diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/claimant.md | 88 |
1 files changed, 24 insertions, 64 deletions
diff --git a/doc/claimant.md b/doc/claimant.md index 6728fef..cfb6198 100644 --- a/doc/claimant.md +++ b/doc/claimant.md @@ -1,71 +1,31 @@ -# Claimant model -## **System<sup>CHECKSUM</sup>** -System<sup>CHECKSUM</sup> is about the claims made by a data publisher. -* **Claim<sup>CHECKSUM</sup>**: - _I, data publisher, claim that the data_: - 1. has cryptographic hash X - 2. is produced by no-one but myself -* **Statement<sup>CHECKSUM</sup>**: signed checksum<br> -* **Claimant<sup>CHECKSUM</sup>**: data publisher<br> - The data publisher is a party that wants to publish some data. -* **Believer<sup>CHECKSUM</sup>**: end-user<br> - The end-user is a party that wants to use some published data. -* **Verifier<sup>CHECKSUM</sup>**: data publisher<br> - Only the data publisher can verify the above claims. -* **Arbiter<sup>CHECKSUM</sup>**:<br> - There's no official body. Invalidated claims would affect reputation. +# Use-case specific claimant models +Sigsum logs can be used for a variety of use-cases. One way to describe your +use-case is with the + [claimant model](https://github.com/google/trillian/blob/master/docs/claimantmodel/CoreModel.md). +You will realize that verifiers must see the same signed statements as believers. +Sigsum solves that. -System<sup>CHECKSUM\*</sup> can be defined to make more specific claims. Below -is a reproducible builds example. +XXX: add more examples. -### **System<sup>CHECKSUM-RB</sup>**: -System<sup>CHECKSUM-RB</sup> is about the claims made by a _software publisher_ -that makes reproducible builds available. -* **Claim<sup>CHECKSUM-RB</sup>**: - _I, software publisher, claim that the data_: +## **System<sup>RB</sup>**: +System<sup>RB</sup> is about the claims made by a _software publisher_ that +makes reproducible builds available. +* **Claim<sup>RB</sup>**: + _I, software publisher, claim that the right opaque data_: 1. has cryptographic hash X - 2. is the output of a reproducible build for which the source can be located - using X as an identifier -* **Statement<sup>CHECKSUM-RB</sup>**: Statement<sup>CHECKSUM</sup> -* **Claimant<sup>CHECKSUM-RB</sup>**: software publisher<br> - The software publisher is a party that wants to publish the output of a - reproducible build. -* **Believer<sup>CHECKSUM-RB</sup>**: end-user<br> - The end-user is a party that wants to run an executable binary that built - reproducibly. -* **Verifier<sup>CHECKSUM-RB</sup>**: any interested party<br> + 2. is the output of a reproducible build for which the source and relevant + build-info information can be located in repository Y using X as an identifier +* **Statement<sup>RB</sup>**: Statement<sup>CHECKSUM</sup><br> + The signed statement encodes a cryptographic hash X. +* **Claimant<sup>RB</sup>**: software publisher<br> + The software publisher is a party that wants to publish a reproducible + build. +* **Believer<sup>RB</sup>**: end-user<br> + The end-user is a party that wants to run an executable binary if it + builds reproducibly. +* **Verifier<sup>RB</sup>**: any interested party<br> These parties try to verify the above claims. For example: * the software publisher itself (_"has my identity been compromised?"_) * rebuilders that check for locatability and reproducibility -* **Arbiter<sup>CHECKSUM-RB</sup>**:<br> +* **Arbiter<sup>RB</sup>**:<br> There's no official body. Invalidated claims would affect reputation. - -## **System<sup>CHECKSUM-LOG</sup>**: -System<sup>CHECKSUM-LOG</sup> is about the claims made by a _log operator_. -It adds _discoverability_ into System<sup>CHECKSUM\*</sup>. Discoverability -means that Verifier<sup>CHECKSUM\*</sup> can see all -Statement<sup>CHECKSUM</sup> that Believer<sup>CHECKSUM\*</sup> accept. - -* **Claim<sup>CHECKSUM-LOG</sup>**: - _I, log operator, make available:_ - 1. a globally consistent append-only log of Statement<sup>CHECKSUM</sup> -* **Statement<sup>CHECKSUM-LOG</sup>**: signed tree head -* **Claimant<sup>CHECKSUM-LOG</sup>**: log operator<br> - Possible operators might be: - * a small subset of data publishers - * members of relevant consortia -* **Believer<sup>CHECKSUM-LOG</sup>**: - * Believer<sup>CHECKSUM\*</sup> - * Verifier<sup>CHECKSUM\*</sup><br> -* **Verifier<sup>CHECKSUM-LOG</sup>**: third parties<br> - These parties verify the above claims. Examples include: - * members of relevant consortia - * non-profits and other reputable organizations - * security enthusiasts and researchers - * log operators (cross-ecosystem) - * monitors (cross-ecosystem) - * a small subset of data publishers (cross-ecosystem) -* **Arbiter<sup>CHECKSUM-LOG</sup>**:<br> - There is no official body. The ecosystem at large should stop using an - instance of System<sup>CHECKSUM-LOG</sup> if cryptographic proofs of log - misbehavior are preseneted by some Verifier<sup>CHECKSUM-LOG</sup>. |