Skip to content

OSAP Terminology

Status: See Status of This Document.

This document defines terms used throughout the OSAP specification. These definitions are normative when used in normative sections.

Terms

Attestation

A signed OSAP document in which an issuer records a claim about a specific asset fingerprint at a specific time. An attestation establishes that the claim was made, not that it is true. See envelope.md and claims.md.

Envelope

The outer JSON structure of an attestation, defined by osap-envelope.schema.json. The envelope carries the version string, identifier, type, issuer reference, subject, claims, temporal fields, lineage references, revocation pointer, and proof. See envelope.md.

Issuer

The party that creates and signs attestations. In v0.1 an issuer is identified by a did:web identifier and publishes its keys and endpoints in issuer metadata. See identity.md.

Subject

The portion of an envelope that describes the asset an attestation is about: its media type, optional canonical URL, optional title, and one or more asset fingerprints.

Asset

The content the attestation refers to: an image, video, audio file, document, HTML page, or any other sequence of bytes.

Fingerprint

A cryptographic digest of an asset, expressed as an object with an algorithm (alg), a scope (scope), and a digest value (value). A fingerprint does not establish truthfulness or origin.

Exact-bytes hash

The only fingerprint scope defined in v0.1: "scope": "exact-bytes", a SHA-256 digest computed over the exact byte sequence of the asset, encoded as lowercase hexadecimal. Any change to the bytes — recompression, resizing, metadata edits — produces a different exact-bytes hash. Perceptual and content-aware scopes are future extension areas.

Claim

A statement made by an issuer inside an attestation, expressed as an object with a type, an optional value, and an optional note. Verification establishes only that the issuer signed the claim. See claims.md.

Proof

The DataIntegrityProof object attached to a signed OSAP document. It records the cryptosuite, creation time, verification method (key identifier), proof purpose, and the signature value. See envelope.md.

Verification

The process of checking an attestation's schema validity, canonical form, asset hash match, issuer key, signature, revocation status, trust-bundle interpretation, and temporal trust status. Verification produces a structured result and does not produce a single verified flag. See verification.md.

Trust bundle

A signed trust policy document maintained by a trust bundle maintainer. It lists issuers and the scoped trust periods assigned to them. A user selects which bundle, if any, to apply. See trust-bundles.md.

Trust period

An entry within a trust bundle giving an issuer a trust status (trusted, limited_trust, high_caution, or untrusted) for a time interval, optionally restricted to a scope of claim categories and topics, with a stated reason and optional evidence. See temporal-trust.md.

Temporal trust

Evaluation of trust status at the attestation's issuance time (historical trust status) and at verification time (current trust status). Both statuses are reported separately. See temporal-trust.md.

Revocation

The act of an issuer withdrawing a previously issued attestation or key, via a RevocationAttestation and/or an entry in the issuer's revocation list. Revocation withdraws the issuer's claim; it does not erase the historical record that the claim was made. See claims.md.

Correction

A CorrectionAttestation in which an issuer records a correction to a previously attested asset or claim, referencing the corrected attestation via corrects. The original attestation remains valid evidence of what was published. See claims.md.

Derivation / lineage

The relationship between an asset and the asset it was produced from (crop, resize, transcode, excerpt, translation, composite, or other), recorded via DerivativeAttestation and the derived_from array. Lineage is a signed assertion by the issuer, not an OSAP-verified transformation history. See claims.md.

Discovery

The process by which a verifier finds attestations and issuer metadata for an asset. v0.1 defines five mechanisms: sidecar files, well-known issuer metadata, HTTP Link headers, HTML <link> elements, and hash lookup APIs. See discovery.md.

Sidecar file

A file named <asset>.osap.json published alongside an asset, containing the attestation (or an array of attestations) for that asset. See discovery.md.

Relay

A party that redistributes attestations it did not issue. Relays are a future extension area in v0.1; the term is defined so that the role model in index.md is complete.

Transparency log

An append-only, chronology-preserving log that records that an attestation existed at a point in time. In v0.1 transparency logs are an extension area with a minimal non-normative sketch; Merkle inclusion proofs are deferred. See transparency-logs.md.

Verifier

Software that validates schemas, canonicalizes documents, checks fingerprints and signatures, consults revocation lists, and evaluates trust bundles.

User

The person, or system acting for a person, that consumes verification results and selects which trust bundle, if any, to apply.

Historical trust status

The trust status a selected trust bundle assigns to an issuer at the attestation's issued_at time. Reported separately from current trust status. See temporal-trust.md.

Current trust status

The trust status a selected trust bundle assigns to an issuer at verification time. It is reported separately from historical trust status. See temporal-trust.md.