From 234736fa1db20629058af391e4bf9bf4010ecc26 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Sat, 2 Oct 2021 00:40:25 +0200
Subject: updated claimant model examples

I think the claimant model is most helpful for us to describe the
different use-cases of a sigsum log.  Let's focus on claimant models for
use-cases in this document, not claimant models for logs _as well_.

I kept R-B as an example because it is concrete, and fixed the long-due
updates that GeKo pointed out a while back about, e.g., "right data".
---
 doc/claimant.md | 88 ++++++++++++++++-----------------------------------------
 1 file changed, 24 insertions(+), 64 deletions(-)

(limited to 'doc')

diff --git a/doc/claimant.md b/doc/claimant.md
index 6728fef..cfb6198 100644
--- a/doc/claimant.md
+++ b/doc/claimant.md
@@ -1,71 +1,31 @@
-# Claimant model
-## **System<sup>CHECKSUM</sup>**
-System<sup>CHECKSUM</sup> is about the claims made by a data publisher.
-* **Claim<sup>CHECKSUM</sup>**:
-	_I, data publisher, claim that the data_:
-	1. has cryptographic hash X
-	2. is produced by no-one but myself
-* **Statement<sup>CHECKSUM</sup>**: signed checksum<br>
-* **Claimant<sup>CHECKSUM</sup>**: data publisher<br>
-	The data publisher is a party that wants to publish some data.
-* **Believer<sup>CHECKSUM</sup>**: end-user<br>
-	The end-user is a party that wants to use some published data.
-* **Verifier<sup>CHECKSUM</sup>**: data publisher<br>
-	Only the data publisher can verify the above claims.
-* **Arbiter<sup>CHECKSUM</sup>**:<br>
-    There's no official body.  Invalidated claims would affect reputation.
+# Use-case specific claimant models
+Sigsum logs can be used for a variety of use-cases.  One way to describe your
+use-case is with the
+	[claimant model](https://github.com/google/trillian/blob/master/docs/claimantmodel/CoreModel.md).
+You will realize that verifiers must see the same signed statements as believers.
+Sigsum solves that.
 
-System<sup>CHECKSUM\*</sup> can be defined to make more specific claims.  Below
-is a reproducible builds example.
+XXX: add more examples.
 
-### **System<sup>CHECKSUM-RB</sup>**:
-System<sup>CHECKSUM-RB</sup> is about the claims made by a _software publisher_
-that makes reproducible builds available.
-* **Claim<sup>CHECKSUM-RB</sup>**:
-	_I, software publisher, claim that the data_:
+## **System<sup>RB</sup>**:
+System<sup>RB</sup> is about the claims made by a _software publisher_ that
+makes reproducible builds available.
+* **Claim<sup>RB</sup>**:
+	_I, software publisher, claim that the right opaque data_:
 	1. has cryptographic hash X
-	2. is the output of a reproducible build for which the source can be located
-	using X as an identifier
-* **Statement<sup>CHECKSUM-RB</sup>**: Statement<sup>CHECKSUM</sup>
-* **Claimant<sup>CHECKSUM-RB</sup>**: software publisher<br>
-	The software publisher is a party that wants to publish the output of a
-	reproducible build.
-* **Believer<sup>CHECKSUM-RB</sup>**: end-user<br>
-	The end-user is a party that wants to run an executable binary that built
-	reproducibly.
-* **Verifier<sup>CHECKSUM-RB</sup>**: any interested party<br>
+	2. is the output of a reproducible build for which the source and relevant
+	build-info information can be located in repository Y using X as an identifier
+* **Statement<sup>RB</sup>**: Statement<sup>CHECKSUM</sup><br>
+	The signed statement encodes a cryptographic hash X.
+* **Claimant<sup>RB</sup>**: software publisher<br>
+	The software publisher is a party that wants to publish a reproducible
+	build.
+* **Believer<sup>RB</sup>**: end-user<br>
+	The end-user is a party that wants to run an executable binary if it
+	builds reproducibly.
+* **Verifier<sup>RB</sup>**: any interested party<br>
 	These parties try to verify the above claims.  For example:
 	* the software publisher itself (_"has my identity been compromised?"_)
 	* rebuilders that check for locatability and reproducibility
-* **Arbiter<sup>CHECKSUM-RB</sup>**:<br>
+* **Arbiter<sup>RB</sup>**:<br>
     There's no official body.  Invalidated claims would affect reputation.
-
-## **System<sup>CHECKSUM-LOG</sup>**:
-System<sup>CHECKSUM-LOG</sup> is about the claims made by a _log operator_.
-It adds _discoverability_ into System<sup>CHECKSUM\*</sup>.  Discoverability
-means that Verifier<sup>CHECKSUM\*</sup> can see all
-Statement<sup>CHECKSUM</sup> that Believer<sup>CHECKSUM\*</sup> accept.
-
-* **Claim<sup>CHECKSUM-LOG</sup>**:
-	_I, log operator, make available:_
-	1. a globally consistent append-only log of Statement<sup>CHECKSUM</sup>
-* **Statement<sup>CHECKSUM-LOG</sup>**: signed tree head
-* **Claimant<sup>CHECKSUM-LOG</sup>**: log operator<br>
-   Possible operators might be:
-	* a small subset of data publishers
-	* members of relevant consortia
-* **Believer<sup>CHECKSUM-LOG</sup>**:
-	* Believer<sup>CHECKSUM\*</sup>
-	* Verifier<sup>CHECKSUM\*</sup><br>
-* **Verifier<sup>CHECKSUM-LOG</sup>**: third parties<br>
-	These parties verify the above claims.  Examples include:
-	* members of relevant consortia
-	* non-profits and other reputable organizations
-	* security enthusiasts and researchers
-	* log operators (cross-ecosystem)
-	* monitors (cross-ecosystem)
-	* a small subset of data publishers (cross-ecosystem)
-* **Arbiter<sup>CHECKSUM-LOG</sup>**:<br>
-	There is no official body.  The ecosystem at large should stop using an
-	instance of System<sup>CHECKSUM-LOG</sup> if cryptographic proofs of log
-	misbehavior are preseneted by some Verifier<sup>CHECKSUM-LOG</sup>.
-- 
cgit v1.2.3