# Claimant model ## **System^CHECKSUM**: System^CHECKSUM is about the claims made by a _data publisher_. * **Claim^CHECKSUM**: _I, data publisher, claim that the data_: 1. has cryptographic hash X 2. can be located using X as an identifier 3. has properties Y (_"ecosystem specific_") * **Statement^CHECKSUM**: signed checksum
* **Claimant^CHECKSUM**: data publisher
The data publisher is a party that wants to publish some data to an end-user. * **Believer^CHECKSUM**: end-user
Belief is based on seeing a valid Statement^CHECKSUM. * **Verifier^CHECKSUM**: any interested party
These parties try to verify the above claims. For example: * the data publisher itself (_"has my identity been compromised?"_) * third-parties that want to look further into the data (_"ecosystem specific_") * **Arbiter^CHECKSUM**:
There's no official body. Invalidated claims would affect reputation. **Example.** The published data could be an executable binary from a reproducible build. The ecosystem-specific claim would be that the corresponding source code can be looked-up in a public database using X as an identifier. A rebuilder would verify this claim by compiling the source, comparing the hashed output to the claimed value. ## **System^{CHECKSUM-LOG^{**:
System^CHECKSUM-LOG is about the claims made by a _log operator_.
It adds _discoverability_ into System^CHECKSUM. Discoverability means
that Verifier^CHECKSUM can see all Statement^CHECKSUM that
Believer^CHECKSUM will accept.

* **Claim^CHECKSUM-LOG**:
_I, log operator, make available:_
1. a globally consistent append-only log of Statement^CHECKSUM
* **Statement^CHECKSUM-LOG**: signed tree head
* **Claimant^CHECKSUM-LOG**: log operator

Possible operators might be:
* a small subset of data publishers
* members of relevant consortia
* **Believer^CHECKSUM-LOG**:
Believer^CHECKSUM and
Verifier^CHECKSUM

Belief is based on two factors:
1. seeing a valid Statement^CHECKSUM-LOG
2. seeing a number of valid Statement^{CHECKSUM-WITNESS} from
independent instances on System^{CHECKSUM-WITNESS}

A _policy_ defines the exact conditions that must be met.
* **Verifier^CHECKSUM-LOG**: System^{CHECKSUM-WITNESS}

Witnesses verify the log's append-only property from their own local
vantage point(s).
* **Arbiter^CHECKSUM-LOG**:

There is no official body. The ecosystem at large should stop using an
instance of System^CHECKSUM-LOG if cryptographic proofs of log
misbehavior are preseneted by some Verifier^CHECKSUM-LOG.

## **System^{CHECKSUM-WITNESS^{**:
System^{CHECKSUM-WITNESS} is about making the claims of a log operator
_trustworthy_.
* **Claim^{CHECKSUM-WITNESS}**:
_I, witness, claim that_:
1. System^CHECKSUM-LOG provides a locally consistent append-only
log
* **Statement^{CHECKSUM-WITNESS}**: signed tree head
* **Claimant^{CHECKSUM-WITNESS}**: third party

Examples of parties that may take on this role include:
* members of relevant consortia
* non-profits and other reputable organizations
* security enthusiasts and researchers
* log operators (cross-ecosystem)
* monitors (cross-ecosystem)
* a small subset of data publishers (cross-ecosystem)
* **Believer^{CHECKSUM-WITNESS}**:
Believer^CHECKSUM and
Verifier^CHECKSUM

Belief is based on seeing a valid Statement^{CHECKSUM-WITNESS}.
* **Verifier^{CHECKSUM-WITNESS}**: n/a

Witnesses are trusted parties. Security is based on _strength in numbers_.
* **Arbiter^{CHECKSUM-WITNESS}**:

There is no official body. Invalidated claims would affect reputation.}}}}