# Claimant model ## **System^CHECKSUM**: System^CHECKSUM is about the claims made by a _data publisher_. * **Claim^CHECKSUM**: _I, data publisher, claim that the data_: 1. has cryptographic hash X 2. can be located using X as an identifier 3. has properties Y (_"ecosystem specific_") * **Statement^CHECKSUM**: signed checksum
* **Claimant^CHECKSUM**: data publisher
The data publisher is a party that wants to publish some data to an end-user. * **Believer^CHECKSUM**: end-user
Belief is based on seeing a valid Statement^CHECKSUM. * **Verifier^CHECKSUM**: any interested party
These parties try to verify the above claims. For example: * the data publisher itself (_"has my identity been compromised?"_) * third-parties that want to look further into the data (_"ecosystem specific_") * **Arbiter^CHECKSUM**:
There's no official body. Invalidated claims would affect reputation. **Example.** The published data could be an executable binary from a reproducible build. The ecosystem-specific claim would be that the corresponding source code can be looked-up in a public database using X as an identifier. A rebuilder would verify this claim by compiling the source, comparing the hashed output to the claimed value. ## **System^CHECKSUM-LOG**: System^CHECKSUM-LOG is about the claims made by a _log operator_. It adds _discoverability_ into System^CHECKSUM. Discoverability means that Verifier^CHECKSUM can see all Statement^CHECKSUM that Believer^CHECKSUM will accept. * **Claim^CHECKSUM-LOG**: _I, log operator, make available:_ 1. a globally consistent append-only log of Statement^CHECKSUM * **Statement^CHECKSUM-LOG**: signed tree head * **Claimant^CHECKSUM-LOG**: log operator
Possible operators might be: * a small subset of data publishers * members of relevant consortia * **Believer^CHECKSUM-LOG**: Believer^CHECKSUM and Verifier^CHECKSUM
Belief is based on two factors: 1. seeing a valid Statement^CHECKSUM-LOG 2. seeing a number of valid Statement^{CHECKSUM-WITNESS} from independent instances on System^{CHECKSUM-WITNESS}. * **Verifier^CHECKSUM-LOG**: System^{CHECKSUM-WITNESS}
Witnesses verify the log's append-only property from their own local vantage point(s). * **Arbiter^CHECKSUM-LOG**:
There is no official body. The ecosystem at large should stop using an instance of System^CHECKSUM-LOG if cryptographic proofs of log misbehavior are preseneted by some Verifier^CHECKSUM-LOG. ## **System^{CHECKSUM-WITNESS}**: System^{CHECKSUM-WITNESS} is about making the claims of a log operator _trustworthy_. * **Claim^{CHECKSUM-WITNESS}**: _I, witness, claim that_: 1. System^CHECKSUM-LOG provides a locally consistent append-only log * **Statement^{CHECKSUM-WITNESS}**: signed tree head * **Claimant^{CHECKSUM-WITNESS}**: third party
Examples of parties that may take on this role include: * members of relevant consortia * non-profits and other reputable organizations * security enthusiasts and researchers * log operators (cross-ecosystem) * monitors (cross-ecosystem) * a small subset of data publishers (cross-ecosystem) * **Believer^{CHECKSUM-WITNESS}**: Believer^CHECKSUM and Verifier^CHECKSUM
Belief is based on seeing a valid Statement^{CHECKSUM-WITNESS}. * **Verifier^{CHECKSUM-WITNESS}**: n/a
Witnesses are trusted parties. Security is based on _strength in numbers_. * **Arbiter^{CHECKSUM-WITNESS}**:
There is no official body. Invalidated claims would affect reputation.