Actor Ontology

Evidence is only as clear as the identities behind it.

OpenCompliance now makes the actor model explicit across evidence claims, signed manifests, and witness receipts. That means system exports, human owners, delegated approvers, verifier services, and independent witnesses are no longer flattened into one generic “signed by someone” bucket.

Trust-policy registry Evidence schema Repository map

Current actor kinds

System

Scoped exporters and connectors

Machine evidence still starts with deterministic source exports. These claims now reference the explicit `oc.trust.system-export` policy instead of relying on an implicit “it came from a bot” assumption.

Open claim envelope

Human

Direct owner attestations

Some claims should still be direct owner statements. Training completion and restore-test attestations stay in this lane, with signer role and signed time carried explicitly.

Open owner-attestation examples

Delegated Approver

Authority with visible delegation

Operational governance claims often come from delegated approvers rather than from a single top owner. These claims now carry `delegatedBy`, `delegationScope`, signer role, and a trust policy that says delegation is required.

Open delegated example

Verifier Service

Release and verification signer

Public signed-artifact manifests now carry a verifier-service identity and trust-policy reference so release signing is not described as a generic key-holder action.

Open verifier release

Independent Witness

Replay witness, not just another receipt

Witness receipts now carry a dedicated witness identity and trust-policy reference. That keeps rerun verification separate from the verifier service that produced the original bundle.

Open witness model

Trust-policy registry

Machine-readable

The trust-policy registry lives in the public specs repo and records the actor kinds, signer kinds, required signer roles, and whether delegation is mandatory for a given surface.

Open registry JSON Open registry schema

Current policies

`oc.trust.system-export`: deterministic connector/exporter claims.
`oc.trust.human-owner-attestation`: direct owner statements like training and restore tests.
`oc.trust.delegated-security-approver`: access review, change governance, exceptions, incidents, and monitoring review.
`oc.trust.delegated-privacy-approver`: privacy and vendor-governance attestations.
`oc.trust.delegated-ai-governance-approver`: documentary AI governance approvals.
`oc.trust.verifier-service`: signed release and verifier bundle artifacts.
`oc.trust.independent-witness`: exact-match replay witness receipts.

Open policy list

Where this shows up now

Evidence claims

Typed claim envelope

The public evidence-claim schema now carries `trustPolicyRef`, actor role, signer role, signed time, and delegation metadata where required.

Open envelope schema

Schema examples

System and delegated examples

The public schema examples now show both the simple system-export case and a delegated-approver attestation case instead of only one flattened example.

Open schema examples

Verifier release

Signer identity is explicit

The signed release manifest now carries a verifier-service identity and trust-policy reference.

Open release docs

Witness reruns

Witness identity is explicit

Witness receipts now carry an independent-witness identity instead of leaving the replay witness implied.

Open ExampleCo showcase

Current boundary

This is still not live identity verification. The current public corridor uses synthetic identities and roles so the artifact shapes can be inspected and replayed without leaking private organisations or credentials.

Open synthetic showcase

Why it matters

The distinction between owner, delegated approver, verifier, and witness is what prevents every artifact from looking equally authoritative when they are not. That is one of the core differences between a proof-carrying compliance layer and a polished checklist UI.

Open proof-layer essay