Skip to content

Temporal Trust

Status and BCP 14 terminology are defined in Status of This Document.

This document defines trust periods, historical and current trust-status evaluation and reporting, and the treatment of ownership changes.

1. Why Trust Is Time-Aware

Issuer characteristics can change because of acquisitions, domain transfers, key compromise, or changes in editorial practice. A current assessment therefore does not necessarily apply to earlier attestations.

Each trust assignment is a period with a status and time interval. A period can include a scope, reason, and evidence; the containing bundle carries the maintainer's signature.

2. Trust Periods

A trust period (data-model.md § 5.2) contains:

  • valid_from (REQUIRED) and valid_until (OPTIONAL; absent means open-ended)
  • status (REQUIRED): trusted, limited_trust, high_caution, or untrusted
  • scope (OPTIONAL): claim categories the period applies to; absent means all
  • topics (OPTIONAL), reason (OPTIONAL, SHOULD be present), evidence (OPTIONAL)

A period covers time T when valid_from ≤ T and (valid_until absent or valid_until > T). Adjacent periods sharing a boundary instant are interpreted half-open: the boundary belongs to the later period.

3. Dual Evaluation: Historical and Current

For every attestation evaluated against a bundle entry, the verifier MUST compute two statuses (algorithm in trust-bundles.md § 5):

  1. Historical trust status — the status at the attestation's issued_at time. Reported as trust_result.historical_status and as the headline trust_result.status.
  2. Current trust status — the status at verification time. Reported as trust_result.current_status.

Normative reporting rules:

  • Both statuses MUST be computed and reported whenever the issuer has a bundle entry.
  • Current distrust MUST NOT erase or hide historical trust. An attestation issued during a trusted period keeps that historical status forever, regardless of what the issuer became.
  • Historical trust MUST NOT hide current distrust. When the current status is worse than the historical one, the verifier MUST surface both.
  • When the statuses differ, both MUST be labeled, e.g. "Published during previously trusted period" (info) plus "Source currently marked high caution by selected trust bundle" (warning). See ui-labels.md.
  • An issuer with no bundle entry yields status: "outside_bundle"; no selected bundle yields status: "no_bundle". Neither has historical/current sub-statuses (null).

Note (informative): issued_at is the issuer's statement of when the attestation was made and can be backdated. Transparency-log data can provide independent chronology evidence; see transparency-logs.md, threat-model.md, and security-considerations.md.

4. Worked Example: Ownership Change (Non-Normative)

This walks the bundle in ../examples/trust-bundle-temporal.json end to end.

4.1 The setting

example-news.org was a reliable local news organization from 2014. In March 2026 it was acquired; the newsroom's editorial policy came under review. From May 2026, its coverage of political topics showed a pattern of unsupported claims. The maintainer of trustbundle:public-news-example:v0.1 records this as three periods for did:web:example-news.org:

PeriodStatusScopeReason
2014-01-01 → 2026-03-15trustedpublication_claims, correction_claims, local_reportingStable editorial ownership and correction record.
2026-03-15 → 2026-05-01limited_trustpublication_claimsOwnership changed; editorial policy under review.
2026-05-01 → openhigh_cautionpolitical_claims, conflict_reportingPost-acquisition pattern of unsupported political claims.

The maintainer records each change by closing the preceding period and opening a new one.

4.2 An old article, verified today

A SourceAttestation for a 2019 local-news article (issued_at: 2019-06-01T…) is verified in July 2026.

  • Historical evaluation at 2019-06-01: the first period covers it → historical_status: "trusted" (and status: "trusted").
  • Current evaluation at verification time (July 2026): the open high_caution period covers now, but it is scoped to political_claims and conflict_reporting. For a publication_claims-category attestation, no in-scope period covers the current time → current_status: null.

The user sees, alongside the evidence labels: "ⓘ Published during previously trusted period". The 2026 acquisition does not change the historical status of the 2019 attestation. Had the current period been unscoped, current_status would be high_caution and a warning would accompany the info label.

4.3 A new political article, verified today

A SourceAttestation for a political story issued 2026-06-10 is verified in July 2026. Its claims fall in political_claims.

  • Historical evaluation at 2026-06-10: the high_caution period covers it and is in scope → historical_status: "high_caution".
  • Current evaluation: same period → current_status: "high_caution".

The user sees a valid-signature label together with "⚠ Source marked high caution by selected trust bundle" and "⚠ Claim is made by issuer, not proven as true". The signature result and trust status are reported separately.

4.4 An article from the transition window

An attestation issued 2026-04-10 with publication claims: historical status is limited_trust (scoped to publication_claims), so the user sees "⚠ Source had limited trust when this was published", plus whatever the current evaluation yields.

4.5 What this example demonstrates

  • The three status changes are represented by separate periods.
  • Each attestation receives the historical status applicable at its issued_at time.
  • Scope limits the high_caution status to political_claims and conflict_reporting.
  • Each status has an attributable reason, and users can select or fork a different bundle (trust-bundles.md § 8).