From 234736fa1db20629058af391e4bf9bf4010ecc26 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sat, 2 Oct 2021 00:40:25 +0200 Subject: updated claimant model examples I think the claimant model is most helpful for us to describe the different use-cases of a sigsum log. Let's focus on claimant models for use-cases in this document, not claimant models for logs _as well_. I kept R-B as an example because it is concrete, and fixed the long-due updates that GeKo pointed out a while back about, e.g., "right data". --- doc/claimant.md | 88 ++++++++++++++++----------------------------------------- 1 file changed, 24 insertions(+), 64 deletions(-) (limited to 'doc') diff --git a/doc/claimant.md b/doc/claimant.md index 6728fef..cfb6198 100644 --- a/doc/claimant.md +++ b/doc/claimant.md @@ -1,71 +1,31 @@ -# Claimant model -## **SystemCHECKSUM** -SystemCHECKSUM is about the claims made by a data publisher. -* **ClaimCHECKSUM**: - _I, data publisher, claim that the data_: - 1. has cryptographic hash X - 2. is produced by no-one but myself -* **StatementCHECKSUM**: signed checksum
-* **ClaimantCHECKSUM**: data publisher
- The data publisher is a party that wants to publish some data. -* **BelieverCHECKSUM**: end-user
- The end-user is a party that wants to use some published data. -* **VerifierCHECKSUM**: data publisher
- Only the data publisher can verify the above claims. -* **ArbiterCHECKSUM**:
- There's no official body. Invalidated claims would affect reputation. +# Use-case specific claimant models +Sigsum logs can be used for a variety of use-cases. One way to describe your +use-case is with the + [claimant model](https://github.com/google/trillian/blob/master/docs/claimantmodel/CoreModel.md). +You will realize that verifiers must see the same signed statements as believers. +Sigsum solves that. -SystemCHECKSUM\* can be defined to make more specific claims. Below -is a reproducible builds example. +XXX: add more examples. -### **SystemCHECKSUM-RB**: -SystemCHECKSUM-RB is about the claims made by a _software publisher_ -that makes reproducible builds available. -* **ClaimCHECKSUM-RB**: - _I, software publisher, claim that the data_: +## **SystemRB**: +SystemRB is about the claims made by a _software publisher_ that +makes reproducible builds available. +* **ClaimRB**: + _I, software publisher, claim that the right opaque data_: 1. has cryptographic hash X - 2. is the output of a reproducible build for which the source can be located - using X as an identifier -* **StatementCHECKSUM-RB**: StatementCHECKSUM -* **ClaimantCHECKSUM-RB**: software publisher
- The software publisher is a party that wants to publish the output of a - reproducible build. -* **BelieverCHECKSUM-RB**: end-user
- The end-user is a party that wants to run an executable binary that built - reproducibly. -* **VerifierCHECKSUM-RB**: any interested party
+ 2. is the output of a reproducible build for which the source and relevant + build-info information can be located in repository Y using X as an identifier +* **StatementRB**: StatementCHECKSUM
+ The signed statement encodes a cryptographic hash X. +* **ClaimantRB**: software publisher
+ The software publisher is a party that wants to publish a reproducible + build. +* **BelieverRB**: end-user
+ The end-user is a party that wants to run an executable binary if it + builds reproducibly. +* **VerifierRB**: any interested party
These parties try to verify the above claims. For example: * the software publisher itself (_"has my identity been compromised?"_) * rebuilders that check for locatability and reproducibility -* **ArbiterCHECKSUM-RB**:
+* **ArbiterRB**:
There's no official body. Invalidated claims would affect reputation. - -## **SystemCHECKSUM-LOG**: -SystemCHECKSUM-LOG is about the claims made by a _log operator_. -It adds _discoverability_ into SystemCHECKSUM\*. Discoverability -means that VerifierCHECKSUM\* can see all -StatementCHECKSUM that BelieverCHECKSUM\* accept. - -* **ClaimCHECKSUM-LOG**: - _I, log operator, make available:_ - 1. a globally consistent append-only log of StatementCHECKSUM -* **StatementCHECKSUM-LOG**: signed tree head -* **ClaimantCHECKSUM-LOG**: log operator
- Possible operators might be: - * a small subset of data publishers - * members of relevant consortia -* **BelieverCHECKSUM-LOG**: - * BelieverCHECKSUM\* - * VerifierCHECKSUM\*
-* **VerifierCHECKSUM-LOG**: third parties
- These parties verify the above claims. Examples include: - * members of relevant consortia - * non-profits and other reputable organizations - * security enthusiasts and researchers - * log operators (cross-ecosystem) - * monitors (cross-ecosystem) - * a small subset of data publishers (cross-ecosystem) -* **ArbiterCHECKSUM-LOG**:
- There is no official body. The ecosystem at large should stop using an - instance of SystemCHECKSUM-LOG if cryptographic proofs of log - misbehavior are preseneted by some VerifierCHECKSUM-LOG. -- cgit v1.2.3