Clarification for completeness of builder ID

[arewm]

The provenance spec states that the id is

URI indicating the transitive closure of the trusted build platform. This is intended to be the sole determiner of the SLSA Build level.

If a build platform has multiple modes of operations that have differing security attributes or SLSA Build levels, each mode MUST have a different builder.id and SHOULD have a different signer identity. This is to minimize the risk that a less secure mode compromises a more secure one.

The terminology states that a platform is a

System that allows tenants to run builds. Technically, it is the transitive closure of software and services that must be trusted to faithfully execute the build. It includes software, hardware, people, and organizations.

Taking a specific tool used to generate provenance, the default builder ID for Tekton Chains simply states that the provenance was produced by Chains: https://github.com/tektoncd/chains/blob/5fc7735e5a752ff8518e2a8b7c09b5990e480385/pkg/config/config.go#L262-L264

		Builder: BuilderConfig{
			ID: "https://tekton.dev/chains/v2",
		},

My initial interpretation of the specification is that this ID should be unique for each k8s cluster that Chains is deployed on. I have heard feedback that use of the term "system" in the terminology refers to a thing that can run somewhere which would mean that this default config doesn't need to be modified.

Considering the definition of what the builder.id URI should resolve to, however, if a deployment doesn't customize how Chains works, the resolved documentation would be identical across all deployments.

Would it therefore be reasonable for the builder.id to be consistent across deployments even if the signing key varies between deployments? What is the relationship between a builder ID, a specific instantiation of some shared runner code, and an identity used for signing the provenance?