Originator Profile Blueprint
This document is non-normative.
Aiming to document the technical specifications of the Originator Profile
These documents on this site describe the technical aspects of Originator Profile. Originator Profile technology does not provide a value judgment of the correctness, falsity, or inaccuracy of any particular piece of content, but aims to provide a cryptographically verifiable means by which anyone can assess its trustworthiness.
:::note[The old technical specification documents have been archived.] Previous specifications:
:::
All of these documents on this site are draft.
Our technical specification documents, previously known as "Originator Profile RFC (OP RFC)", have been renamed to "Originator Profile Blueprint (OPB)". This new title emphasizes our independent management of these documents, from standadization process of IETF or W3C.
Overview of Originator Profile
The OP specification defines a Verifiable Credential (VC) and how it is distributed. Definitions of terms common throughout this specification are provided in the Glossary.
The OP defines the following specifications as common specifications for VC.
- OP VC Data Model: VC-compliant data model defined in OP
- Securing Mechanism: Securing Mechanism of VC as defined in OP
The OP defines the following as organization IDs and uses them in each VC:
- OP ID: OP ID
- DNS URI OP ID: OP ID using a domain name
The following documents define the data models for the three VCs that play a central role in OP:
- Core Profile(CP): CP consists of an organization's OP ID and a VC of its public key.
- Profile Annotation(PA): PA may include proof of the sender's entity identity, information about certificates granted by various certification authorities, and membership certificates from various organizations, each signed by the appropriate entity.
- Content Attestation(CA): CA contains information about the Web Content created and managed by the CP holder, as well as information about the target content and verification methods, and is signed by the CP holder.
In addition to these, the following VCs are defined:
- Web Media Profile(WMP): WMP is a VC that describes the information to be displayed to users when using the OP on the Web (such as the sender's policy statement, contact information, etc.) and is signed by the CP holder.
- Web Site Profile(WSP): WSP is a VC that indicates that the sender owns a website. It is signed by the CP holder.
Profile Annotation(PA), Content Attestation When actually using PA and CA, it is necessary to define specific properties according to the application. The property definitions used in OP-CIP are defined in the following implementer's guide:
- Content Attestation
- Article Data Model: CA data model linked to articles on the Internet.
- Online Ad Data Model: CA data model linked to Online advertising.
- Advertorial: CA data model linked to advertorials on the Internet.
- Profile Annotation
- Certificate Data Model: The Certificate PA Data Model
- Organization Existence Certificate: Data model for organization existence certificate.
- Advertising Certification Certificate: Data model for advertising certification certificate.
- News Media Registration Certificate: Data model for news media registration certificate.
- Municipality Certification Certificate: Data model for municipality certification certificate.
- Certificate Data Model: The Certificate PA Data Model
The following data formats are defined for distributing these VCs together.
- Content Attestation Set(CAS): CAS is the distribution format of CA.
- Originator Profile Set(OPS): OPS is a distribution format for CP, PA, and WMP.
- Site Profile(SP): SP is the distribution format of WSP
- Linking: This is how to link CAS and OPS to HTML pages.
CA has a mechanism to prevent content tampering called Content Integrity Descriptor. The following implementation guide is the specification for it.
- Content Integrity Type Registry: Registry server for Content Integrity Descriptor
- HTML Target: Verifies the integrity of the target DOM element as an HTML string.
- Text Target: Verifies the integrity of the text content of the target DOM element
- Visible Text Target: Verifies the integrity of the rendered text of the target element
- External Resource Target: Verifies the integrity of external resources.
The following documents ensure the security of the entire OP framework.
- Cryptographic algorithm: The cryptographic algorithm recommended by the OP
The JSON-LD context used throughout VC is documented in the following document:
📄️ Originator Profile Blueprint
Summary
📄️ Terminology
Originator Profile Identifier (OP ID)
📄️ Core Profile Data Model
Terminology
📄️ Profile Annotation Data Model
The Profile Annotation Data Model is VC's common data model for expressing information about Core Profile subjects.
📄️ Content Attestation Data Model
The subjects of CA verification were (1) verification based on specific events caused by active confirmation operations by users when a page load is completed, and (2) verification during dynamic loading and rewriting of DOM in real time, but (2) highly real-time timing is not expected as a target of CA verification.
📄️ Web Media Profile Data Model Implementation Guidelines
Terminology
📄️ Website Profile (WSP) Data Model
Terminology
📄️ Certificate Data Model
Terminology
📄️ OP VC Data Model
The OP specification defines several VCs that conform to a common data model based on the VC DM 2.0 Conforming Document, which is specified in this document.
📄️ OP VC Securing Mechanism Implementation Guidelines
This document specifies the values of each claim and property of OP VC in accordance with Securing Verifiable Credentials using JOSE and COSE.
📄️ Originator Profile Set
Summary
📄️ Content Attestation Set
Terminology
📄️ Linking Content Attestation Set and Originator Profile Set to A HTML Document
Summary
📄️ Site Profile
A Site Profile is data used to associate a Website Profile with a specific domain.
📄️ Originator Profile Identifier (OP ID)
The OP ID is an ID given to a Core Profile holder organization. It MUST be a URL.
📄️ DNS URI OP ID
Terminology
📄️ Cryptographic algorithms
At this time, we are considering the cryptographic algorithms that OP will support based on Section 3.2 of Subresource Integrity (https://www.w3.org/TR/SRI/#introduction). However, there are cases where the security of things that were previously considered secure may no longer be certain. We are currently discussing what to refer to and what standards to use to determine the specifications for the cryptographic algorithms that OP will support.
📄️ Contexts, Vocabularies, and Types
Datatypes
🗃️ PA Implementation Guidelines
4 items
🗃️ CA Implementation Guidelines
3 items
🗃️ Content Integrity Descriptor
4 items