Specification
OSAP v0.1 is an experimental draft, not a standard. It specifies signed attestations, discovery, verification, and user-selected trust-bundle interpretation. It does not determine whether content is true or appoint a global trust authority.
Start with the specification overview, then read the chapters in this order:
- Overview — scope, status, roles, roadmap, and open issues.
- Terminology — terms used throughout the specification.
- Data Model — documents, fields, and verification results.
- Envelope — structure, identifiers, canonicalization, and signing.
- Claims — attestation and claim types.
- Identity — issuer identity, metadata, keys, and compromise handling.
- Discovery — local and network discovery mechanisms.
- Verification — the verification algorithm and result semantics.
- Trust Bundles — signed trust policies and evaluation.
- Temporal Trust — historical and current trust status.
- Transparency Logs — an optional chronology extension.
- Privacy — offline operation and network privacy requirements.
- Security Considerations — implementation requirements and guidance.
- Threat Model — attacks, protocol behavior, and residual risks.
- UI Labels — separate, named verification-result labels.
- Conformance — conformance levels and test-vector requirements.
All chapters are normative except Transparency Logs and Threat Model, which are informative. Individual sections and notes marked informative or non-normative also do not define requirements.
JSON Schemas, structural examples, and signed test vectors accompany the specification. The overview identifies which proposed extensions remain outside v0.1.