The Trust Systems Meta Model (TSMM) provides an abstract model for how trust systems are structured and how they make operational decisions.
The current main-branch increment also introduces a canonical primitive catalog at schemas/tsmm.schema.json. That schema formalizes the meta-model layer itself, while this document continues to explain how those primitives combine in a concrete trust-system instance.
The model is built around a practical question:
Under what bounded authority, policy, evidence, assessment, and verification conditions should a system allow a trust-relevant effect to occur?
TSMM is therefore not primarily identity-centered. It is effect-centered.
A trust system is not only a mechanism for storing identifiers or publishing metadata. A trust system is a mechanism for:
That chain is the operational heart of TSMM.
An Entity is any actor, component, or participant that can exist within a trust system.
A Role is a context-specific capacity in which an entity acts.
Authority is a bounded right, permission, mandate, or recognized competence attached to a role.
Typical attributes include:
An Artifact is any structured object that carries trust-relevant information.
A Claim is a proposition asserted by or about an entity, artifact, system, or state.
A claim is not automatically true. It is a statement subject to evaluation.
A Policy is a set of evaluation rules that governs interpretation, acceptance, rejection, downgrade, routing, or escalation.
A Control is a safeguard that reduces a defined risk or constrains an unsafe condition.
A Threat is a modeled harm, abuse case, or failure mode that matters for trust posture or trust decisions.
Evidence is the material used to support a claim, demonstrate a control, substantiate a requirement outcome, or support an assessment result.
Verification is a checking process that evaluates whether some expected condition holds.
A Level Framework is a tiered structure used to express maturity, assurance, conformance, or rigor.
A Trust Decision is the evaluated outcome produced under policy and context.
An Effect is the operational consequence the system permits, denies, downgrades, routes, or records after a trust decision.
A Lifecycle Event is a change relevant to trust posture or trust state.
These abstractions were made explicit after reviewing how TRQP-TSPP, ERC-8004-CSP, and DCAS package requirements, profiles, and evaluation methods.
A Governance Context captures the institutional, legal, contractual, or ecosystem environment within which trust decisions operate.
Examples:
A Profile is a packaged set of requirements, controls, policy expectations, or assessment expectations defined for a particular implementation class.
Examples:
A Requirement is a normative or expected condition that a system, process, artifact, or participant should satisfy.
An Assessment is a structured activity that evaluates whether requirements, controls, profiles, or claims are satisfied.
Assessment is broader than verification. Verification may be one checking operation. Assessment is often the orchestrated review process that uses verification outputs, evidence, and method guidance.
Without governance context, profile, requirement, and assessment, a meta-model struggles to describe how real repos actually operate.
Those concepts are visible across:
TSMM now models those ideas directly while keeping the abstraction layer lean enough to travel.