06 · Governance

Who holds this, and who should

A specification that claims to have no chokepoint, published by an organisation that currently edits it, stewards its namespace, and operates its only log. That concentration is the problem this page exists to describe rather than to defend.

Namespace steward
NoneM-7 gate — unmet
Independent logs
0Level 3 needs 2
Options documented
3no decision made
Intended destination
Donationto a standards body

Run an independent log Read the stewardship memo

Contents
  1. 01  Conflict-of-interest disclosure
  2. 02  What is actually blocked
  3. 03  Three stewardship options
  4. 04  The recommendation, and its risk
  5. 05  Documents required
  6. 06  We need a second log operator
  7. 07  What independence means
  8. 08  Donation to a standards body

01

Conflict-of-interest disclosure

This is the first section of this page, not the last, because it is the thing a hostile reviewer will find first — and finding it themselves is worse.

360WiSE holds three roles at once

RoleHeld by
Editor of the specification family360WiSE
Candidate interim steward of the namespace360WiSE
Operator of Reference Implementation #001, and of the only log360WiSE

That is three conflicts of interest in one organisation. It is a legitimate concern for a reviewer to raise, and the specification's own conformance code is written to refuse the claims that concentration would otherwise let us make.

The mitigations are structural rather than promissory. They are the reason the family mints no identifiers, operates no registry, and issues no conformance mark — each of those would have been a lever this concentration could pull.

What stops the conflict from becoming control
Lever we could have heldWhy we do not
A conformance mark BI-009 §7.3there is none. A mark under our control would be a registry by another name, and we would be certifying our own competitors against a suite we wrote.
A registry of identifiers None exists. Objects are named by ordinary HTTPS URLs on the publisher's own domain. We allocate nothing.
A privileged log Level 3 requires two independent logs, and our own code refuses to claim Level 3 while ours is the only one.
A lock-in feature BI-009 §7.4a feature that makes migration harder is a defect, not a moat.

02

What is actually blocked

Precision matters here, because "the namespace has no steward" sounds either fatal or trivial depending on how it is read. It is neither.

FC1 MUST NOT be published as Final until both are true

  1. The bo: namespace IRI and the JSON-LD context resolve under a domain controlled by a named steward with a published continuity commitment
  2. A named entity is responsible for submitting and maintaining the IANA broadcast-authority registration

Source: M-7 · BI-002 §2.4 rule 6 · BI-004 §11.2

What is not blocked

Public review, implementation, and the Reference Consumer are not blocked. The namespace is provisional, not broken. Rule 3 of §2.4 means no object needs rewriting if the prefix later moves — and erratum m-11 makes versionId provably stable across a reallocation, because it is computed over the compact document as serialized.

Every technical mitigation presupposes an operator who does not exist

A versioned context, a defined prefix-reallocation rule, identifiers stable across a move — all of it is in place and all of it works. All of it assumes somebody is there to serve the context, honour the 301, and keep the domain registered.

This is a governance gap, not an engineering one, and no further engineering closes it. You cannot assess the durability of a thirty-year archive whose vocabulary might stop resolving — and durability is the entire proposition.

The domain is squattable today

An unstewarded namespace is not a theoretical risk. It is a live one, and it compounds the longer the namespace is public and unclaimed.

03

Three stewardship options

Published in full, including the recommendation and its risks. No decision has been made.

  1. Option A 360WiSE as interim steward Fast, honest, and a conflict of interest that must be published rather than managed. Bridge
  2. Option B Neutral nonprofit or independent governance entity Cleaner standing — if it is genuinely funded and genuinely multi-party. Slow
  3. Option C Contribution to an established standards body IETF, W3C, IPTC, SMPTE. Discharges both halves of M-7 at once. Destination

Option A — 360WiSE as interim steward

Governance Simplest — 360WiSE already controls the work. Requires a published, binding continuity and succession commitment: a document, not an intention.
Continuity Minimum 10-year domain registration; registrar lock; DNSSEC; a named successor who has accepted in writing; Memento-served context with 301 on reallocation; wind-down notice of ≥ 12 months; escrow and transfer plan.
IANA 360WiSE submits. Feasible — RFC 8615 registration is lightweight and does not require organisational standing.
Risk The steward is also the editor and the reference implementer. Credible only if labelled interim and disclosed, not managed quietly.

Option B — Neutral nonprofit

Governance Incorporate or recruit a neutral entity. Needs articles, a board, a conflict-of-interest policy, and a funding model that survives 360WiSE's involvement ending.
IANA The entity submits. Cleaner standing than a single vendor.
Risk Slow and expensive — and a nonprofit with one member and no funding is less credible than an honest interim vendor. It is Option A wearing a costume.

Option C — Contribution to a standards body

Governance IETF (the BSP Internet-Draft is already written for it), W3C, IPTC, or SMPTE. The body's IPR regime applies; 360WiSE relinquishes editorial control.
Continuity Discharged by the body. Their domain, their continuity, their institutional lifespan. That is the whole point.
IANA Discharged by the body's process. Both halves of M-7 close at once.
Risk Slowest, and not entirely in our control. A body may decline, or may take the work and change it.

These are not mutually exclusive, and treating them as a single choice is the mistake to avoid. Option A is a bridge. Option C is a destination. Option B is only worth it if it is genuinely funded and genuinely multi-party — otherwise it is Option A wearing a costume.

governance/NAMESPACE-STEWARDSHIP-MEMO.md

04

The recommendation, and its risk

Option A, interim

Option A, explicitly and publicly labelled as interim, with Option C named as the intended destination.

governance/NAMESPACE-STEWARDSHIP-MEMO.md

This is the memo's recommendation. It has not been adopted. The reasoning is published so that a reviewer can disagree with it.

  1. 01

    The domain is squattable today.

    Securing it is a days-long task. The risk of not doing it compounds.

  2. 02

    Public review does not require a permanent steward. It requires an honest one.

    A published interim commitment — who holds this, under what terms, until when, and where it is goingis defensible to a hostile reviewer. Silence is not.

  3. 03

    Waiting for Option C means no external review for a year or more.

    External review is precisely what FC1 is ready for and what the work now most needs.

The risk of the recommendation, stated by the memo itself

Option A's credibility depends entirely on it being labelled interim and disclosed. An interim steward who quietly becomes a permanent one has done the thing the specification was written to prevent — and a reviewer would be right to say so.

05

Documents required

Whichever option is chosen, five documents must exist. None of them exists today.

Minimum documents — required under any option
#DocumentStatus
1 Namespace Stewardship Declaration — who holds it, under what commitment, until when, and what happens next. Published at the namespace IRI. Not written
2 Continuity & Succession Commitment — registration term, registrar lock, DNSSEC, named successor with written acceptance, wind-down notice, escrow and transfer plan. Not written
3 Context Serving Commitment — Memento-served history; 301 on reallocation; the §2.4 rule-3 guarantee restated as an operator obligation. Not written
4 IANA Registration Submission — RFC 8615 template for broadcast-authority, with the named submitter. Not submitted
5 Conflict-of-Interest Disclosure — required under Option A. States that the steward is also the editor and the operator of Reference Implementation #001, and what that means. Stated in §01not yet a signed document

06

We need a second log operator

Level 3 requires two independent logs. One exists, and we run it. This is the condition we cannot engineer our way out of.

A correction protocol whose only log is run by the reference implementer has a chokepoint at exactly the place it claims not to have one. Your independence is the point. It is not a formality, and we cannot manufacture it.

governance/LOG-OPERATOR-ONBOARDING.md
What we are asking, and what we are not
AskingNot asking
Run a conforming log. Publish your independence metadata. Gossip your Signed Tree Heads. Be auditable by people who do not trust you. No exclusivity. No fee. No editorial alignment. No governance seat. Any of those would compromise the independence we need — and the Level 3 gate would correctly refuse to recognise you.

What you would be signing up for

The specification is frozen at v1.0-FC1 and under review. It is not Final and should not yet be relied upon operationally.

You would be an early operator of a protocol still under review, with everything that implies. We would rather you understand that now than discover it later.

Log Operator Onboarding Package

07

What independence means

Defined normatively, and not self-assertable. A consumer or monitor fetches get-log-metadata from both logs and checks these itself.

Level 3 independence criteria — BI-008 §11.4.1
# Criterion Force
1 Distinct legal entities, no common control — neither controls the other; no shared parent. MUST
2 Distinct trust anchors; keys not in shared custody. MUST
3 Distinct operational infrastructure — not two hostnames under one administrative control. MUST
4 Distinct jurisdictions. Two logs subject to a single court's compulsion give no defence against compelled removal — which is much of why E-1 exists. For politically or legally sensitive material, treat same-jurisdiction logs as not independent. SHOULD

The self-assertion hole was closed deliberately

An earlier draft carried an is_self_operated boolean. It was deleted — because a commonly-owned second log would simply have set it to false.

Independence is now derived from each log's own published metadata, so it can be checked by anyone, against nobody's word.

Source: erratum M-2 · BI-008 §11.4.1, §11.2

08

Donation to a standards body

The Broadcast Supersession Protocol is intended for donation to a standards body. It should not be ours.

BSP is the one genuinely novel contribution in this family — everything else is an integration profile over standards that already exist. A correction protocol owned by a single company is a correction protocol with an owner, and an owner is a chokepoint.

The Internet-Draft is already written for it

draft-alexander-bsp-00 exists and is prepared for submission. It is the vehicle by which the protocol leaves our hands.

The broader family — the object model, the authority model — is a less natural fit for the IETF, and may belong with a media-standards body instead. That decision has not been made either.

Source: BI-001 §7 · spec/ietf/draft-alexander-bsp-00.md

Filing the Internet-Draft is a datestamp, and it is the step that makes the donation commitment checkable rather than stated. Until it is filed, the intent to donate is a sentence on a website.

Read the stewardship memo in full Read the Internet-Draft

Submit an Independent Engineering Review

Email

Security findings, interoperability reports, conformance issues, implementation feedback, and specification comments are welcome. Prospective log operators and standards bodies are also welcome to write.

Substantive technical reviews may be published, with attribution unless anonymity is requested.

Frozen Broadcast Infrastructure™ v1.0-FC1 · Final Candidate 1 · Not Final

No namespace steward has been named. No decision has been made. The correction protocol is intended for donation to a standards body. This specification family is not to be operationally relied upon.