diff --git a/docs/claimantmodel/README.md b/docs/claimantmodel/README.md
new file mode 100644
index 0000000..8d3dacb
--- /dev/null
+++ b/docs/claimantmodel/README.md
@@ -0,0 +1,113 @@
+# Sigstore Claimant Model
+
+Sigstore's claimant model includes a set of claims produced by Rekor and Fulcio logs. See [Claimant Model](https://github.com/google/trillian/blob/master/docs/claimantmodel/CoreModel.md) for more information and terminology.
+
+Sequence diagrams generated with [Claimant Model Render Tool](https://github.com/google/trillian/tree/master/docs/claimantmodel/experimental/cmd/render). This tool is a work in progress, so there may be some errors in the generated models.
+
+Each claim is in `model.md` in each folder. `full.md` contains the claim made in both the domains of Rekor or Fulcio and the log. The sequence diagram shows the interactions between all Actors.
+
+All claims are also provided in this readme.
+
+## Fulcio: Identity-based signing
+
+
+- ClaimFulcio
+- ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+- StatementFulcio
+- X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio
+- ClaimantFulcio
+- Fulcio
+- BelieverFulcio
+- Software Installer
+- VerifierFulcio
+- ${OIDCIDOwner}: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}. ${OIDCIDOwner} must actively look for Claims made on their behalf that they didn't knowingly authorize.
+- ArbiterFulcio
+- Community
+
+
+## Rekor: Identity-based signature
+
+
+- ClaimRekor
+- ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+- StatementRekor
+- ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}
+- ClaimantRekor
+- ${OIDCIDOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${OIDCIDOwner}: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}. ${OIDCIDOwner} must actively look for Claims made on their behalf that they didn't knowingly authorize.
+- ArbiterRekor
+- Community, identity-artifact mapping
+
+
+## Rekor: Key-based signature
+
+
+- ClaimRekor
+- ${Key} signs ${Hash}, verifiable with ${PubKey}
+- StatementRekor
+- ${Hash}, public key ${PubKey}, and signature over ${Hash}
+- ClaimantRekor
+- ${KeyOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${KeyOwner}: ${Key} signs ${Hash}, verifiable with ${PubKey}. ${KeyOwner} must actively look for Claims made on their behalf that they didn't knowingly authorize.
+- ArbiterRekor
+- Community, key-artifact mapping
+
+
+## Rekor: Provenance
+
+
+- ClaimRekor
+- ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
+- StatementRekor
+- ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}
+- ClaimantRekor
+- ${OIDCIDOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${OIDCIDOwner}/Artifact Builder: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}. ${OIDCIDOwner} or Artifact Builder must actively look for Claims made on their behalf that they didn't knowingly authorize.
+- ArbiterRekor
+- Community, identity-artifact mapping
+
+
+## Rekor: Timestamping
+
+Note that this claim is a work in progress, as uploading signed timestamps is not yet supported in Rekor. See the [timestamping readme](rekor/timestamping/README.md) for more information.
+
+
+- ClaimRekor
+- ClaimRekorIdentity occurs at ${Timestamp}
+- StatementRekor
+- Signed ${Timestamp} over StatementRekorIdentity
+- ClaimantRekor
+- ${TSA}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- None: ClaimRekorIdentity occurs at ${Timestamp}
+- ArbiterRekor
+- Community
+
+
+## Timestamp Authority
+
+
+- ClaimTSA
+- ${TimestampAuthority} claims a monotonically increasing ${Time}
+- StatementTSA
+- Signed timestamp containing ${Time}
+- ClaimantTSA
+- ${TimestampAuthority}
+- BelieverTSA
+- Software Installer, entity consuming short-lived code-signing certificate
+- VerifierTSA
+- ${TimestampMonotonicVerifier}: ${TimestampAuthority} claims a monotonically increasing ${Time}
+- ArbiterTSA
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/fulcio/identity/full.md b/docs/claimantmodel/fulcio/identity/full.md
new file mode 100644
index 0000000..0ea15e2
--- /dev/null
+++ b/docs/claimantmodel/fulcio/identity/full.md
@@ -0,0 +1,31 @@
+
+
+- ClaimFulcio
+- ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+- StatementFulcio
+- X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio
+- ClaimantFulcio
+- Fulcio
+- BelieverFulcio
+- Software Installer
+- VerifierFulcio
+- ${OIDCIDOwner}: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+- ArbiterFulcio
+- Community
+
+
+- ClaimLOG_Fulcio
+- This data structure is append-only from any previous version
- This data structure is globally consistent
- This data structure contains only leaves of type `X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio`
+- StatementLOG_Fulcio
+- Log Checkpoint
+- ClaimantLOG_Fulcio
+- Log Operator
+- BelieverLOG_Fulcio
+- Software Installer
- ${OIDCIDOwner}
+- VerifierLOG_Fulcio
+- Witness: This data structure is append-only from any previous version
- Witness Quorum: This data structure is globally consistent
- ${OIDCIDOwner}: This data structure contains only leaves of type `X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio`
+- ArbiterLOG_Fulcio
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/fulcio/identity/full.yaml b/docs/claimantmodel/fulcio/identity/full.yaml
new file mode 100644
index 0000000..49ad4ea
--- /dev/null
+++ b/docs/claimantmodel/fulcio/identity/full.yaml
@@ -0,0 +1,26 @@
+Domain:
+ System: Fulcio
+ Claimant: Fulcio
+ Statement: X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by
+ Fulcio
+ Believer: Software Installer
+ Claim:
+ Claim: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+ Verifier: ${OIDCIDOwner}
+ Arbiter: Community
+Log:
+ System: LOG_Fulcio
+ Claimant: Log Operator
+ Statement: Log Checkpoint
+ Believers:
+ - Software Installer
+ - ${OIDCIDOwner}
+ Claims:
+ - Claim: This data structure is append-only from any previous version
+ Verifier: Witness
+ - Claim: This data structure is globally consistent
+ Verifier: Witness Quorum
+ - Claim: This data structure contains only leaves of type `X.509 certificate containing
+ ${PubKey} and ${OIDCIdentity}, signed by Fulcio`
+ Verifier: ${OIDCIDOwner}
+ Arbiter: Community
\ No newline at end of file
diff --git a/docs/claimantmodel/fulcio/identity/logsequence.md b/docs/claimantmodel/fulcio/identity/logsequence.md
new file mode 100644
index 0000000..2b4aa3b
--- /dev/null
+++ b/docs/claimantmodel/fulcio/identity/logsequence.md
@@ -0,0 +1,25 @@
+
+```mermaid
+sequenceDiagram
+ actor Fulcio
+ actor ${OIDCIDOwner}
+ actor Log Operator
+ actor Software Installer
+ actor Witness
+ actor Witness Quorum
+ Fulcio->>Log Operator: Add new X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio
+ Log Operator->>Log Operator: Integrate X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcios and issue Log Checkpoint
+ Log Operator->>Fulcio: Log Checkpoint and inclusion proof
+ Fulcio->>Software Installer: X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio with proof bundle
+ Software Installer->>Software Installer: Verify bundle and install software
+ loop Periodic append-only Verification
+ Witness->>Log Operator: Fetch merkle data
+ Witness->>Witness: Verify append-only
+ end
+ loop Periodic X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio Verification
+ ${OIDCIDOwner}->>Log Operator: Get all entries
+ ${OIDCIDOwner}->>${OIDCIDOwner}: Verify: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+ end
+```
\ No newline at end of file
diff --git a/docs/claimantmodel/fulcio/identity/model.md b/docs/claimantmodel/fulcio/identity/model.md
new file mode 100644
index 0000000..83cb597
--- /dev/null
+++ b/docs/claimantmodel/fulcio/identity/model.md
@@ -0,0 +1,17 @@
+
+
+- ClaimFulcio
+- ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+- StatementFulcio
+- X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio
+- ClaimantFulcio
+- Fulcio
+- BelieverFulcio
+- Software Installer
+- VerifierFulcio
+- ${OIDCIDOwner}: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
+- ArbiterFulcio
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/fulcio/identity/model.yaml b/docs/claimantmodel/fulcio/identity/model.yaml
new file mode 100644
index 0000000..30b36db
--- /dev/null
+++ b/docs/claimantmodel/fulcio/identity/model.yaml
@@ -0,0 +1,8 @@
+System: "Fulcio"
+Claim:
+ Claim: "${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}"
+ Verifier: "${OIDCIDOwner}"
+Statement: "X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio"
+Claimant: "Fulcio"
+Believer: "Software Installer"
+Arbiter: "Community"
diff --git a/docs/claimantmodel/rekor/identity/full.md b/docs/claimantmodel/rekor/identity/full.md
new file mode 100644
index 0000000..268de42
--- /dev/null
+++ b/docs/claimantmodel/rekor/identity/full.md
@@ -0,0 +1,31 @@
+
+
+- ClaimRekor
+- ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+- StatementRekor
+- ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}
+- ClaimantRekor
+- ${OIDCIDOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${OIDCIDOwner}: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+- ArbiterRekor
+- Community, identity-artifact mapping
+
+
+- ClaimLOG_Rekor
+- This data structure is append-only from any previous version
- This data structure is globally consistent
- This data structure contains only leaves of type `${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}`
+- StatementLOG_Rekor
+- Log Checkpoint
+- ClaimantLOG_Rekor
+- Log Operator
+- BelieverLOG_Rekor
+- Software Installer
- ${OIDCIDOwner}
+- VerifierLOG_Rekor
+- Witness: This data structure is append-only from any previous version
- Witness Quorum: This data structure is globally consistent
- ${OIDCIDOwner}: This data structure contains only leaves of type `${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}`
+- ArbiterLOG_Rekor
+- Community, identity-artifact mapping
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/identity/full.yaml b/docs/claimantmodel/rekor/identity/full.yaml
new file mode 100644
index 0000000..2bf2427
--- /dev/null
+++ b/docs/claimantmodel/rekor/identity/full.yaml
@@ -0,0 +1,26 @@
+Domain:
+ System: Rekor
+ Claimant: ${OIDCIDOwner}
+ Statement: ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity},
+ and signature over ${Hash}
+ Believer: Software Installer
+ Claim:
+ Claim: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+ Verifier: ${OIDCIDOwner}
+ Arbiter: Community, identity-artifact mapping
+Log:
+ System: LOG_Rekor
+ Claimant: Log Operator
+ Statement: Log Checkpoint
+ Believers:
+ - Software Installer
+ - ${OIDCIDOwner}
+ Claims:
+ - Claim: This data structure is append-only from any previous version
+ Verifier: Witness
+ - Claim: This data structure is globally consistent
+ Verifier: Witness Quorum
+ - Claim: This data structure contains only leaves of type `${Hash}, X.509 certificate
+ ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}`
+ Verifier: ${OIDCIDOwner}
+ Arbiter: 'Community, identity-artifact mapping'
diff --git a/docs/claimantmodel/rekor/identity/logsequence.md b/docs/claimantmodel/rekor/identity/logsequence.md
new file mode 100644
index 0000000..6dc0d66
--- /dev/null
+++ b/docs/claimantmodel/rekor/identity/logsequence.md
@@ -0,0 +1,24 @@
+
+```mermaid
+sequenceDiagram
+ actor ${OIDCIDOwner}
+ actor Log Operator
+ actor Software Installer
+ actor Witness
+ actor Witness Quorum
+ ${OIDCIDOwner}->>Log Operator: Add new ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}
+ Log Operator->>Log Operator: Integrate ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}s and issue Log Checkpoint
+ Log Operator->>${OIDCIDOwner}: Log Checkpoint and inclusion proof
+ ${OIDCIDOwner}->>Software Installer: ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash} with proof bundle
+ Software Installer->>Software Installer: Verify bundle and install software
+ loop Periodic append-only Verification
+ Witness->>Log Operator: Fetch merkle data
+ Witness->>Witness: Verify append-only
+ end
+ loop Periodic ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash} Verification
+ ${OIDCIDOwner}->>Log Operator: Get all entries
+ ${OIDCIDOwner}->>${OIDCIDOwner}: Verify: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+ end
+```
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/identity/model.md b/docs/claimantmodel/rekor/identity/model.md
new file mode 100644
index 0000000..e44454e
--- /dev/null
+++ b/docs/claimantmodel/rekor/identity/model.md
@@ -0,0 +1,17 @@
+
+
+- ClaimRekor
+- ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+- StatementRekor
+- ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}
+- ClaimantRekor
+- ${OIDCIDOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${OIDCIDOwner}: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
+- ArbiterRekor
+- Community, identity-artifact mapping
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/identity/model.yaml b/docs/claimantmodel/rekor/identity/model.yaml
new file mode 100644
index 0000000..c81b06c
--- /dev/null
+++ b/docs/claimantmodel/rekor/identity/model.yaml
@@ -0,0 +1,8 @@
+System: "Rekor"
+Claim:
+ Claim: "${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}"
+ Verifier: "${OIDCIDOwner}"
+Statement: "${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}"
+Claimant: "${OIDCIDOwner}"
+Believer: "Software Installer"
+Arbiter: "Community, identity-artifact mapping"
diff --git a/docs/claimantmodel/rekor/key/full.md b/docs/claimantmodel/rekor/key/full.md
new file mode 100644
index 0000000..604fe42
--- /dev/null
+++ b/docs/claimantmodel/rekor/key/full.md
@@ -0,0 +1,31 @@
+
+
+- ClaimRekor
+- ${Key} signs ${Hash}, verifiable with ${PubKey}
+- StatementRekor
+- ${Hash}, public key ${PubKey}, and signature over ${Hash}
+- ClaimantRekor
+- ${KeyOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${KeyOwner}: ${Key} signs ${Hash}, verifiable with ${PubKey}
+- ArbiterRekor
+- Community, key-artifact mapping
+
+
+- ClaimLOG_Rekor
+- This data structure is append-only from any previous version
- This data structure is globally consistent
- This data structure contains only leaves of type `${Hash}, public key ${PubKey}, and signature over ${Hash}`
+- StatementLOG_Rekor
+- Log Checkpoint
+- ClaimantLOG_Rekor
+- Log Operator
+- BelieverLOG_Rekor
+- Software Installer
- ${KeyOwner}
+- VerifierLOG_Rekor
+- Witness: This data structure is append-only from any previous version
- Witness Quorum: This data structure is globally consistent
- ${KeyOwner}: This data structure contains only leaves of type `${Hash}, public key ${PubKey}, and signature over ${Hash}`
+- ArbiterLOG_Rekor
+- Community, key-artifact mapping
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/key/full.yaml b/docs/claimantmodel/rekor/key/full.yaml
new file mode 100644
index 0000000..4c1555f
--- /dev/null
+++ b/docs/claimantmodel/rekor/key/full.yaml
@@ -0,0 +1,25 @@
+Domain:
+ System: Rekor
+ Claimant: ${KeyOwner}
+ Statement: ${Hash}, public key ${PubKey}, and signature over ${Hash}
+ Believer: Software Installer
+ Claim:
+ Claim: '${Key} signs ${Hash}, verifiable with ${PubKey}'
+ Verifier: ${KeyOwner}
+ Arbiter: Community, key-artifact mapping
+Log:
+ System: LOG_Rekor
+ Claimant: Log Operator
+ Statement: Log Checkpoint
+ Believers:
+ - Software Installer
+ - ${KeyOwner}
+ Claims:
+ - Claim: This data structure is append-only from any previous version
+ Verifier: Witness
+ - Claim: This data structure is globally consistent
+ Verifier: Witness Quorum
+ - Claim: This data structure contains only leaves of type `${Hash}, public key ${PubKey},
+ and signature over ${Hash}`
+ Verifier: ${KeyOwner}
+ Arbiter: 'Community, key-artifact mapping'
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/key/logsequence.md b/docs/claimantmodel/rekor/key/logsequence.md
new file mode 100644
index 0000000..a92d9b9
--- /dev/null
+++ b/docs/claimantmodel/rekor/key/logsequence.md
@@ -0,0 +1,24 @@
+
+```mermaid
+sequenceDiagram
+ actor ${KeyOwner}
+ actor Log Operator
+ actor Software Installer
+ actor Witness
+ actor Witness Quorum
+ ${KeyOwner}->>Log Operator: Add new ${Hash}, public key ${PubKey}, and signature over ${Hash}
+ Log Operator->>Log Operator: Integrate ${Hash}, public key ${PubKey}, and signature over ${Hash}s and issue Log Checkpoint
+ Log Operator->>${KeyOwner}: Log Checkpoint and inclusion proof
+ ${KeyOwner}->>Software Installer: ${Hash}, public key ${PubKey}, and signature over ${Hash} with proof bundle
+ Software Installer->>Software Installer: Verify bundle and install software
+ loop Periodic append-only Verification
+ Witness->>Log Operator: Fetch merkle data
+ Witness->>Witness: Verify append-only
+ end
+ loop Periodic ${Hash}, public key ${PubKey}, and signature over ${Hash} Verification
+ ${KeyOwner}->>Log Operator: Get all entries
+ ${KeyOwner}->>${KeyOwner}: Verify: ${Key} signs ${Hash}, verifiable with ${PubKey}
+ end
+```
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/key/model.md b/docs/claimantmodel/rekor/key/model.md
new file mode 100644
index 0000000..50c07c2
--- /dev/null
+++ b/docs/claimantmodel/rekor/key/model.md
@@ -0,0 +1,17 @@
+
+
+- ClaimRekor
+- ${Key} signs ${Hash}, verifiable with ${PubKey}
+- StatementRekor
+- ${Hash}, public key ${PubKey}, and signature over ${Hash}
+- ClaimantRekor
+- ${KeyOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${KeyOwner}: ${Key} signs ${Hash}, verifiable with ${PubKey}
+- ArbiterRekor
+- Community, key-artifact mapping
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/key/model.yaml b/docs/claimantmodel/rekor/key/model.yaml
new file mode 100644
index 0000000..d8aa1f2
--- /dev/null
+++ b/docs/claimantmodel/rekor/key/model.yaml
@@ -0,0 +1,8 @@
+System: "Rekor"
+Claim:
+ Claim: "${Key} signs ${Hash}, verifiable with ${PubKey}"
+ Verifier: "${KeyOwner}"
+Statement: "${Hash}, public key ${PubKey}, and signature over ${Hash}"
+Claimant: "${KeyOwner}"
+Believer: "Software Installer"
+Arbiter: "Community, key-artifact mapping"
diff --git a/docs/claimantmodel/rekor/provenance/full.md b/docs/claimantmodel/rekor/provenance/full.md
new file mode 100644
index 0000000..648601e
--- /dev/null
+++ b/docs/claimantmodel/rekor/provenance/full.md
@@ -0,0 +1,31 @@
+
+
+- ClaimRekor
+- ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
+- StatementRekor
+- ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}
+- ClaimantRekor
+- ${OIDCIDOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${OIDCIDOwner}/Artifact Builder: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
+- ArbiterRekor
+- Community, identity-artifact mapping
+
+
+- ClaimLOG_Rekor
+- This data structure is append-only from any previous version
- This data structure is globally consistent
- This data structure contains only leaves of type `${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}`
+- StatementLOG_Rekor
+- Log Checkpoint
+- ClaimantLOG_Rekor
+- Log Operator
+- BelieverLOG_Rekor
+- Software Installer
- ${OIDCIDOwner}/Artifact Builder
+- VerifierLOG_Rekor
+- Witness: This data structure is append-only from any previous version
- Witness Quorum: This data structure is globally consistent
- ${OIDCIDOwner}/Artifact Builder: This data structure contains only leaves of type `${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}`
+- ArbiterLOG_Rekor
+- Community, identity-artifact mapping
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/provenance/full.yaml b/docs/claimantmodel/rekor/provenance/full.yaml
new file mode 100644
index 0000000..100349c
--- /dev/null
+++ b/docs/claimantmodel/rekor/provenance/full.yaml
@@ -0,0 +1,28 @@
+Domain:
+ System: Rekor
+ Claimant: ${OIDCIDOwner}
+ Statement: ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing
+ ${OIDCIdentity}, signature over ${Subject}
+ Believer: Software Installer
+ Claim:
+ Claim: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key
+ bound by ${Certificate}
+ Verifier: ${OIDCIDOwner}/Artifact Builder
+ Arbiter: Community, identity-artifact mapping
+Log:
+ System: LOG_Rekor
+ Claimant: Log Operator
+ Statement: Log Checkpoint
+ Believers:
+ - Software Installer
+ - ${OIDCIDOwner}/Artifact Builder
+ Claims:
+ - Claim: This data structure is append-only from any previous version
+ Verifier: Witness
+ - Claim: This data structure is globally consistent
+ Verifier: Witness Quorum
+ - Claim: This data structure contains only leaves of type `${Provenance} with ${Hash},
+ X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over
+ ${Subject}`
+ Verifier: ${OIDCIDOwner}/Artifact Builder
+ Arbiter: 'Community, identity-artifact mapping'
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/provenance/logsequence.md b/docs/claimantmodel/rekor/provenance/logsequence.md
new file mode 100644
index 0000000..c5a5eaa
--- /dev/null
+++ b/docs/claimantmodel/rekor/provenance/logsequence.md
@@ -0,0 +1,25 @@
+
+```mermaid
+sequenceDiagram
+ actor ${OIDCIDOwner}
+ actor ${OIDCIDOwner}/Artifact Builder
+ actor Log Operator
+ actor Software Installer
+ actor Witness
+ actor Witness Quorum
+ ${OIDCIDOwner}->>Log Operator: Add new ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}
+ Log Operator->>Log Operator: Integrate ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}s and issue Log Checkpoint
+ Log Operator->>${OIDCIDOwner}: Log Checkpoint and inclusion proof
+ ${OIDCIDOwner}->>Software Installer: ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject} with proof bundle
+ Software Installer->>Software Installer: Verify bundle and install software
+ loop Periodic append-only Verification
+ Witness->>Log Operator: Fetch merkle data
+ Witness->>Witness: Verify append-only
+ end
+ loop Periodic ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject} Verification
+ ${OIDCIDOwner}/Artifact Builder->>Log Operator: Get all entries
+ ${OIDCIDOwner}/Artifact Builder->>${OIDCIDOwner}/Artifact Builder: Verify: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
+ end
+```
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/provenance/model.md b/docs/claimantmodel/rekor/provenance/model.md
new file mode 100644
index 0000000..d410b97
--- /dev/null
+++ b/docs/claimantmodel/rekor/provenance/model.md
@@ -0,0 +1,17 @@
+
+
+- ClaimRekor
+- ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
+- StatementRekor
+- ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}
+- ClaimantRekor
+- ${OIDCIDOwner}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- ${OIDCIDOwner}/Artifact Builder: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
+- ArbiterRekor
+- Community, identity-artifact mapping
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/provenance/model.yaml b/docs/claimantmodel/rekor/provenance/model.yaml
new file mode 100644
index 0000000..8825bac
--- /dev/null
+++ b/docs/claimantmodel/rekor/provenance/model.yaml
@@ -0,0 +1,8 @@
+System: "Rekor"
+Claim:
+ Claim: "${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}"
+ Verifier: "${OIDCIDOwner}/Artifact Builder"
+Statement: "${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}"
+Claimant: "${OIDCIDOwner}"
+Believer: "Software Installer"
+Arbiter: "Community, identity-artifact mapping"
diff --git a/docs/claimantmodel/rekor/timestamping/README.md b/docs/claimantmodel/rekor/timestamping/README.md
new file mode 100644
index 0000000..f528de7
--- /dev/null
+++ b/docs/claimantmodel/rekor/timestamping/README.md
@@ -0,0 +1,10 @@
+# Claim for timestamping in Rekor
+
+The claim for timestamping in Rekor is a work in progress, as uploading signed timestamps is not yet supported in Rekor.
+
+This claim has some unexpected properties:
+
+* The claim and statement reference the claim for identity-based signatures. The claim can be expanded to
+`${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}, valid with respect to ${Timestamp} whose signature is over ${Signature}`, and the statement `${Hash}, X.509 certificate containing ${OIDCIdentity}, signed ${Timestamp}, and ${Signature} over ${Hash}`.
+* There is no Verifier, because no entity can verify the veracity of a timestamping claim. Anyone can generate a timestamp with a signing event. Note that there could be a Verifier for the Claimant Model for a Timestamp Authority, but that is out of scope for this claim.
+* The generated flow chart may not make sense because of the lack of a Verifier.
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/timestamping/full.md b/docs/claimantmodel/rekor/timestamping/full.md
new file mode 100644
index 0000000..41cabb7
--- /dev/null
+++ b/docs/claimantmodel/rekor/timestamping/full.md
@@ -0,0 +1,31 @@
+
+
+- ClaimRekor
+- ClaimRekorIdentity occurs at ${Timestamp}
+- StatementRekor
+- Signed ${Timestamp} over StatementRekorIdentity
+- ClaimantRekor
+- ${TSA}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- None
+- ArbiterRekor
+- Community
+
+
+- ClaimLOG_Rekor
+- This data structure is append-only from any previous version
- This data structure is globally consistent
- This data structure contains only leaves of type `Signed ${Timestamp} over StatementRekorIdentity`
+- StatementLOG_Rekor
+- Log Checkpoint
+- ClaimantLOG_Rekor
+- Log Operator
+- BelieverLOG_Rekor
+
+- VerifierLOG_Rekor
+- Witness: This data structure is append-only from any previous version
- Witness Quorum: This data structure is globally consistent
+- ArbiterLOG_Rekor
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/timestamping/full.yaml b/docs/claimantmodel/rekor/timestamping/full.yaml
new file mode 100644
index 0000000..b48a25e
--- /dev/null
+++ b/docs/claimantmodel/rekor/timestamping/full.yaml
@@ -0,0 +1,25 @@
+Domain:
+ System: Rekor
+ Claimant: ${TSA}
+ Statement: Signed ${Timestamp} over StatementRekorIdentity
+ Believer: Software Installer
+ Claim:
+ Claim: ClaimRekorIdentity occurs at ${Timestamp}
+ Verifier: None
+ Arbiter: Community
+Log:
+ System: LOG_Rekor
+ Claimant: Log Operator
+ Statement: Log Checkpoint
+ Believers:
+ - Software Installer
+ - None
+ Claims:
+ - Claim: This data structure is append-only from any previous version
+ Verifier: Witness
+ - Claim: This data structure is globally consistent
+ Verifier: Witness Quorum
+ - Claim: This data structure contains only leaves of type `Signed ${Timestamp} over
+ StatementRekorIdentity`
+ Verifier: None
+ Arbiter: Community
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/timestamping/logsequence.md b/docs/claimantmodel/rekor/timestamping/logsequence.md
new file mode 100644
index 0000000..4d30dea
--- /dev/null
+++ b/docs/claimantmodel/rekor/timestamping/logsequence.md
@@ -0,0 +1,20 @@
+
+```mermaid
+sequenceDiagram
+ actor ${TSA}
+ actor Log Operator
+ actor Software Installer
+ actor Witness
+ actor Witness Quorum
+ ${TSA}->>Log Operator: Add new Signed ${Timestamp} over StatementRekorIdentity
+ Log Operator->>Log Operator: Integrate Signed ${Timestamp} over StatementRekorIdentitys and issue Log Checkpoint
+ Log Operator->>${TSA}: Log Checkpoint and inclusion proof
+ ${TSA}->>Software Installer: Signed ${Timestamp} over StatementRekorIdentity with proof bundle
+ Software Installer->>Software Installer: Verify bundle and install software
+ loop Periodic append-only Verification
+ Witness->>Log Operator: Fetch merkle data
+ Witness->>Witness: Verify append-only
+ end
+```
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/timestamping/model.md b/docs/claimantmodel/rekor/timestamping/model.md
new file mode 100644
index 0000000..a7d2623
--- /dev/null
+++ b/docs/claimantmodel/rekor/timestamping/model.md
@@ -0,0 +1,17 @@
+
+
+- ClaimRekor
+- ClaimRekorIdentity occurs at ${Timestamp}
+- StatementRekor
+- Signed ${Timestamp} over StatementRekorIdentity
+- ClaimantRekor
+- ${TSA}
+- BelieverRekor
+- Software Installer
+- VerifierRekor
+- None
+- ArbiterRekor
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/rekor/timestamping/model.yaml b/docs/claimantmodel/rekor/timestamping/model.yaml
new file mode 100644
index 0000000..f2acb9d
--- /dev/null
+++ b/docs/claimantmodel/rekor/timestamping/model.yaml
@@ -0,0 +1,8 @@
+System: "Rekor"
+Claim:
+ Claim: "ClaimRekorIdentity occurs at ${Timestamp}"
+ Verifier: "None"
+Statement: "Signed ${Timestamp} over StatementRekorIdentity"
+Claimant: "${TSA}"
+Believer: "Software Installer"
+Arbiter: "Community"
diff --git a/docs/claimantmodel/tsa/full.md b/docs/claimantmodel/tsa/full.md
new file mode 100644
index 0000000..b044888
--- /dev/null
+++ b/docs/claimantmodel/tsa/full.md
@@ -0,0 +1,31 @@
+
+
+- ClaimTSA
+- ${TimestampAuthority} claims a monotonically increasing ${Time}
+- StatementTSA
+- Signed timestamp containing ${Time}
+- ClaimantTSA
+- ${TimestampAuthority}
+- BelieverTSA
+- Software Installer, entity consuming short-lived code-signing certificate
+- VerifierTSA
+- ${TimestampMonotonicVerifier}: ${TimestampAuthority} claims a monotonically increasing ${Time}
+- ArbiterTSA
+- Community
+
+
+- ClaimLOG_TSA
+- This data structure is append-only from any previous version
- This data structure is globally consistent
- This data structure contains only leaves of type `Signed timestamp containing ${Time}`
+- StatementLOG_TSA
+- Log Checkpoint
+- ClaimantLOG_TSA
+- Log Operator
+- BelieverLOG_TSA
+- Software Installer, entity consuming short-lived code-signing certificate
- ${TimestampMonotonicVerifier}
+- VerifierLOG_TSA
+- Witness: This data structure is append-only from any previous version
- Witness Quorum: This data structure is globally consistent
- ${TimestampMonotonicVerifier}: This data structure contains only leaves of type `Signed timestamp containing ${Time}`
+- ArbiterLOG_TSA
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/tsa/full.yaml b/docs/claimantmodel/tsa/full.yaml
new file mode 100644
index 0000000..ce40b98
--- /dev/null
+++ b/docs/claimantmodel/tsa/full.yaml
@@ -0,0 +1,25 @@
+Domain:
+ System: TSA
+ Claimant: ${TimestampAuthority}
+ Statement: Signed timestamp containing ${Time}
+ Believer: Software Installer, entity consuming short-lived code-signing certificate
+ Claim:
+ Claim: ${TimestampAuthority} claims a monotonically increasing ${Time}
+ Verifier: ${TimestampMonotonicVerifier}
+ Arbiter: Community
+Log:
+ System: LOG_TSA
+ Claimant: Log Operator
+ Statement: Log Checkpoint
+ Believers:
+ - Software Installer, entity consuming short-lived code-signing certificate
+ - ${TimestampMonotonicVerifier}
+ Claims:
+ - Claim: This data structure is append-only from any previous version
+ Verifier: Witness
+ - Claim: This data structure is globally consistent
+ Verifier: Witness Quorum
+ - Claim: This data structure contains only leaves of type `Signed timestamp containing
+ ${Time}`
+ Verifier: ${TimestampMonotonicVerifier}
+ Arbiter: Community
\ No newline at end of file
diff --git a/docs/claimantmodel/tsa/logsequence.md b/docs/claimantmodel/tsa/logsequence.md
new file mode 100644
index 0000000..d062bad
--- /dev/null
+++ b/docs/claimantmodel/tsa/logsequence.md
@@ -0,0 +1,25 @@
+
+```mermaid
+sequenceDiagram
+ actor ${TimestampAuthority}
+ actor ${TimestampMonotonicVerifier}
+ actor Log Operator
+ actor Software Installer, entity consuming short-lived code-signing certificate
+ actor Witness
+ actor Witness Quorum
+ ${TimestampAuthority}->>Log Operator: Add new Signed timestamp containing ${Time}
+ Log Operator->>Log Operator: Integrate Signed timestamp containing ${Time}s and issue Log Checkpoint
+ Log Operator->>${TimestampAuthority}: Log Checkpoint and inclusion proof
+ ${TimestampAuthority}->>Software Installer, entity consuming short-lived code-signing certificate: Signed timestamp containing ${Time} with proof bundle
+ Software Installer, entity consuming short-lived code-signing certificate->>Software Installer, entity consuming short-lived code-signing certificate: Verify bundle and install software
+ loop Periodic append-only Verification
+ Witness->>Log Operator: Fetch merkle data
+ Witness->>Witness: Verify append-only
+ end
+ loop Periodic Signed timestamp containing ${Time} Verification
+ ${TimestampMonotonicVerifier}->>Log Operator: Get all entries
+ ${TimestampMonotonicVerifier}->>${TimestampMonotonicVerifier}: Verify: ${TimestampAuthority} claims a monotonically increasing ${Time}
+ end
+```
\ No newline at end of file
diff --git a/docs/claimantmodel/tsa/model.md b/docs/claimantmodel/tsa/model.md
new file mode 100644
index 0000000..ddc357a
--- /dev/null
+++ b/docs/claimantmodel/tsa/model.md
@@ -0,0 +1,17 @@
+
+
+- ClaimTSA
+- ${TimestampAuthority} claims a monotonically increasing ${Time}
+- StatementTSA
+- Signed timestamp containing ${Time}
+- ClaimantTSA
+- ${TimestampAuthority}
+- BelieverTSA
+- Software Installer, entity consuming short-lived code-signing certificate
+- VerifierTSA
+- ${TimestampMonotonicVerifier}: ${TimestampAuthority} claims a monotonically increasing ${Time}
+- ArbiterTSA
+- Community
+
\ No newline at end of file
diff --git a/docs/claimantmodel/tsa/model.yaml b/docs/claimantmodel/tsa/model.yaml
new file mode 100644
index 0000000..c1cfa76
--- /dev/null
+++ b/docs/claimantmodel/tsa/model.yaml
@@ -0,0 +1,8 @@
+System: "TSA"
+Claim:
+ Claim: "${TimestampAuthority} claims a monotonically increasing ${Time}"
+ Verifier: "${TimestampMonotonicVerifier}"
+Statement: "Signed timestamp containing ${Time}"
+Claimant: "${TimestampAuthority}"
+Believer: "Software Installer, entity consuming short-lived code-signing certificate"
+Arbiter: "Community"