Zion Boggan
repos/Oversight/docs/predicates/registration-v1.md
zionboggan.com ↗
Code Commits Tags
73 lines · markdown
History for this file →
1
# Oversight Registration Predicate v1
2
3
**Predicate Type URI:**
4
`https://github.com/oversight-protocol/oversight/blob/v0.5.0/docs/predicates/registration-v1.md`
5
6
**Statement type:** `https://in-toto.io/Statement/v1`
7
**Envelope:** DSSE (`application/vnd.in-toto+json`)
8
**Signature algorithm:** Ed25519 (issuer key from the Oversight manifest)
9
10
## Purpose
11
12
This predicate describes the act of an Oversight issuer registering a sealed
13
file's mark with a public transparency log (Sigstore Rekor v2). The DSSE
14
envelope is uploaded to Rekor; the returned `TransparencyLogEntry` is then
15
embedded in the local evidence bundle.
16
17
The predicate is intentionally minimal on the public log - recipient
18
identifiers and pubkeys are hashed before publication so the log cannot be
19
mined for "who got what."
20
21
## Subject
22
23
A statement carries exactly one subject:
24
25
```json
26
{
27
  "name": "mark:<mark_id_hex>",
28
  "digest": {"sha256": "<plaintext sha256 hex>"}
29
}
30
```
31
32
`mark_id_hex` is the 128-bit watermark identifier in lowercase hex. It is an
33
opaque random value; it is NOT a human-meaningful label and contains no PII.
34
35
`digest.sha256` is the SHA-256 of the plaintext that was sealed. This is the
36
hook auditors use to find matching registrations when investigating a leak:
37
hash the leaked text, query Rekor by digest.
38
39
## Predicate body fields
40
41
| field                       | type        | required | notes                                                      |
42
|-----------------------------|-------------|----------|------------------------------------------------------------|
43
| `predicate_version`         | int         | yes      | Always `1` for this URI.                                   |
44
| `file_id`                   | string UUID | yes      | The Oversight manifest's `file_id`.                        |
45
| `issuer_pubkey_ed25519`     | hex string  | yes      | Verifying key for the DSSE envelope and the manifest.      |
46
| `recipient_id`              | string      | yes      | SHOULD be a hash or UUID. Issuers MUST NOT publish raw PII.|
47
| `recipient_pubkey_sha256`   | hex string  | yes      | `sha256(recipient_x25519_pub_raw_bytes)`. NEVER the raw key.|
48
| `suite`                     | string      | yes      | `OSGT-CLASSIC-v1` / `OSGT-PQ-HYBRID-v1` / `OSGT-HW-P256-v1`.|
49
| `registered_at`             | string      | yes      | ISO 8601 UTC timestamp.                                    |
50
| `policy`                    | object      | yes      | Subset of the manifest policy that bears on attribution.   |
51
| `watermarks`                | object      | yes      | `{L1:bool, L2:bool, L3:bool}` - which layers were embedded.|
52
| `rfc3161_tsa`               | string URL  | optional | TSA endpoint used.                                         |
53
| `rfc3161_token_b64`         | base64      | optional | Raw RFC 3161 TimeStampToken.                               |
54
| `rfc3161_chain_b64`         | base64      | optional | Concatenated PEM cert chain for TSA validation post-expiry.|
55
56
## Privacy contract
57
58
The on-log payload MUST NOT contain:
59
- Raw recipient public keys.
60
- Email addresses, phone numbers, or other directly identifying recipient PII.
61
- File content, even ciphertext.
62
- Watermark mark_ids belonging to other recipients of the same source file
63
  (one statement, one recipient).
64
65
Issuers who need to retain the raw recipient pubkey MUST keep it in the local
66
`.sealed` bundle, not in the DSSE envelope.
67
68
## Versioning
69
70
Backward-incompatible changes to this predicate body produce a new file at a
71
new git tag, e.g. `…/blob/v0.6.0/docs/predicates/registration-v2.md`. The URI
72
itself is the version anchor; never re-edit a published predicate URI's
73
contents.