Current identity-based code-signing schemes lack verifiable signing context, rendering them vulnerable to compromise of identity providers or malicious client-side abuse—thereby undermining the authenticity of signatures with respect to developer intent. This paper proposes a diversified identity verification framework tailored for next-generation software signing systems such as Sigstore, addressing single points of failure and excessive privilege delegation. Our approach integrates threshold cryptography, fine-grained access control, and native Sigstore ecosystem compatibility. Key contributions include: (1) the first formal definition of a diversified verification scope model; (2) bidirectional risk isolation between identity providers and clients; and (3) threshold-based validation of account signing capabilities. Prototype evaluation demonstrates robust resistance against identity leakage and unauthorized signature authority exploitation, significantly enhancing trust resilience across the software supply chain.

Code signing enables software developers to digitally sign their code using cryptographic keys, thereby associating the code to their identity. This allows users to verify the authenticity and integrity of the software, ensuring it has not been tampered with. Next-generation software signing such as Sigstore and OpenPubKey simplify code signing by providing streamlined mechanisms to verify and link signer identities to the public key. However, their designs have vulnerabilities: reliance on an identity provider introduces a single point of failure, and the failure to follow the principle of least privilege on the client side increases security risks. We introduce Diverse Identity Verification (DiVerify) scheme, which strengthens the security guarantees of next-generation software signing by leveraging threshold identity validations and scope mechanisms. We formalize a general definition of diverse verification scope and how it applies to next-generation software signing solutions, enabling clients to protect themselves from the impact of a compromised identity provider and help identity providers minimize the impact of compromised clients. As proof of concept, we implement DiVerify in the Sigstore ecosystem and evaluate the security improvements. By using fine-grained access control mechanisms and implementing threshold validations over account signing capabilities, we demonstrate that signing tools can protect themselves against threats from compromised identity providers and malicious signing clients.