Skip to content

What OSAP Proves

Non-normative overview. The complete verification algorithm is defined in Verification.

OSAP verification answers a limited set of questions about an attestation.

Signature validity

A verifier checks the signature over the canonicalized attestation envelope. In v0.1, DataIntegrityProof with the eddsa-jcs-2026 cryptosuite means JCS canonicalization followed by Ed25519 signing.

Identity binding

The verifier resolves the issuer's did:web metadata, finds the key named by the proof, and checks that the key was valid when the attestation was issued. This binds a valid signature to the issuer identifier, not to the accuracy of the issuer's claims.

Asset integrity

When the asset bytes are available, the verifier compares their SHA-256 digest with each exact-bytes fingerprint in the subject. A match establishes that the checked bytes are the bytes described by that fingerprint.

Chronology

The signed envelope includes issued_at, and its proof includes created. A transparency log can add evidence of when it observed an attestation. These records support chronology without establishing that the issuer was the first real-world source.

Lineage

A DerivativeAttestation can use derived_from to reference earlier attested material. Verification establishes that the issuer made the lineage claim; it does not establish that the stated transformation occurred. See Claims.

Correction and revocation

Correction and revocation records can show that an issuer later corrected or withdrew an attestation. They add to the record without removing the earlier signed statement.

After these checks, a selected trust bundle can supply a separate policy assessment of the issuer by scope and time. The verifier reports each result separately, as required by the labeling rules.