrusted, outside_bundle, or no_bundle.
historical_statusenum or nullOPTIONALStatus at issued_at: trusted, limited_trust, high_caution, untrusted, or null (issuer not covered at that time).
current_statusenum or nullOPTIONALStatus at verification time; same values as historical_status.
scopearray of stringOPTIONALScope of the matched trust period(s).
bundlestring or nullMUSTid of the bundle evaluated, or null when status is no_bundle.

Note (non-normative): status is the headline value for the historical evaluation, while historical_status and current_status allow both evaluations to be reported explicitly. When the issuer is absent from the bundle, status is outside_bundle and both detailed statuses are null.