├── .cache ├── init.flag ├── specs-generated.json ├── term-index.json ├── xtrefs-data.js └── xtrefs-data.json ├── .env.example ├── .github-backup └── workflows │ ├── menu.yml │ ├── render-specs.yml │ ├── revised-format.yml │ └── set-gh-pages.yml ├── .github └── workflows │ ├── menu.yml │ ├── render-specs.yml │ ├── revised-format.yml │ └── set-gh-pages.yml ├── .gitignore ├── .gitignore-backup ├── COPYRIGHT_POLICY.md ├── Contributing.md ├── EditingTheSpec.md ├── LICENSE ├── LICENSE.md ├── README.md ├── SOURCE_CODE.md ├── assets-backup ├── test.json └── test.text ├── assets ├── test.json └── test.text ├── docs ├── index.html └── versions │ ├── index.html │ └── v1 │ └── index.html ├── draft-ssmith-keri.md ├── images ├── AuthenticatableMessage.png ├── AutonomicIdentifierBindingTetrad.png ├── AutonomicIssuanceTetrad.png ├── ControllerAppAgentDirectExchange.png ├── ControllerAppAgentSplitFunctions.png ├── ControllerAppAgentWitnessWatcherIndirectExchange.png ├── ControllerApplicationFunctions.png ├── Ecosystem.png ├── End2EndNetwork.png ├── ExploitDead.png ├── ExploitLive.png ├── PrefixAddressMultisigDerivation.png ├── SelfCertIssuanceTriad.png └── SelfCertifyingIdentifierBindingTriad.png ├── package-backup.json ├── package-lock.json ├── package.json ├── spec ├── .!33004!.DS_Store ├── assets │ ├── AuthenticatableMessage.png │ ├── ExploitDead.png │ └── ExploitLive.png ├── spec-body.md ├── spec-head.md ├── termdefs-new.md ├── termdefs.md ├── terms-and-definitions-intro.md └── terms-definitions │ ├── KERIs-algorithm-for-witness-agreement.md │ ├── authentic-chained-data-container.md │ ├── autonomic-identifier.md │ ├── autonomic-identity-system.md │ ├── autonomic-namespace.md │ ├── backer.md │ ├── concise-binary-object-representation.md │ ├── configuration-traits.md │ ├── controller.md │ ├── cryptographic-primitive.md │ ├── cryptonym.md │ ├── current-threshold.md │ ├── dead-attack.md │ ├── decentralized-key-management-infrastructure.md │ ├── duplicity.md │ ├── end-verifiability.md │ ├── establishment-event.md │ ├── exchange-identifier.md │ ├── first-seen.md │ ├── inception-event.md │ ├── inception.md │ ├── indexed-signature.md │ ├── interaction-event.md │ ├── key-event-log.md │ ├── key-event-message.md │ ├── key-event-receipt-infrastructure.md │ ├── key-event-receipt-log.md │ ├── key-event-receipt.md │ ├── key-event.md │ ├── key-state.md │ ├── live-attack.md │ ├── message.md │ ├── messagepack.md │ ├── next-threshold.md │ ├── non-establishment-event.md │ ├── out-of-band-introduction.md │ ├── primitive.md │ ├── python-dict.md │ ├── receipt.md │ ├── receiver.md │ ├── rotation-event.md │ ├── rotation.md │ ├── routed-exchange-message.md │ ├── saidive.md │ ├── salt.md │ ├── seal.md │ ├── self-addressed-data.md │ ├── self-addressing-identifier.md │ ├── self-certifying-identifier.md │ ├── signature.md │ ├── validator.md │ ├── verifiable.md │ ├── verifier.md │ ├── version.md │ ├── watcher.md │ └── witness.md └── specs.json /.cache/init.flag: -------------------------------------------------------------------------------- 1 | Initialization completed. -------------------------------------------------------------------------------- /.cache/specs-generated.json: -------------------------------------------------------------------------------- 1 | { 2 | "specs": [ 3 | { 4 | "title": "KERI specification", 5 | "description": "Create technical specifications in markdown. Based on the original Spec-Up, extended with Terminology tooling", 6 | "author": "Trust over IP Foundation", 7 | "spec_directory": "./spec", 8 | "spec_terms_directory": "terms-definitions", 9 | "output_path": "./docs", 10 | "markdown_paths": [ 11 | "spec-head.md", 12 | "terms-and-definitions-intro.md", 13 | "terms-definitions/KERIs-algorithm-for-witness-agreement.md", 14 | "terms-definitions/authentic-chained-data-container.md", 15 | "terms-definitions/autonomic-identifier.md", 16 | "terms-definitions/autonomic-identity-system.md", 17 | "terms-definitions/autonomic-namespace.md", 18 | "terms-definitions/backer.md", 19 | "terms-definitions/concise-binary-object-representation.md", 20 | "terms-definitions/configuration-traits.md", 21 | "terms-definitions/controller.md", 22 | "terms-definitions/cryptographic-primitive.md", 23 | "terms-definitions/cryptonym.md", 24 | "terms-definitions/current-threshold.md", 25 | "terms-definitions/dead-attack.md", 26 | "terms-definitions/decentralized-key-management-infrastructure.md", 27 | "terms-definitions/duplicity.md", 28 | "terms-definitions/end-verifiability.md", 29 | "terms-definitions/establishment-event.md", 30 | "terms-definitions/exchange-identifier.md", 31 | "terms-definitions/first-seen.md", 32 | "terms-definitions/inception-event.md", 33 | "terms-definitions/inception.md", 34 | "terms-definitions/indexed-signature.md", 35 | "terms-definitions/interaction-event.md", 36 | "terms-definitions/key-event-log.md", 37 | "terms-definitions/key-event-message.md", 38 | "terms-definitions/key-event-receipt-infrastructure.md", 39 | "terms-definitions/key-event-receipt-log.md", 40 | "terms-definitions/key-event-receipt.md", 41 | "terms-definitions/key-event.md", 42 | "terms-definitions/key-state.md", 43 | "terms-definitions/live-attack.md", 44 | "terms-definitions/message.md", 45 | "terms-definitions/messagepack.md", 46 | "terms-definitions/next-threshold.md", 47 | "terms-definitions/non-establishment-event.md", 48 | "terms-definitions/out-of-band-introduction.md", 49 | "terms-definitions/primitive.md", 50 | "terms-definitions/python-dict.md", 51 | "terms-definitions/receipt.md", 52 | "terms-definitions/receiver.md", 53 | "terms-definitions/rotation-event.md", 54 | "terms-definitions/rotation.md", 55 | "terms-definitions/routed-exchange-message.md", 56 | "terms-definitions/saidive.md", 57 | "terms-definitions/salt.md", 58 | "terms-definitions/seal.md", 59 | "terms-definitions/self-addressed-data.md", 60 | "terms-definitions/self-addressing-identifier.md", 61 | "terms-definitions/self-certifying-identifier.md", 62 | "terms-definitions/signature.md", 63 | "terms-definitions/validator.md", 64 | "terms-definitions/verifiable.md", 65 | "terms-definitions/verifier.md", 66 | "terms-definitions/version.md", 67 | "terms-definitions/watcher.md", 68 | "terms-definitions/witness.md", 69 | "spec-body.md" 70 | ], 71 | "logo": "https://raw.githubusercontent.com/trustoverip/spec-up-t-starter-pack/main/spec-up-t-starterpack/static/logo.svg", 72 | "logo_link": "https://github.com/trustoverip/spec-up-t", 73 | "favicon": "https://raw.githubusercontent.com/trustoverip/spec-up-t-starter-pack/main/spec-up-t-starterpack/static/favicon.ico", 74 | "source": { 75 | "host": "github", 76 | "account": "trustoverip", 77 | "repo": "tswg-keri-specification", 78 | "branch": "main" 79 | }, 80 | "external_specs": [ 81 | { 82 | "external_spec": "keri1", 83 | "gh_page": "https://trustoverip.github.io/kerisuite-glossary/", 84 | "url": "https://github.com/trustoverip/kerisuite-glossary", 85 | "terms_dir": "spec/terms-definitions" 86 | }, 87 | { 88 | "external_spec": "toip1", 89 | "gh_page": "https://trustoverip.github.io/ctwg-main-glossary/", 90 | "url": "https://github.com/trustoverip/ctwg-main-glossary", 91 | "terms_dir": "spec/terms-definitions" 92 | }, 93 | { 94 | "external_spec": "toip2", 95 | "gh_page": "https://trustoverip.github.io/ctwg-general-glossary/", 96 | "url": "https://github.com/trustoverip/ctwg-general-glossary", 97 | "terms_dir": "spec/terms-definitions" 98 | } 99 | ], 100 | "katex": false 101 | } 102 | ] 103 | } 104 | -------------------------------------------------------------------------------- /.cache/term-index.json: -------------------------------------------------------------------------------- 1 | [ 2 | "terms-definitions/KERIs-algorithm-for-witness-agreement.md", 3 | "terms-definitions/authentic-chained-data-container.md", 4 | "terms-definitions/autonomic-identifier.md", 5 | "terms-definitions/autonomic-identity-system.md", 6 | "terms-definitions/autonomic-namespace.md", 7 | "terms-definitions/backer.md", 8 | "terms-definitions/concise-binary-object-representation.md", 9 | "terms-definitions/configuration-traits.md", 10 | "terms-definitions/controller.md", 11 | "terms-definitions/cryptographic-primitive.md", 12 | "terms-definitions/cryptonym.md", 13 | "terms-definitions/current-threshold.md", 14 | "terms-definitions/dead-attack.md", 15 | "terms-definitions/decentralized-key-management-infrastructure.md", 16 | "terms-definitions/duplicity.md", 17 | "terms-definitions/end-verifiability.md", 18 | "terms-definitions/establishment-event.md", 19 | "terms-definitions/exchange-identifier.md", 20 | "terms-definitions/first-seen.md", 21 | "terms-definitions/inception-event.md", 22 | "terms-definitions/inception.md", 23 | "terms-definitions/indexed-signature.md", 24 | "terms-definitions/interaction-event.md", 25 | "terms-definitions/key-event-log.md", 26 | "terms-definitions/key-event-message.md", 27 | "terms-definitions/key-event-receipt-infrastructure.md", 28 | "terms-definitions/key-event-receipt-log.md", 29 | "terms-definitions/key-event-receipt.md", 30 | "terms-definitions/key-event.md", 31 | "terms-definitions/key-state.md", 32 | "terms-definitions/live-attack.md", 33 | "terms-definitions/message.md", 34 | "terms-definitions/messagepack.md", 35 | "terms-definitions/next-threshold.md", 36 | "terms-definitions/non-establishment-event.md", 37 | "terms-definitions/out-of-band-introduction.md", 38 | "terms-definitions/primitive.md", 39 | "terms-definitions/python-dict.md", 40 | "terms-definitions/receipt.md", 41 | "terms-definitions/receiver.md", 42 | "terms-definitions/rotation-event.md", 43 | "terms-definitions/rotation.md", 44 | "terms-definitions/routed-exchange-message.md", 45 | "terms-definitions/saidive.md", 46 | "terms-definitions/salt.md", 47 | "terms-definitions/seal.md", 48 | "terms-definitions/self-addressed-data.md", 49 | "terms-definitions/self-addressing-identifier.md", 50 | "terms-definitions/self-certifying-identifier.md", 51 | "terms-definitions/signature.md", 52 | "terms-definitions/validator.md", 53 | "terms-definitions/verifiable.md", 54 | "terms-definitions/verifier.md", 55 | "terms-definitions/version.md", 56 | "terms-definitions/watcher.md", 57 | "terms-definitions/witness.md" 58 | ] 59 | -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- 1 | # Optional GitHub API token for increased rate limits 2 | GITHUB_API_TOKEN=YOUR_GITHUB_API_TOKEN -------------------------------------------------------------------------------- /.github-backup/workflows/menu.yml: -------------------------------------------------------------------------------- 1 | name: Run Menu 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | action_type: 7 | description: 'Action to perform' 8 | required: true 9 | default: 'render' 10 | type: choice 11 | options: 12 | - render 13 | - topdf 14 | - todocx 15 | - freeze 16 | - custom-update 17 | - collectExternalReferences 18 | repository: 19 | description: 'Repository' 20 | required: false 21 | branch: 22 | description: 'Branch' 23 | required: false 24 | triggered_by: 25 | description: 'Triggered by' 26 | required: false 27 | 28 | jobs: 29 | build-and-deploy-spec: 30 | runs-on: ubuntu-latest 31 | permissions: 32 | contents: write # Needed for pushing changes and deploying to Pages 33 | steps: 34 | - name: Checkout 🛎️ 35 | uses: actions/checkout@v4 36 | with: 37 | persist-credentials: true # We’ll use MY_PAT for push 38 | 39 | - name: Set up Node.js 40 | uses: actions/setup-node@v4 41 | with: 42 | node-version: '18' 43 | 44 | - name: Extract output_path from JSON 45 | id: extract-output 46 | run: | 47 | OUTPUT_PATH=$(jq -r '.specs[0].output_path // "default/output"' specs.json) 48 | if [ "$OUTPUT_PATH" = "null" ] || [ -z "$OUTPUT_PATH" ]; then 49 | echo "Error: Unable to extract output_path from specs.json" 50 | exit 1 51 | fi 52 | echo "OUTPUT_PATH=$OUTPUT_PATH" >> $GITHUB_ENV 53 | 54 | - name: Install dependencies 🔧 55 | run: | 56 | echo "Installing dependencies..." 57 | npm install 58 | echo "Spec-Up-T version:" 59 | npm list spec-up-t || echo "spec-up-t not found" 60 | 61 | - name: Run selected script 62 | env: 63 | MY_PAT: ${{ secrets.MY_PAT }} # Make the secret available as an env var 64 | run: | 65 | case "${{ github.event.inputs.action_type }}" in 66 | render) 67 | npm run render 68 | ;; 69 | topdf) 70 | npm run topdf 71 | ;; 72 | todocx) 73 | npm run todocx 74 | ;; 75 | freeze) 76 | npm run freeze 77 | ;; 78 | custom-update) 79 | npm run custom-update 80 | ;; 81 | collectExternalReferences) 82 | npm run collectExternalReferences 83 | ;; 84 | *) 85 | echo "Unknown action_type: ${{ github.event.inputs.action_type }}" 86 | exit 1 87 | ;; 88 | esac 89 | 90 | - name: Commit and push changes 91 | if: success() 92 | run: | 93 | git config --global user.email "actions@github.com" 94 | git config --global user.name "GitHub Actions" 95 | 96 | # Add all changes 97 | git add . 98 | 99 | # Commit with appropriate message 100 | case "${{ github.event.inputs.action_type }}" in 101 | render) 102 | git commit -m "Render specification: Update files" || echo "No changes to commit" 103 | ;; 104 | topdf) 105 | git commit -m "Export to PDF" || echo "No changes to commit" 106 | ;; 107 | todocx) 108 | git commit -m "Export to DOCX" || echo "No changes to commit" 109 | ;; 110 | collectExternalReferences) 111 | git commit -m "Collect external references" || echo "No changes to commit" 112 | ;; 113 | freeze) 114 | git commit -m "Freeze specification" || echo "No changes to commit" 115 | ;; 116 | custom-update) 117 | git commit -m "Custom update: Copy files from spec-up-t" || echo "No changes to commit" 118 | ;; 119 | *) 120 | git commit -m "Update files: ${{ github.event.inputs.action_type }}" || echo "No changes to commit" 121 | ;; 122 | esac 123 | 124 | # Push changes 125 | git push https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:main 126 | 127 | - name: Commit output files 128 | if: success() 129 | run: | 130 | git config --global user.email "actions@github.com" 131 | git config --global user.name "GitHub Actions" 132 | git add "$OUTPUT_PATH" 133 | git commit -m "Update output files in $OUTPUT_PATH" || echo "No changes to commit in output directory" 134 | git push https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:main 135 | 136 | - name: Clean up 137 | if: always() 138 | run: | 139 | echo "Cleaning up..." 140 | rm -rf node_modules 141 | -------------------------------------------------------------------------------- /.github-backup/workflows/render-specs.yml: -------------------------------------------------------------------------------- 1 | 2 | name: spec-up-t render 3 | 4 | on: 5 | # push: 6 | # branches: 7 | # - main 8 | workflow_dispatch: 9 | 10 | jobs: 11 | build-and-deploy-spec: 12 | runs-on: ubuntu-latest 13 | permissions: 14 | contents: write 15 | steps: 16 | - name: Checkout 🛎️ 17 | uses: actions/checkout@v2 18 | with: 19 | persist-credentials: false 20 | - name: Extract output_path from JSON 21 | # TODO: .specs[0] is a hack to get the first spec. This should be fixed. 22 | run: | 23 | OUTPUT_PATH=$(jq -r '.specs[0].output_path' specs.json) 24 | echo "OUTPUT_PATH=$OUTPUT_PATH" >> $GITHUB_ENV 25 | 26 | - name: Install and Build 🔧 # This example project is built using npm and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built. 27 | run: | 28 | echo "start install" 29 | npm install 30 | echo "end install" 31 | echo "Spec-Up-T version:" 32 | npm list spec-up-t 33 | echo "start render" 34 | node -e "require('spec-up-t')({ nowatch: true })" 35 | echo "end render" 36 | rm -rf node_modules 37 | 38 | # This is a GitHub Action to deploy your static files to GitHub Pages 39 | - name: Deploy 40 | uses: peaceiris/actions-gh-pages@v3.7.3 41 | with: 42 | github_token: ${{ secrets.GITHUB_TOKEN }} 43 | publish_dir: ${{ env.OUTPUT_PATH }} # Use the OUTPUT_PATH environment variable 44 | allow_empty_commit: true 45 | force_orphan: true 46 | 47 | 48 | -------------------------------------------------------------------------------- /.github-backup/workflows/revised-format.yml: -------------------------------------------------------------------------------- 1 | name: revised-format 2 | on: 3 | push: 4 | branches: 5 | - revised-format 6 | workflow_dispatch: 7 | branches: 8 | - revised-format 9 | 10 | jobs: 11 | publish: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v4 16 | with: 17 | ref: revised-format 18 | 19 | - name: Set up Python 3.10.4 20 | uses: actions/setup-python@v2 21 | with: 22 | python-version: 3.10.4 23 | 24 | - name: Install dependencies 25 | run: | 26 | pip install -r requirements.txt 27 | 28 | - name: Combine 29 | run: | 30 | rm -f docs/index.md 31 | touch docs/index.md; cat 0*.md > docs/index.md 32 | 33 | - name: Deploy 34 | run: | 35 | mkdocs gh-deploy 36 | 37 | - name: pandoc 38 | uses: MatthiasValvekens/pandoc-iso@master 39 | with: 40 | md-in: docs/index.md 41 | docx-out: docs/index.docx 42 | 43 | - name: Upload 44 | uses: actions/upload-artifact@v3 45 | with: 46 | name: ${{ github.event.repository.name }}-iso-draft 47 | path: docs/index.docx -------------------------------------------------------------------------------- /.github-backup/workflows/set-gh-pages.yml: -------------------------------------------------------------------------------- 1 | name: Set GitHub Pages and Homepage 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | configure-pages-and-homepage: 8 | runs-on: ubuntu-latest 9 | permissions: 10 | contents: read # To check branches 11 | pages: write # To configure Pages settings 12 | steps: 13 | - name: Check if gh-pages branch exists 14 | id: check-branch 15 | run: | 16 | RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \ 17 | -H "Authorization: token ${{ secrets.MY_PAT }}" \ 18 | -H "Accept: application/vnd.github+json" \ 19 | https://api.github.com/repos/${{ github.repository }}/branches/gh-pages) 20 | if [ "$RESPONSE" -eq 200 ]; then 21 | echo "gh-pages branch exists" 22 | echo "BRANCH_EXISTS=true" >> $GITHUB_ENV 23 | elif [ "$RESPONSE" -eq 404 ]; then 24 | echo "Error: gh-pages branch does not exist in ${{ github.repository }}" 25 | exit 1 26 | else 27 | echo "Unexpected response code: $RESPONSE" 28 | exit 1 29 | fi 30 | 31 | - name: Set GitHub Pages to gh-pages 32 | if: env.BRANCH_EXISTS == 'true' 33 | env: 34 | PAT: ${{ secrets.MY_PAT }} 35 | run: | 36 | RESPONSE=$(curl -s -L \ 37 | -X POST \ 38 | -H "Authorization: token $PAT" \ 39 | -H "Accept: application/vnd.github+json" \ 40 | https://api.github.com/repos/${{ github.repository }}/pages \ 41 | -d '{"source":{"branch":"gh-pages","path":"/"}}' \ 42 | -w "%{http_code}" -o response.json) 43 | if [ "$RESPONSE" -eq 201 ] || [ "$RESPONSE" -eq 200 ]; then 44 | echo "GitHub Pages set to gh-pages branch for ${{ github.repository }}" 45 | else 46 | echo "Failed to set GitHub Pages: $RESPONSE" 47 | cat response.json 48 | exit 1 49 | fi 50 | 51 | - name: Set repository homepage to GitHub Pages URL 52 | if: env.BRANCH_EXISTS == 'true' 53 | env: 54 | PAT: ${{ secrets.MY_PAT }} 55 | run: | 56 | # Construct the expected GitHub Pages URL 57 | REPO_NAME=$(echo "${{ github.repository }}" | cut -d'/' -f2) 58 | OWNER=$(echo "${{ github.repository }}" | cut -d'/' -f1) 59 | PAGES_URL="https://${OWNER}.github.io/${REPO_NAME}" 60 | 61 | # Set the homepage via API 62 | RESPONSE=$(curl -s -L \ 63 | -X PATCH \ 64 | -H "Authorization: token $PAT" \ 65 | -H "Accept: application/vnd.github+json" \ 66 | https://api.github.com/repos/${{ github.repository }} \ 67 | -d "{\"homepage\":\"${PAGES_URL}\"}" \ 68 | -w "%{http_code}" -o response.json) 69 | 70 | if [ "$RESPONSE" -eq 200 ]; then 71 | echo "Repository homepage set to $PAGES_URL for ${{ github.repository }}" 72 | else 73 | echo "Failed to set homepage: $RESPONSE" 74 | cat response.json 75 | exit 1 76 | fi 77 | 78 | - name: Verify homepage matches GitHub Pages URL 79 | if: env.BRANCH_EXISTS == 'true' 80 | env: 81 | PAT: ${{ secrets.MY_PAT }} 82 | run: | 83 | # Construct the expected GitHub Pages URL 84 | REPO_NAME=$(echo "${{ github.repository }}" | cut -d'/' -f2) 85 | OWNER=$(echo "${{ github.repository }}" | cut -d'/' -f1) 86 | EXPECTED_URL="https://${OWNER}.github.io/${REPO_NAME}" 87 | 88 | # Fetch the current homepage from the repo 89 | CURRENT_HOMEPAGE=$(curl -s -L \ 90 | -H "Authorization: token $PAT" \ 91 | -H "Accept: application/vnd.github+json" \ 92 | https://api.github.com/repos/${{ github.repository }} | jq -r '.homepage') 93 | 94 | if [ "$CURRENT_HOMEPAGE" = "$EXPECTED_URL" ]; then 95 | echo "Verified: Homepage is set to GitHub Pages URL ($EXPECTED_URL)" 96 | else 97 | echo "Error: Homepage ($CURRENT_HOMEPAGE) does not match expected GitHub Pages URL ($EXPECTED_URL)" 98 | exit 1 99 | fi -------------------------------------------------------------------------------- /.github/workflows/menu.yml: -------------------------------------------------------------------------------- 1 | name: Run Menu 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | action_type: 7 | description: 'Action to perform' 8 | required: true 9 | default: 'render' 10 | type: choice 11 | options: 12 | - render 13 | - topdf 14 | - todocx 15 | - freeze 16 | - custom-update 17 | - collectExternalReferences 18 | repository: 19 | description: 'Repository' 20 | required: false 21 | branch: 22 | description: 'Branch' 23 | required: false 24 | triggered_by: 25 | description: 'Triggered by' 26 | required: false 27 | 28 | jobs: 29 | build-and-deploy-spec: 30 | runs-on: ubuntu-latest 31 | permissions: 32 | contents: write # Needed for pushing changes and deploying to Pages 33 | steps: 34 | - name: Checkout 🛎️ 35 | uses: actions/checkout@v4 36 | with: 37 | persist-credentials: true # We’ll use MY_PAT for push 38 | 39 | - name: Set up Node.js 40 | uses: actions/setup-node@v4 41 | with: 42 | node-version: '18' 43 | 44 | - name: Extract output_path from JSON 45 | id: extract-output 46 | run: | 47 | OUTPUT_PATH=$(jq -r '.specs[0].output_path // "default/output"' specs.json) 48 | if [ "$OUTPUT_PATH" = "null" ] || [ -z "$OUTPUT_PATH" ]; then 49 | echo "Error: Unable to extract output_path from specs.json" 50 | exit 1 51 | fi 52 | echo "OUTPUT_PATH=$OUTPUT_PATH" >> $GITHUB_ENV 53 | 54 | - name: Install dependencies 🔧 55 | run: | 56 | echo "Installing dependencies..." 57 | npm install 58 | echo "Spec-Up-T version:" 59 | npm list spec-up-t || echo "spec-up-t not found" 60 | 61 | - name: Run selected script 62 | env: 63 | MY_PAT: ${{ secrets.MY_PAT }} # Make the secret available as an env var 64 | run: | 65 | case "${{ github.event.inputs.action_type }}" in 66 | render) 67 | npm run render 68 | ;; 69 | topdf) 70 | npm run topdf 71 | ;; 72 | todocx) 73 | npm run todocx 74 | ;; 75 | freeze) 76 | npm run freeze 77 | ;; 78 | custom-update) 79 | npm run custom-update 80 | ;; 81 | collectExternalReferences) 82 | npm run collectExternalReferences 83 | ;; 84 | *) 85 | echo "Unknown action_type: ${{ github.event.inputs.action_type }}" 86 | exit 1 87 | ;; 88 | esac 89 | 90 | - name: Commit and push changes 91 | if: success() 92 | run: | 93 | git config --global user.email "actions@github.com" 94 | git config --global user.name "GitHub Actions" 95 | 96 | # Add all changes 97 | git add . 98 | 99 | # Commit with appropriate message 100 | case "${{ github.event.inputs.action_type }}" in 101 | render) 102 | git commit -m "Render specification: Update files" || echo "No changes to commit" 103 | ;; 104 | topdf) 105 | git commit -m "Export to PDF" || echo "No changes to commit" 106 | ;; 107 | todocx) 108 | git commit -m "Export to DOCX" || echo "No changes to commit" 109 | ;; 110 | collectExternalReferences) 111 | git commit -m "Collect external references" || echo "No changes to commit" 112 | ;; 113 | freeze) 114 | git commit -m "Freeze specification" || echo "No changes to commit" 115 | ;; 116 | custom-update) 117 | git commit -m "Custom update: Copy files from spec-up-t" || echo "No changes to commit" 118 | ;; 119 | *) 120 | git commit -m "Update files: ${{ github.event.inputs.action_type }}" || echo "No changes to commit" 121 | ;; 122 | esac 123 | 124 | # Push changes 125 | git push https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:main 126 | 127 | - name: Commit output files 128 | if: success() 129 | run: | 130 | git config --global user.email "actions@github.com" 131 | git config --global user.name "GitHub Actions" 132 | git add "$OUTPUT_PATH" 133 | git commit -m "Update output files in $OUTPUT_PATH" || echo "No changes to commit in output directory" 134 | git push https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:main 135 | 136 | - name: Clean up 137 | if: always() 138 | run: | 139 | echo "Cleaning up..." 140 | rm -rf node_modules 141 | -------------------------------------------------------------------------------- /.github/workflows/render-specs.yml: -------------------------------------------------------------------------------- 1 | 2 | name: spec-up-t render 3 | 4 | on: 5 | # push: 6 | # branches: 7 | # - main 8 | workflow_dispatch: 9 | 10 | jobs: 11 | build-and-deploy-spec: 12 | runs-on: ubuntu-latest 13 | permissions: 14 | contents: write 15 | steps: 16 | - name: Checkout 🛎️ 17 | uses: actions/checkout@v2 18 | with: 19 | persist-credentials: false 20 | - name: Extract output_path from JSON 21 | # TODO: .specs[0] is a hack to get the first spec. This should be fixed. 22 | run: | 23 | OUTPUT_PATH=$(jq -r '.specs[0].output_path' specs.json) 24 | echo "OUTPUT_PATH=$OUTPUT_PATH" >> $GITHUB_ENV 25 | 26 | - name: Install and Build 🔧 # This example project is built using npm and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built. 27 | run: | 28 | echo "start install" 29 | npm install 30 | echo "end install" 31 | echo "Spec-Up-T version:" 32 | npm list spec-up-t 33 | echo "start render" 34 | node -e "require('spec-up-t')({ nowatch: true })" 35 | echo "end render" 36 | rm -rf node_modules 37 | 38 | # This is a GitHub Action to deploy your static files to GitHub Pages 39 | - name: Deploy 40 | uses: peaceiris/actions-gh-pages@v3.7.3 41 | with: 42 | github_token: ${{ secrets.GITHUB_TOKEN }} 43 | publish_dir: ${{ env.OUTPUT_PATH }} # Use the OUTPUT_PATH environment variable 44 | allow_empty_commit: true 45 | force_orphan: true 46 | 47 | 48 | -------------------------------------------------------------------------------- /.github/workflows/revised-format.yml: -------------------------------------------------------------------------------- 1 | name: revised-format 2 | on: 3 | push: 4 | branches: 5 | - revised-format 6 | workflow_dispatch: 7 | branches: 8 | - revised-format 9 | 10 | jobs: 11 | publish: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v4 16 | with: 17 | ref: revised-format 18 | 19 | - name: Set up Python 3.10.4 20 | uses: actions/setup-python@v2 21 | with: 22 | python-version: 3.10.4 23 | 24 | - name: Install dependencies 25 | run: | 26 | pip install -r requirements.txt 27 | 28 | - name: Combine 29 | run: | 30 | rm -f docs/index.md 31 | touch docs/index.md; cat 0*.md > docs/index.md 32 | 33 | - name: Deploy 34 | run: | 35 | mkdocs gh-deploy 36 | 37 | - name: pandoc 38 | uses: MatthiasValvekens/pandoc-iso@master 39 | with: 40 | md-in: docs/index.md 41 | docx-out: docs/index.docx 42 | 43 | - name: Upload 44 | uses: actions/upload-artifact@v3 45 | with: 46 | name: ${{ github.event.repository.name }}-iso-draft 47 | path: docs/index.docx -------------------------------------------------------------------------------- /.github/workflows/set-gh-pages.yml: -------------------------------------------------------------------------------- 1 | name: Set GitHub Pages and Homepage 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | configure-pages-and-homepage: 8 | runs-on: ubuntu-latest 9 | permissions: 10 | contents: read # To check branches 11 | pages: write # To configure Pages settings 12 | steps: 13 | - name: Check if gh-pages branch exists 14 | id: check-branch 15 | run: | 16 | RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \ 17 | -H "Authorization: token ${{ secrets.MY_PAT }}" \ 18 | -H "Accept: application/vnd.github+json" \ 19 | https://api.github.com/repos/${{ github.repository }}/branches/gh-pages) 20 | if [ "$RESPONSE" -eq 200 ]; then 21 | echo "gh-pages branch exists" 22 | echo "BRANCH_EXISTS=true" >> $GITHUB_ENV 23 | elif [ "$RESPONSE" -eq 404 ]; then 24 | echo "Error: gh-pages branch does not exist in ${{ github.repository }}" 25 | exit 1 26 | else 27 | echo "Unexpected response code: $RESPONSE" 28 | exit 1 29 | fi 30 | 31 | - name: Set GitHub Pages to gh-pages 32 | if: env.BRANCH_EXISTS == 'true' 33 | env: 34 | PAT: ${{ secrets.MY_PAT }} 35 | run: | 36 | RESPONSE=$(curl -s -L \ 37 | -X POST \ 38 | -H "Authorization: token $PAT" \ 39 | -H "Accept: application/vnd.github+json" \ 40 | https://api.github.com/repos/${{ github.repository }}/pages \ 41 | -d '{"source":{"branch":"gh-pages","path":"/"}}' \ 42 | -w "%{http_code}" -o response.json) 43 | if [ "$RESPONSE" -eq 201 ] || [ "$RESPONSE" -eq 200 ]; then 44 | echo "GitHub Pages set to gh-pages branch for ${{ github.repository }}" 45 | else 46 | echo "Failed to set GitHub Pages: $RESPONSE" 47 | cat response.json 48 | exit 1 49 | fi 50 | 51 | - name: Set repository homepage to GitHub Pages URL 52 | if: env.BRANCH_EXISTS == 'true' 53 | env: 54 | PAT: ${{ secrets.MY_PAT }} 55 | run: | 56 | # Construct the expected GitHub Pages URL 57 | REPO_NAME=$(echo "${{ github.repository }}" | cut -d'/' -f2) 58 | OWNER=$(echo "${{ github.repository }}" | cut -d'/' -f1) 59 | PAGES_URL="https://${OWNER}.github.io/${REPO_NAME}" 60 | 61 | # Set the homepage via API 62 | RESPONSE=$(curl -s -L \ 63 | -X PATCH \ 64 | -H "Authorization: token $PAT" \ 65 | -H "Accept: application/vnd.github+json" \ 66 | https://api.github.com/repos/${{ github.repository }} \ 67 | -d "{\"homepage\":\"${PAGES_URL}\"}" \ 68 | -w "%{http_code}" -o response.json) 69 | 70 | if [ "$RESPONSE" -eq 200 ]; then 71 | echo "Repository homepage set to $PAGES_URL for ${{ github.repository }}" 72 | else 73 | echo "Failed to set homepage: $RESPONSE" 74 | cat response.json 75 | exit 1 76 | fi 77 | 78 | - name: Verify homepage matches GitHub Pages URL 79 | if: env.BRANCH_EXISTS == 'true' 80 | env: 81 | PAT: ${{ secrets.MY_PAT }} 82 | run: | 83 | # Construct the expected GitHub Pages URL 84 | REPO_NAME=$(echo "${{ github.repository }}" | cut -d'/' -f2) 85 | OWNER=$(echo "${{ github.repository }}" | cut -d'/' -f1) 86 | EXPECTED_URL="https://${OWNER}.github.io/${REPO_NAME}" 87 | 88 | # Fetch the current homepage from the repo 89 | CURRENT_HOMEPAGE=$(curl -s -L \ 90 | -H "Authorization: token $PAT" \ 91 | -H "Accept: application/vnd.github+json" \ 92 | https://api.github.com/repos/${{ github.repository }} | jq -r '.homepage') 93 | 94 | if [ "$CURRENT_HOMEPAGE" = "$EXPECTED_URL" ]; then 95 | echo "Verified: Homepage is set to GitHub Pages URL ($EXPECTED_URL)" 96 | else 97 | echo "Error: Homepage ($CURRENT_HOMEPAGE) does not match expected GitHub Pages URL ($EXPECTED_URL)" 98 | exit 1 99 | fi -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | /*-[0-9][0-9].xml 3 | archive.json 4 | draft-ssmith-keri.xml 5 | Gemfile.lock 6 | /.gems/ 7 | /lib 8 | /node_modules/ 9 | *.pdf 10 | *.redxml 11 | /.refcache 12 | report.xml 13 | *.swp 14 | .tags 15 | /.targets.mk 16 | *.txt 17 | *.upload 18 | /.venv/ 19 | /versioned/ 20 | /.vscode/ 21 | !requirements.txt 22 | .DS_Store 23 | .idea 24 | venv/ 25 | /.vs 26 | node_modules 27 | *.log 28 | dist 29 | *.bak 30 | *.tmp 31 | .env 32 | coverage 33 | build 34 | .history 35 | /.cache/ 36 | -------------------------------------------------------------------------------- /.gitignore-backup: -------------------------------------------------------------------------------- 1 | *~ 2 | /*-[0-9][0-9].xml 3 | archive.json 4 | draft-ssmith-keri.xml 5 | Gemfile.lock 6 | /.gems/ 7 | /lib 8 | /node_modules/ 9 | *.pdf 10 | *.redxml 11 | /.refcache 12 | report.xml 13 | *.swp 14 | .tags 15 | /.targets.mk 16 | *.txt 17 | *.upload 18 | /.venv/ 19 | /versioned/ 20 | /.vscode/ 21 | !requirements.txt 22 | .DS_Store 23 | .idea 24 | venv/ 25 | /.vs 26 | node_modules 27 | *.log 28 | dist 29 | *.bak 30 | *.tmp 31 | .env 32 | coverage 33 | build 34 | .history 35 | /.cache/ 36 | -------------------------------------------------------------------------------- /COPYRIGHT_POLICY.md: -------------------------------------------------------------------------------- 1 | OWF Contributor License Agreement 1.0 - Copyright 2 | Open Web Foundation 3 | 4 | Contributor License Agreement (CLA 1.0) 5 | (Copyright Only) 6 | 7 | 8 | 1. The Purpose of this Contributor License Agreement. This CLA sets forth the terms under which I will participate in and contribute to the development of the Specification. Capitalized terms are defined in the CLA’s last section. 9 | 10 | 2. Copyrights. 11 | 12 | 2.1. Copyright Grant. I grant to you a perpetual (for the duration of the applicable copyright), worldwide, non-exclusive, no-charge, royalty-free, copyright license, without any obligation for accounting to me, to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, distribute, and implement any Contribution to the full extent of my copyright interest in the Contribution. 13 | 14 | 2.2. Attribution. As a condition of the copyright grant, you must include an attribution to the Specification in any derivative work you make based on the Specification. That attribution must include, at minimum, the Specification name and version number. 15 | 16 | 3. No Other Rights. Except as specifically set forth in this CLA, no other express or implied patent, trademark, copyright, or other property rights are granted under this CLA, including by implication, waiver, or estoppel. 17 | 18 | 4. Open Web Foundation Agreement ("OWFa") version 1.0 Execution. I acknowledge that the goal of this CLA is to develop a specification that will be subject to the OWFa version 1.0. While I have no legal obligation to execute the OWFa version 1.0 for any version of the specification being developed under this CLA, I agree that the selection and terms of the OWFa version 1.0 will not be subject to negotiation. 19 | 20 | 5. Antitrust Compliance. I acknowledge that I may compete with other participants, that I am under no obligation to implement the Specification, that each participant is free to develop competing technologies and standards, and that each party is free to license its patent rights to third parties, including for the purpose of enabling competing technologies and standards. 21 | 22 | 6. Non-Circumvention. I agree that I will not intentionally take or willfully assist any third party to take any action for the purpose of circumventing my obligations under this CLA. 23 | 24 | 7. Representations, Warranties and Disclaimers. I represent and warrant that 1) I am legally entitled to grant the rights and promises set forth in this CLA and 2) I will not intentionally include any third party materials in any Contribution unless those materials are available under terms that do not conflict with this CLA. IN ALL OTHER RESPECTS MY CONTRIBUTIONS ARE PROVIDED "AS IS." The entire risk as to implementing or otherwise using the Contribution or the Specification is assumed by the implementer and user. Except as stated herein, I expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the Contribution or the Specification. IN NO EVENT WILL ANY PARTY BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS CLA, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Nothing in this CLA requires me to undertake a patent search. 25 | 26 | 8. Definitions. 27 | 28 | 8.1. Bound Entities. “Bound Entities” means the entity listed below and any entities that the Bound Entity Controls. 29 | 30 | 8.2. CLA. “CLA” means this document, which sets forth the rights, grants, promises, limitations, conditions, obligations, and disclaimers made available for my Contributions to the particular Specification. 31 | 32 | 8.3. Contribution. “Contribution” means any original work of authorship, including any modifications or additions to an existing work, that I intentionally submit for inclusion in the Specification, which is included in the Specification. For the purposes of this definition, “submit” means any form of electronic, oral, or written communication for the purpose of discussing and improving the Specification, but excluding communication that I conspicuously designate in writing as not a contribution. 33 | 34 | 8.4. Control. “Control” means direct or indirect control of more than 50% of the voting power to elect directors of that corporation, or for any other entity, the power to direct management of such entity. 35 | 36 | 8.5. I, Me, or My. “I,” “me,” or “my” refers to the signatory below and its Bound Entities, if applicable. 37 | 38 | 8.6. Specification. “Specification” means the Specification identified below as of the date of my last Contribution. 39 | 40 | 8.7. You or Your. “You,” “you,” or “your” means any person or entity who exercises copyright rights granted under this CLA, and any person or entity you Control. 41 | 42 | Identify the Specification here: 43 | 44 | Your specification (All Versions) -------------------------------------------------------------------------------- /Contributing.md: -------------------------------------------------------------------------------- 1 | OWF Contributor License Agreement 1.0 - Copyright and Patent 2 | Open Web Foundation 3 | 4 | Contributor License Agreement (CLA 1.0) 5 | (Patent and Copyright Grants) 6 | 7 | 8 | 1. The Purpose of this Contributor License Agreement. This CLA sets forth the terms under which I will participate in and contribute to the development of the Specification. Capitalized terms are defined in the CLA’s last section. 9 | 10 | 2. Copyrights. 11 | 12 | 2.1. Copyright Grant. I grant to you a perpetual (for the duration of the applicable copyright), worldwide, non-exclusive, no-charge, royalty-free, copyright license, without any obligation for accounting to me, to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, distribute, and implement any Contribution to the full extent of my copyright interest in the Contribution. 13 | 14 | 2.2. Attribution. As a condition of the copyright grant, you must include an attribution to the Specification in any derivative work you make based on the Specification. That attribution must include, at minimum, the Specification name and version number. 15 | 16 | 3. Patents. 17 | 18 | 3.1. Patent Non-Assert. 19 | 20 | 3.1.1. The Promise. I, on behalf of myself and my successors in interest and assigns, irrevocably promise not to assert my Granted Claims against you for your Permitted Uses, subject to the terms and conditions of Section 3.1. This is a personal promise directly from me to you, and you acknowledge as a condition of benefiting from it that no rights from me are received from suppliers, distributors, or otherwise in connection with this promise. This promise also applies to your Permitted Uses of any other specifications incorporating all required portions of the Specification. 21 | 22 | 3.1.2. Termination. 23 | 24 | 3.1.2.1. As a Result of Claims by You. All rights, grants, and promises made by me to you under this CLA are terminated if you file, maintain, or voluntarily participate in a lawsuit against me or any person or entity asserting that its Permitted Uses infringe any Granted Claims you would have had the right to enforce had you signed this CLA, unless that suit was in response to a corresponding suit first brought against you. 25 | 26 | 3.1.2.2. As a Result of Claims by a Related Entity of Mine. If a Related Entity of mine files, maintains, or voluntarily participates in a lawsuit asserting that a Permitted Use infringes any Granted Claims it would have had the right to enforce had it signed this CLA, then I relinquish any rights, grants, and promises I have received for the Specification from other signatories of this CLA, unless a) my promise to you was terminated pursuant to section 3.1.2.1, or b) that suit was in response to a corresponding suit first brought by you against the Related Entity. 27 | 28 | 3.1.3. Additional Conditions. This promise is not an assurance (i) that any of my copyrights or issued patent claims cover an implementation of the Specification or are enforceable or (ii) that an implementation of the Specification would not infringe intellectual property rights of any third party. Notwithstanding the personal nature of my promise, this promise is intended to be binding on any future owner, assignee or exclusive licensee who has been given the right to enforce any Granted Claims against third parties. 29 | 30 | 3.1.4. Bankruptcy. Solely for purposes of Section 365(n) of Title 11, United States Bankruptcy Code and any equivalent law in any foreign jurisdiction, this promise will be treated as if it were a license and you may elect to retain your rights under this promise if I (or any owner of any patents or patent applications referenced herein), as a debtor in possession, or a bankruptcy trustee, reject this non-assert. 31 | 32 | 3.2. Patent License Commitment. In addition to rights granted in 3.1, on behalf of me and my successors in interest and assigns, I agree to grant to you a no charge, royalty free license to my Granted Claims on reasonable and non-discriminatory terms, where such license applies only to those Granted Claims infringed by the implementation of my Contribution(s) alone or by combination of my Contribution(s) with the Specification, solely for your Permitted Uses. 33 | 34 | 4. No Other Rights. Except as specifically set forth in this CLA, no other express or implied patent, trademark, copyright, or other property rights are granted under this CLA, including by implication, waiver, or estoppel. 35 | 36 | 5. Limited Opt-Out. I may withdraw my Contribution by providing written notice of that withdrawal within 45 days of submitting that Contribution. Notice of a Contribution withdrawal must be made, at minimum, in writing using the same communication mechanisms that were used to submit the corresponding Contribution and must include the exact material being withdrawn. Upon providing such valid notice, any obligations I incurred under this CLA for that particular identified Contribution will be null and void. 37 | 38 | 6. Open Web Foundation Agreement ("OWFa") version 1.0 Execution. I acknowledge that the goal of this CLA is to develop a specification that will be subject to the OWFa version 1.0. While I have no legal obligation to execute the OWFa version 1.0 for any version of the specification being developed under this CLA, I agree that the selection and terms of the OWFa version 1.0 will not be subject to negotiation. 39 | 40 | 7. Antitrust Compliance. I acknowledge that I may compete with other participants, that I am under no obligation to implement the Specification, that each participant is free to develop competing technologies and standards, and that each party is free to license its patent rights to third parties, including for the purpose of enabling competing technologies and standards. 41 | 42 | 8. Non-Circumvention. I agree that I will not intentionally take or willfully assist any third party to take any action for the purpose of circumventing my obligations under this CLA. 43 | 44 | 9. Representations, Warranties and Disclaimers. I represent and warrant that 1) I am legally entitled to grant the rights and promises set forth in this CLA and 2) I will not intentionally include any third party materials in any Contribution unless those materials are available under terms that do not conflict with this CLA. IN ALL OTHER RESPECTS MY CONTRIBUTIONS ARE PROVIDED "AS IS." The entire risk as to implementing or otherwise using the Contribution or the Specification is assumed by the implementer and user. Except as stated herein, I expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the Contribution or the Specification. IN NO EVENT WILL ANY PARTY BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS CLA, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. All of my obligations under Section 3 regarding the transfer, successors in interest, or assignment of Granted Claims will be satisfied if I notify the transferee or assignee of any patent that I know contains Granted Claims of the obligations under Section 3. Nothing in this CLA requires me to undertake a patent search. 45 | 46 | 10. Definitions. 47 | 48 | 10.1. Bound Entities. “Bound Entities” means the entity listed below and any entities that the Bound Entity Controls. 49 | 50 | 10.2. CLA. “CLA” means this document, which sets forth the rights, grants, promises, limitations, conditions, obligations, and disclaimers made available for my Contributions to the particular Specification. 51 | 52 | 10.3. Contribution. “Contribution” means any original work of authorship, including any modifications or additions to an existing work, that I intentionally submit for inclusion in the Specification, which is included in the Specification. For the purposes of this definition, “submit” means any form of electronic, oral, or written communication for the purpose of discussing and improving the Specification, but excluding communication that I conspicuously designate in writing as not a contribution. 53 | 54 | 10.4. Control. “Control” means direct or indirect control of more than 50% of the voting power to elect directors of that corporation, or for any other entity, the power to direct management of such entity. 55 | 56 | 10.5. Granted Claims. "Granted Claims" are those patent claims that I own or control, including those patent claims I acquire or control after the Date below, that are infringed by Permitted Uses. Granted Claims include only those patent claims that are infringed by the implementation of any portions of the Specification where the Specification describes the functionality causing the infringement in detail and does not merely reference the functionality causing the infringement. Granted Claims under this CLA exclude those patent claims that would be infringed by an implementation of the Specification if my Contribution to that Specification were removed. 57 | 58 | 10.6. I, Me, or My. “I,” “me,” or “my” refers to the signatory below and its Bound Entities, if applicable. 59 | 60 | 10.7. Permitted Uses. “Permitted Uses” means making, using, selling, offering for sale, importing or distributing any implementation of the Specification 1) only to the extent it implements the Specification and 2) so long as all required portions of the Specification are implemented. Permitted Uses do not extend to any portion of an implementation that is not included in the Specification. 61 | 62 | 10.8. Related Entities. “Related Entities” means 1) any entity that Controls the Bound Entity (“Upstream Entity”), and 2) any other entity that is Controlled by an Upstream Entity that is not itself a Bound Entity. 63 | 64 | 10.9. Specification. “Specification” means the Specification identified below as of the date of my last Contribution. 65 | 66 | 10.10. You or Your. “You,” “you,” or “your” means any person or entity who exercises copyright or patent rights granted under this CLA, and any person or entity you Control. -------------------------------------------------------------------------------- /EditingTheSpec.md: -------------------------------------------------------------------------------- 1 | # Editing the Specification 2 | 3 | To contribute changes to the specification, please 4 | 5 | - Review the [Contributions policy](CONTRIBUTING.md) for this specification and ensure that you and your organization are willing to abide by the policy. 6 | - **Pull requests submitted to this repository imply acceptance of the [Contributions policy](CONTRIBUTING.md).** 7 | 8 | - Submit a pull request by: 9 | - forking this repo 10 | - editing the appropriate markdown files in the [`/spec`](/spec) folder 11 | 12 | The specification source consists of the markdown files listed in 13 | [specs.json](/specs.json) and found in the [`/spec`](/spec) folder and the [`/spec/terms-definitions`](/spec/terms-definitions) subfolder. The 14 | specification is automatically rendered (using 15 | [Spec-Up-T](https://github.com/trustoverip/spec-up-t)) to the `/docs` 16 | folder of the current branch of your choice of this repository. 17 | 18 | Currently the locally generated `index.html` has to be push to a branch and GitHub user account of your choice to then offer a PR to the `main` branch. The spec is published (using GitHub Pages) on the basis of `main` branch and the `index.html` in the `/docs` folder of this repository. 19 | 20 | ## Testing your Edits Locally 21 | 22 | Full guidance for using Spec-Up is in its 23 | [repository](https://github.com/trustoverip/spec-up-t)and in its [User Guide](https://trustoverip.github.io/spec-up-t-website/docs/getting-started/intro). 24 | 25 | The short version of the instructions to render this specification locally while you are 26 | editing is: 27 | 28 | - Install the prerequisites: `node` and `npm` 29 | - Run `npm install` from the root of the repository 30 | - Run `npm install spec-up-t` from the root of the repository 31 | 32 | - Run `npm run menu` from the root of the repository to perform various actions on the document with live updates to the `docs/index.html` as you edit the source files. 33 | 34 | - Open the rendered file in a browser and refresh to see your updates as you work. 35 | - When you are done, hit `Ctrl-c` to exit the live rendering. 36 | 37 | Please check your edits locally before you submit a pull request! The `docs/index.html` will be included in your pull request (currently NOT .gitignore'd). 38 | 39 | ### Beware: 40 | 41 | The user guide of Spec-Up-T is leading: [Local installation](https://trustoverip.github.io/spec-up-t-website/docs/getting-started/local-installation/installation) 42 | 43 | ### Soon to be implemented: 44 | 45 | On each pull request merge (using a GitHub Action), and then published (using GitHub Pages) in the `gh-pages` branch of this repository. 46 | 47 | #### Handling the Rendered Specification File 48 | 49 | Future working: When you create a pull request to update the specification, the `docs/index.html` will be 50 | .gitignore'd and **not** included in your pull request. A GitHub Action triggered on merging pull requests automagically renders the full 51 | specification (`docs/index.html`) to the `gh-pages` branch in the repository and the 52 | specification is published (via GitHub Pages) from there. 53 | 54 | ## Adding a New Source Markdown File 55 | 56 | If you add a source markdown file to the specification, you must also add a reference 57 | to it in the [specs.json](/specs.json) in the root of the repository. 58 | 59 | If you add a source markdown file to the `terms-definitions` folder, at generation time a the markdown file will be automatically included in the "Terms definitions" section of the specification. Use at least one of the dedicated tags `[[DEF]]` or `[[TREF]]` in each atomic Markdown file; i.e. one file per term definition. 60 | 61 | You must specify the configuration details in the [specs.json](/specs.json) in the root of the repository. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Open Web Foundation 2 | 3 | Final Specification Agreement (OWFa 1.0) 4 | 5 | (Patent and Copyright Grants) 6 | 7 | 1. The Purpose of this Agreement. This Agreement sets forth the terms under which I make certain copyright and patent rights available to you for your Permitted Uses of the Specification. Capitalized terms are defined in the Agreement’s last section. 8 | 9 | 2. Copyrights. 10 | 11 | 2.1. Copyright Grant. I grant to you a perpetual (for the duration of the applicable copyright), worldwide, non-exclusive, no-charge, royalty-free, copyright license, without any obligation for accounting to me, to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, distribute, and implement the Specification to the full extent of my copyright interest in the Specification. 12 | 13 | 2.2. Attribution. As a condition of the copyright grant, you must include an attribution to the Specification in any derivative work you make based on the Specification. That attribution must include, at minimum, the Specification name and version number. 14 | 15 | 3. Patents. 16 | 17 | 3.1. Patent Non-Assert. 18 | 19 | 3.1.1. The Promise. I, on behalf of myself and my successors in interest and assigns, irrevocably promise not to assert my Granted Claims against you for your Permitted Uses, subject to the terms and conditions of Section 3.1. This is a personal promise directly from me to you, and you acknowledge as a condition of benefiting from it that no rights from me are received from suppliers, distributors, or otherwise in connection with this promise. This promise also applies to your Permitted Uses of any other specifications incorporating all required portions of the Specification. 20 | 21 | 3.1.2. Termination. 22 | 23 | 3.1.2.1. As a Result of Claims by You. All rights, grants, and promises made by me to you under this Agreement are terminated if you file, maintain, or voluntarily participate in a lawsuit against me or any person or entity asserting that its Permitted Uses infringe any Granted Claims you would have had the right to enforce had you signed this Agreement, unless that suit was in response to a corresponding suit first brought against you. 24 | 25 | 3.1.2.2. As a Result of Claims by a Related Entity of Mine. If a Related Entity of mine files, maintains, or voluntarily participates in a lawsuit asserting that a Permitted Use infringes any Granted Claims it would have had the right to enforce had it signed this Agreement, then I relinquish any rights, grants, and promises I have received for the Specification from other signatories of this Agreement, unless a) my promise to you was terminated pursuant to section 3.1.2.1, or b) that suit was in response to a corresponding suit first brought by you against the Related Entity. 26 | 27 | 3.1.3. Additional Conditions. This promise is not an assurance (i) that any of my copyrights or issued patent claims cover an implementation of the Specification or are enforceable or (ii) that an implementation of the Specification would not infringe intellectual property rights of any third party. Notwithstanding the personal nature of my promise, this promise is intended to be binding on any future owner, assignee or exclusive licensee to whom has been given the right to enforce any Granted Claims against third parties. 28 | 29 | 3.1.4. Bankruptcy. Solely for purposes of Section 365(n) of Title 11, United States Bankruptcy Code and any equivalent law in any foreign jurisdiction, this promise will be treated as if it were a license and you may elect to retain your rights under this promise if I (or any owner of any patents or patent applications referenced herein), as a debtor in possession, or a bankruptcy trustee, reject this non-assert. 30 | 31 | 3.2. Patent License Commitment. In addition to rights granted in 3.1, on behalf of me and my successors in interest and assigns, I agree to grant to you a no charge, royalty free license to my Granted Claims on reasonable and non-discriminatory terms, where such license applies only to those Granted Claims infringed by the implementation of the Specification, solely for your Permitted Uses. 32 | 33 | 4. No Other Rights. Except as specifically set forth in this Agreement, no other express or implied patent, trademark, copyright, or other property rights are granted under this Agreement, including by implication, waiver, or estoppel. 34 | 35 | 5. Antitrust Compliance. I acknowledge that I may compete with other participants, that I am under no obligation to implement the Specification, that each participant is free to develop competing technologies and standards, and that each party is free to license its patent rights to third parties, including for the purpose of enabling competing technologies and standards. 36 | 37 | 6. Non-Circumvention. I agree that I will not intentionally take or willfully assist any third party to take any action for the purpose of circumventing my obligations under this Agreement. 38 | 39 | 7. Representations, Warranties and Disclaimers. I represent and warrant that I am legally entitled to grant the rights and promises set forth in this Agreement. IN ALL OTHER RESPECTS THE SPECIFICATION IS PROVIDED "AS IS." The entire risk as to implementing or otherwise using the Specification is assumed by the implementer and user. Except as stated herein, I expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the Specification. IN NO EVENT WILL ANY PARTY BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. All of my obligations under Section 3 regarding the transfer, successors in interest, or assignment of Granted Claims will be satisfied if I notify the transferee or assignee of any patent that I know contains Granted Claims of the obligations under Section 3. Nothing in this Agreement requires me to undertake a patent search. 40 | 41 | 8. Definitions. 42 | 43 | 8.1. Agreement. “Agreement” means this OWFa document, which sets forth the rights, grants, promises, limitations, conditions, obligations, and disclaimers made available for the particular Specification. 44 | 45 | 8.2. Bound Entities. “Bound Entities” means the entity listed below and any entities that the Bound Entity Controls. 46 | 47 | 8.3. Control. “Control” means direct or indirect control of more than 50% of the voting power to elect directors of that corporation, or for any other entity, the power to direct management of such entity. 48 | 49 | 8.4. Granted Claims. "Granted Claims" are those patent claims that I own or control, including those patent claims I acquire or control after the Date below, that are infringed by Permitted Uses. Granted Claims include only those patent claims that are infringed by the implementation of any portions of the Specification where the Specification describes the functionality causing the infringement in detail and does not merely reference the functionality causing the infringement. 50 | 51 | 8.5. I, Me, or My. “I,” “me,” or “my” refers to the signatory below and its Bound Entities, if applicable. 52 | 53 | 8.6. Permitted Uses. “Permitted Uses” means making, using, selling, offering for sale, importing or distributing any implementation of the Specification 1) only to the extent it implements the Specification and 2) so long as all required portions of the Specification are implemented. Permitted Uses do not extend to any portion of an implementation that is not included in the Specification. 54 | 55 | 8.7. Related Entities. “Related Entities” means 1) any entity that Controls the Bound Entity (“Upstream Entity”), and 2) any other entity that is Controlled by an Upstream Entity that is not itself a Bound Entity. 56 | 57 | 8.8. Specification. “Specification” means the Specification identified below 58 | 59 | 8.9. You or Your. “You,” “you,” or “your” means any person or entity who exercises copyright or patent rights granted under this Agreement, and any person or entity you Control. 60 | 61 | Identify the Specification and version number here: 62 | 63 | Key Event Receipt Infrastructure (KERI). All Versions. -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | # Licensing 2 | 3 | All software and documentation in this repository are *Copyright 2023 KERI Contributors* and 4 | all contributions to this repository are *Licensed under the OWFa 1.0 (the "License")* [here](https://github.com/trustoverip/tswg-keri-specification/blob/main/LICENSE). 5 | 6 | As as defined in the License, contributions include but are not limited to patents, source code, specification text, 7 | documentation, comments and issues. You may not use the software or documentation in this repository except in compliance with the License. 8 | Unless required by applicable law or agreed to in writing, software distributed 9 | under the License is distributed on an "AS IS" BASIS. 10 | You may obtain a copy of the License at [OWFa 1.0](https://www.openwebfoundation.org/the-agreements/the-owf-1-0-agreements-granted-claims/owfa-1-0). 11 | 12 | To remove any doubt as the origin on any contributions, all contributers are also bound by the 13 | Developer Ceritificate of Origin v1.1 (DCO 1.1) which may be found [here](https://developercertificate.org) 14 | 15 | As a GitHub repository, all contributions to this repository are also bound by 16 | the GitHub *inbound=outbound* policy. This may be found under Section D.6 17 | [here](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license) to the extent not superceeded by the ToIP CLA [link]. 18 | 19 | The legal structure of this repository with respect to the licensing of its 20 | associated contributions also follows GitHub's Open Source Guide reccomendations for 21 | open source standards and code. These may be found [here](https://opensource.guide/legal/) 22 | 23 | In addition to the copyright and licensing restrictions described above, all contributions to this repository may be contributions to a terminal standards body such as [IETF](https://www.ietf.org), [ISO](https://www.iso.org/home.html) or equivelant. 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Key Event Receipt Infrastructure (KERI) 2 | 3 | This is the working area for the individual Internet-Draft, "Key Event Receipt Infrastructure (KERI)". 4 | 5 | * [Editor's Copy](https://trustoverip.github.io/kswg-keri-specification/) 6 | 7 | #### Contributing 8 | 9 | All Trust Over IP Foundation Technical Stack Working Group contributions are done so under the following rules: 10 | 11 | * [Contributing](Contributing.md) 12 | 13 | #### Licensing 14 | 15 | All Trust Over IP Foundation Technical Stack Working Group deliverables are published under the following licenses: 16 | 17 | * [Patent and Copyright Grants](LICENSE.md) 18 | * [Source Code](SOURCE_CODE.md) 19 | 20 | #### Getting involved 21 | 22 | Join a community of individuals and organizations solving the toughest technical and human-centric problems in digital trust. https://trustoverip.org/get-involved/membership/ 23 | 24 | #### Note 25 | 26 | This work was migrated from https://github.com/WebOfTrust/ietf-keri. 27 | 28 | ## Command Line Usage 29 | 30 | Markdown text and HTML versions of the draft can be built using `Spec-Up-T`. 31 | 32 | Command line usage requires that you have the necessary software installed. See the instructions in the Spec-Up-T [User Guide](https://trustoverip.github.io/spec-up-t-website/docs/getting-started/intro). 33 | 34 | More info in [Editting the Spec](EditingTheSpec.md). -------------------------------------------------------------------------------- /SOURCE_CODE.md: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. -------------------------------------------------------------------------------- /assets-backup/test.json: -------------------------------------------------------------------------------- 1 | { 2 | "test": "This is a test JSON file for content insertion" 3 | } -------------------------------------------------------------------------------- /assets-backup/test.text: -------------------------------------------------------------------------------- 1 | This is a test text file for content insertion examples. -------------------------------------------------------------------------------- /assets/test.json: -------------------------------------------------------------------------------- 1 | { 2 | "test": "This is a test JSON file for content insertion" 3 | } -------------------------------------------------------------------------------- /assets/test.text: -------------------------------------------------------------------------------- 1 | This is a test text file for content insertion examples. -------------------------------------------------------------------------------- /docs/versions/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Spec-Up-T Snapshot Index 8 | 9 | 10 | 17 | 18 | 19 |

Spec-Up-T Snapshot Index

20 |

This page lists all available snapshots of this Spec-Up-T specification.

21 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /images/AuthenticatableMessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/AuthenticatableMessage.png -------------------------------------------------------------------------------- /images/AutonomicIdentifierBindingTetrad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/AutonomicIdentifierBindingTetrad.png -------------------------------------------------------------------------------- /images/AutonomicIssuanceTetrad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/AutonomicIssuanceTetrad.png -------------------------------------------------------------------------------- /images/ControllerAppAgentDirectExchange.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/ControllerAppAgentDirectExchange.png -------------------------------------------------------------------------------- /images/ControllerAppAgentSplitFunctions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/ControllerAppAgentSplitFunctions.png -------------------------------------------------------------------------------- /images/ControllerAppAgentWitnessWatcherIndirectExchange.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/ControllerAppAgentWitnessWatcherIndirectExchange.png -------------------------------------------------------------------------------- /images/ControllerApplicationFunctions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/ControllerApplicationFunctions.png -------------------------------------------------------------------------------- /images/Ecosystem.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/Ecosystem.png -------------------------------------------------------------------------------- /images/End2EndNetwork.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/End2EndNetwork.png -------------------------------------------------------------------------------- /images/ExploitDead.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/ExploitDead.png -------------------------------------------------------------------------------- /images/ExploitLive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/ExploitLive.png -------------------------------------------------------------------------------- /images/PrefixAddressMultisigDerivation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/PrefixAddressMultisigDerivation.png -------------------------------------------------------------------------------- /images/SelfCertIssuanceTriad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/SelfCertIssuanceTriad.png -------------------------------------------------------------------------------- /images/SelfCertifyingIdentifierBindingTriad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/images/SelfCertifyingIdentifierBindingTriad.png -------------------------------------------------------------------------------- /package-backup.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "spec-up", 3 | "version": "-.-.-", 4 | "license": "Apache 2.0", 5 | "description": "Technical specification drafting tool that generates rich specification documents from markdown.", 6 | "dependencies": { 7 | "dotenv": "^16.4.7", 8 | "spec-up-t": "file:spec-up-t-1.3.2-beta.tgz" 9 | }, 10 | "author": "Daniel Buchner", 11 | "repository": { 12 | "type": "git", 13 | "url": "git+https://github.com/decentralized-identity/spec-up.git" 14 | }, 15 | "keywords": [ 16 | "spec", 17 | "specs", 18 | "markdown", 19 | "editor", 20 | "standards" 21 | ], 22 | "homepage": "https://github.com/decentralized-identity/spec-up#readme", 23 | "bugs": { 24 | "url": "https://github.com/decentralized-identity/spec-up/issues" 25 | }, 26 | "scripts": { 27 | "edit": "node -e \"require('spec-up-t')()\"", 28 | "render": "node --no-warnings -e \"require('spec-up-t/index.js')({ nowatch: true })\"", 29 | "dev": "node -e \"require('spec-up-t')({ dev: true })\"", 30 | "collectExternalReferences": "node --no-warnings -e \"require('spec-up-t/src/collect-external-references.js').collectExternalReferences()\"", 31 | "topdf": "node -e \"require('spec-up-t/src/create-pdf.js')\"", 32 | "todocx": "node -e \"require('spec-up-t/src/create-docx.js')\"", 33 | "freeze": "node -e \"require('spec-up-t/src/freeze.js')\"", 34 | "references": "node -e \"require('spec-up-t/src/references.js')\"", 35 | "help": "cat ./node_modules/spec-up-t/src/install-from-boilerplate/help.txt", 36 | "menu": "bash ./node_modules/spec-up-t/src/install-from-boilerplate/menu.sh", 37 | "addremovexrefsource": "node --no-warnings -e \"require('spec-up-t/src/add-remove-xref-source.js')\"", 38 | "configure": "node --no-warnings -e \"require('spec-up-t/src/configure.js')\"", 39 | "healthCheck": "node --no-warnings -e \"require('spec-up-t/src/health-check.js')\"", 40 | "custom-update": "npm update && node -e \"require('spec-up-t/src/install-from-boilerplate/custom-update.js')\"" 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "spec-up", 3 | "version": "-.-.-", 4 | "license": "Apache 2.0", 5 | "description": "Technical specification drafting tool that generates rich specification documents from markdown.", 6 | "dependencies": { 7 | "dotenv": "^16.4.7", 8 | "spec-up-t": "^1.4.1-beta.3" 9 | }, 10 | "author": "Daniel Buchner", 11 | "repository": { 12 | "type": "git", 13 | "url": "git+https://github.com/decentralized-identity/spec-up.git" 14 | }, 15 | "keywords": [ 16 | "spec", 17 | "specs", 18 | "markdown", 19 | "editor", 20 | "standards" 21 | ], 22 | "homepage": "https://github.com/decentralized-identity/spec-up#readme", 23 | "bugs": { 24 | "url": "https://github.com/decentralized-identity/spec-up/issues" 25 | }, 26 | "scripts": { 27 | "edit": "node -e \"require('spec-up-t')()\"", 28 | "render": "node --no-warnings -e \"require('spec-up-t/index.js')({ nowatch: true })\"", 29 | "dev": "node -e \"require('spec-up-t')({ dev: true })\"", 30 | "collectExternalReferences": "node --no-warnings -e \"require('spec-up-t/src/collect-external-references.js').collectExternalReferences()\"", 31 | "topdf": "node -e \"require('spec-up-t/src/create-pdf.js')\"", 32 | "todocx": "node -e \"require('spec-up-t/src/create-docx.js')\"", 33 | "freeze": "node -e \"require('spec-up-t/src/freeze.js')\"", 34 | "references": "node -e \"require('spec-up-t/src/references.js')\"", 35 | "help": "cat ./node_modules/spec-up-t/src/install-from-boilerplate/help.txt", 36 | "menu": "bash ./node_modules/spec-up-t/src/install-from-boilerplate/menu.sh", 37 | "addremovexrefsource": "node --no-warnings -e \"require('spec-up-t/src/add-remove-xref-source.js')\"", 38 | "configure": "node --no-warnings -e \"require('spec-up-t/src/configure.js')\"", 39 | "healthCheck": "node --no-warnings -e \"require('spec-up-t/src/health-check.js')\"", 40 | "custom-update": "npm update && node -e \"require('spec-up-t/src/install-from-boilerplate/custom-update.js')\"" 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /spec/.!33004!.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/spec/.!33004!.DS_Store -------------------------------------------------------------------------------- /spec/assets/AuthenticatableMessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/spec/assets/AuthenticatableMessage.png -------------------------------------------------------------------------------- /spec/assets/ExploitDead.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/spec/assets/ExploitDead.png -------------------------------------------------------------------------------- /spec/assets/ExploitLive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustoverip/kswg-keri-specification/795d5b66985c83218345f56d88ee94be008c56c4/spec/assets/ExploitLive.png -------------------------------------------------------------------------------- /spec/spec-head.md: -------------------------------------------------------------------------------- 1 | Key Event Receipt Infrastructure (KERI) 2 | ================== 3 | 4 | **Specification Status**: v0.9 Draft 5 | 6 | **Latest Draft:** 7 | 8 | [https://github.com/trustoverip/tswg-keri-specification](https://github.com/trustoverip/tswg-keri-specification) 9 | 10 | **Author:** 11 | 12 | - [Samuel Smith](https://github.com/SmithSamuelM), [Prosapien](https://prosapien.com/) 13 | 14 | **Editors:** 15 | 16 | - [Kevin Griffin](https://github.com/m00sey), [GLEIF](https://gleif.org/) 17 | 18 | **Contributors:** 19 | 20 | - [Henk van Cann](https://github.com/henkvancann), [Blockchainbird](https://blockchainbird.org/) 21 | - [Kor Dwarshuis](https://github.com/kordwarshuis), [Blockchainbird](https://blockchainbird.org/) 22 | 23 | **Participate:** 24 | 25 | ~ [GitHub repo](https://github.com/trustoverip/tswg-keri-specification) 26 | ~ [Commit history](https://github.com/trustoverip/tswg-keri-specification/commits/main) 27 | 28 | ## Introduction 29 | 30 | The original design of the Internet Protocol (IP) has no security layer(s) [[RFC0791](#RFC0791)], providing no built-in mechanism for secure attribution to the source of an IP packet. Anyone can forge an IP packet, and a recipient may not be able to ascertain when or if the packet was sent by an imposter. This means that secure attribution mechanisms for the Internet must be overlaid. This documents presents an identifier system security overlay, called the Key Event Receipt Infrastructure ([[ref: KERI]]) protocol, that serves as a trust spanning layer for the Internet. This overlay includes a primary root-of-trust in a Self-certifying identifier ([[ref: SCID]]) that provides a formalism for Autonomic identifiers ([[ref: AID]]s), Autonomic namespaces ([[ref: AN]]s), and the basis for a universal Autonomic identity system ([[ref: AIS]]). 31 | 32 | The KERI protocol provides verifiable authorship (authenticity) of any message or data item via secure cryptographically verifiable attribution to a SCID as a primary root-of-trust [[4](#KERI-WP)] [[16](#SCPK)] [[18](#SCFS)] [[19](#EscEvils)] [[17](#SFS-HTTP)] [[15](#PKCrypt)]. This root-of-trust is cryptographic, not administrative, because it does not rely on any trusted third-party administrative process but may be established with cryptographically verifiable data structures. This cryptographic root-of-trust enables end verifiability where every data item may be cryptographically attributable to its source by any recipient verifier, without reliance on any infrastructure not under the verifier's ultimate control. Therefore, KERI has no security dependency on any other infrastructure and does not rely on security guarantees that may or may not be provided by the traditional internet infrastructure. This makes intervening operational infrastructure replaceable, enabling ambient verifiability (verification by anyone, anywhere, at any time). 33 | 34 | A SCID is strongly bound at inception to a cryptographic keypair that is self-contained unless control over the SCID needs to be transferred to a new keypair. The KERI protocol provides end-verifiable control provenance over a variant of SCID, called an Autonomic identifier (AID), via signed transfer statements in an append-only chained Key event log (KEL). The key management operation for tansferring control over an AID is implemented via a novel key [pre-rotation](#pre-rotation) scheme [[6](#DAD)]. With pre-rotation, control over an AID can be re-established by rotating to a one-time use set of unexposed but pre-committed rotation keypairs. This approach fixes the foundational flaw in traditional Public key infrastructure (PKI), which is insecure key rotation. KERI enables decentralized public key infrastructure ([[xref: toip1, public-key-infrastructure, DPKI]]) that is more secure and portable. KERI may be viewed as a viable reboot of the Web-of-Trust concept for DPKI because KERI fixes the hard problem of DPKI, which is key rotation. 35 | 36 | Two primary trust modalities motivated the design of the KERI protocol, namely a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, two entities establish trust over AIDs via a direct exchange of their counterparts' verified signatures. In the indirect mode, trust over AIDs depends on witnessed Key event receipt logs ([[ref: KERL]]s) as a secondary root-of-trust for validating key events. The security and accountability guarantees of indirect mode are provided by KERI’s Algorithm for Witness Agreement ([[ref: KAWA]]) among a set of key event Witnesses. The KAWA approach may be much more performant and scalable than more complex approaches that depend on a total ordering distributed consensus ledger. Nevertheless, KERI may employ a distributed consensus ledger when other considerations make it the best choice. 37 | 38 | The KERI approach to Decentralized key management infrastructure ([[ref: DKMI]]) allows for more granular composition. Moreover, because KERI is event streamed, it enables DKMI to operate in-stride with data events streaming applications such as web 3.0, IoT, and others where performance and scalability are more important. The core KERI engine is independent of identifier namespace. This makes KERI a candidate for a universal portable DKMI. This system uses the design principle of minimally sufficient means for appropriate levels of security, performance, and adoptability to be a viable candidate as the DKMI that underpins a trust-spanning layer for the Internet. 39 | 40 | ## Scope 41 | 42 | Implementation design of a protocol-based decentralized key management infrastructure that enables secure attribution of data to a cryptographically derived identifier with strong (cryptographically verifiable) bindings between each of the identifier, a set of asymmetric signing key pairs that are the key state, a controlling entity that holds the private keys, and a cryptographically verifiable data structure that enables changes to that key state. Thus, security over secure attribution is reduced to key management. This key management includes, for the first time, a practical solution to the hard problem of public key rotation. There is no reliance on trusted third parties. The resulting secure attribution is fully end-to-end verifiable. 43 | 44 | Because of the reliance on asymmetric (public, private) digital signing key pairs, this may be viewed as a type of decentralized public key infrastructure (DPKI). The protocol supports cryptographic agility for both pre- and post-quantum attack resistance. The application scope includes any electronically transmitted information. The implementation dependency scope assumes no more than cryptographic libraries that provide cryptographic strength pseudo-random number generators, cryptographic strength digest algorithms, and cryptographic strength digital [[ref: Signature]] algorithms. 45 | 46 | ## Normative references 47 | 48 | The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. 49 | 50 | * ISO/IEC 7498-1:1994 Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model. June 1999. Introduction. Retrieved 26 August 2022. 51 | 52 | [a]. IETF RFC-2119 Key words for use in RFCs to Indicate Requirement Levels 53 | [a]: https://www.rfc-editor.org/rfc/rfc2119.txt 54 | 55 | [b]. IETF RFC-4648 Base64 56 | [b]: https://www.rfc-editor.org/rfc/rfc4648.txt 57 | 58 | [c]. IETF RFC-3339 DateTime 59 | [c]: https://www.rfc-editor.org/rfc/rfc3339.txt 60 | -------------------------------------------------------------------------------- /spec/termdefs-new.md: -------------------------------------------------------------------------------- 1 | [[tref: kmg-1, authentic-chained-data-container]] 2 | 3 | [[tref: kmg-1, autonomic-identifier]] 4 | 5 | [[tref: kmg-1, autonomic-identity-system]] 6 | 7 | [[tref: kmg-1, Autonomic namespace]] 8 | 9 | [[tref: kmg-1, backer]] 10 | 11 | [[tref: kmg-1, concise-binary-object-representation]] 12 | 13 | [[tref: kmg-1, configuration-traits, Modes]] 14 | 15 | [[tref: kmg-1, controller]] 16 | 17 | [[tref: kmg-1, cryptographic-primitive]] 18 | 19 | [[tref: kmg-1, cryptonym]] 20 | 21 | [[tref: kmg-1, current-threshold]] 22 | 23 | [[tref: kmg-1, dead-attack]] 24 | 25 | [[tref: kmg-1, decentralized-key-management-infrastructure]] 26 | 27 | [[tref: kmg-1, duplicity]] 28 | 29 | [[tref: kmg-1, end-verifiability]] 30 | 31 | [[tref: kmg-1, establishment-event]] 32 | 33 | [[tref: kmg-1, first-Seen]] 34 | 35 | [[tref: kmg-1, inception]] 36 | 37 | [[tref: kmg-1, inception event]] 38 | 39 | [[tref: kmg-1, interaction event]] 40 | 41 | [[tref: kmg-1, KERI’s-algorithm-for-witness-agreement, KAWA]] 42 | 43 | [[tref: kmg-1, key-event]] 44 | 45 | [[tref: kmg-1, key-event-log, KEL]] 46 | 47 | [[tref: kmg-1, key-event-message]] 48 | 49 | [[tref: kmg-1, key-event-receipt]] 50 | 51 | [[tref: kmg-1, key-event-receipt log, KERL]] 52 | 53 | [[tref: kmg-1, key-state]] 54 | 55 | [[tref: kmg-1, live-Attack]] 56 | 57 | [[tref: kmg-1, message]] 58 | 59 | [[tref: kmg-1, next-threshold]] 60 | 61 | [[tref: kmg-1, non-establishment-event]] 62 | 63 | [[tref: kmg-1, primitive]] 64 | 65 | [[tref: kmg-1, rotation]] 66 | 67 | [[tref: kmg-1, rotation-event]] 68 | 69 | [[tref: kmg-1, salt]] 70 | 71 | [[tref: kmg-1, seal]] 72 | 73 | [[tref: kmg-1, self-addressed-data, SAD]] 74 | 75 | [[tref: kmg-1, self-addressing-identifiers, SAID]] 76 | 77 | [[tref: kmg-1, self-certifying-identifier, SCID]] 78 | 79 | [[tref: kmg-1, validator]] 80 | 81 | [[tref: kmg-1, verifiable]] 82 | 83 | [[tref: kmg-1, verifier]] 84 | 85 | [[tref: kmg-1, version]] 86 | 87 | [[tref: kmg-1, watcher]] 88 | 89 | [[tref: kmg-1, witness]] -------------------------------------------------------------------------------- /spec/termdefs.md: -------------------------------------------------------------------------------- 1 | 2 | ## Terms and Definitions 3 | 4 | For the purposes of this document, the following terms and definitions apply. 5 | 6 | ISO and IEC maintain terminological databases for use in standardization at the following addresses: 7 | 8 | - ISO Online browsing platform: available at 9 | - IEC Electropedia: available at 10 | 11 | [[def: Authentic Chained Data Container, ACDC]] 12 | 13 | ~ a directed acyclic graph with properties to provide a verifiable chain of proof-of-authorship. See the full [specification](https://trustoverip.github.io/tswg-acdc-specification/) 14 | 15 | [[def: Autonomic identifier, AID]] 16 | 17 | ~ a self-managing cryptonymous identifier that must be self-certifying (self-authenticating) and must be encoded in CESR as a qualified Cryptographic primitive. 18 | 19 | [[def: Autonomic identity system, AIS]] 20 | 21 | ~ an identity system that includes a primary root-of-trust in self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key pair. An AIS enables any entity to establish control over an AN in an independent, interoperable, and portable way. 22 | 23 | [[def: Autonomic namespace, AN]] 24 | 25 | ~ a namespace that is self-certifying and hence self-administrating. An AN has a self-certifying prefix that provides cryptographic verification of root control authority over its namespace. All derived AIDs in the same AN share the same root-of-trust, source-of-truth, and locus-of-control (RSL). The governance of the namespace is therefore unified into one entity, that is, the controller who is/holds the root authority over the namespace. 26 | 27 | [[def: Backer]] 28 | 29 | ~ an alternative to a traditional KERI based [[ref: Witness]] commonly using Distributed Ledger Technology (DLT) to store the [[ref: KEL]] for an identifier. 30 | 31 | [[def: Concise Binary Object Representation, CBOR]] 32 | 33 | ~ a binary serialization format, similar in concept to JSON but aiming for greater conciseness. Defined in [[spec: RFC7049]]. 34 | 35 | [[def: Configuration traits, Modes]] 36 | 37 | ~ a list of specially defined strings representing a configuration of a KEL. See (Configuration traits field)[#configuration-traits-field]. 38 | 39 | [[def: Controller]] 40 | 41 | ~ an entity that can cryptographically prove the control authority over an AID and make changes on the associated KEL. A controller of a multi-sig AID may consist of multiple controlling entities. 42 | 43 | [[def: Cryptographic Primitive]] 44 | 45 | ~ the serialization of a value associated with a cryptographic operation including but not limited to a digest (hash), a salt, a seed, a private key, a public key, or a signature. 46 | 47 | [[def: Cryptonym]] 48 | 49 | ~ a cryptographic pseudonymous identifier represented by a string of characters derived from a random or pseudo-random secret seed or salt via a one-way cryptographic function with a sufficiently high degree of cryptographic strength (e.g., 128 bits, see appendix on cryptographic strength) [[13]] [[14]] [[12]] [[11]]. A Cryptonym is a type of Primitive. Due to the entropy in its derivation, a Cyptonym is a universally unique identifier and only the Controller of the secret salt or seed from which the Cryptonym is derived may prove control over the Cryptonym. Therefore the derivation function must be associated with the Cryptonym and may be encoded as part of the Cryptonym itself. 50 | 51 | [[def: Current threshold]] 52 | 53 | ~ represents the number or fractional weights of signatures from the given set of current keys required to be attached to a [[ref: Message]] for the [[ref: Message]] to be considered fully signed. 54 | 55 | [[def: Dead-Attack]] 56 | 57 | ~ an attack on an establishment event that occurs after the Key-state for that event has become stale because a later establishment event has rotated the sets of signing and pre-rotated keys to new sets. See (Security Properties of Prerotation)[#dead-attacks]. 58 | 59 | [[def: Decentralized key management infrastructure, DKMI]] 60 | 61 | ~ a key management infrastructure that does not rely on a single entity for the integrity and security of the system as a whole. Trust in a DKMI is decentralized through the use of technologies that make it possible for geographically and politically disparate entities to reach an agreement on the key state of an identifier [[ref: DPKI]]. 62 | 63 | [[def: Duplicity]] 64 | 65 | ~ the existence of more than one Version of a Verifiable KEL for a given AID. 66 | 67 | [[def: End-verifiability]] 68 | 69 | ~ a data item or statement may be cryptographically securely attributable to its source (party at the source end) by any recipient verifier (party at the destination end) without reliance on any infrastructure not under the verifier's ultimate control. 70 | 71 | [[def: Establishment event]] 72 | 73 | ~ a Key event that establishes or changes the Key state which includes the current set of authoritative keypairs (Key state) for an AID. 74 | 75 | [[def: First-Seen]] 76 | 77 | ~ refers to the first instance of a [[ref: Message]] received by any [[ref: Witness]] or [[ref: Watcher]]. The first-seen event is always seen, and can never be unseen. It forms the basis for [[ref: Duplicity]] detection in KERI based systems. 78 | 79 | [[def: Inception]] 80 | 81 | ~ the operation of creating an AID by binding it to the initial set of authoritative keypairs and any other associated information. This operation is made verifiable and Duplicity evident upon acceptance as the Inception event that begins the AID's KEL. 82 | 83 | [[def: Inception event]] 84 | 85 | ~ an Establishment event that provides the incepting information needed to derive an AID and establish its initial Key state. 86 | 87 | [[def: Interaction event]] 88 | 89 | ~ a Non-establishment event that anchors external data to the Key state as established by the most recent prior Establishment event. 90 | 91 | [[def: KERI’s Algorithm for Witness Agreement, KAWA]] 92 | 93 | ~ a type of Byzantine Fault Tolerant (BFT) algorithm 94 | 95 | [[def: Key event]] 96 | 97 | ~ concretely, the serialized data structure of an entry in the Key event log (KEL) for an AID. Abstractly, the data structure itself. Key events come in different types and are used primarily to establish or change the authoritative set of keypairs and/or anchor other data to the authoritative set of keypairs at the point in the KEL actualized by a particular entry. 98 | 99 | [[def: Key event log, KEL]] 100 | 101 | ~ a Verifiable data structure that is a backward and forward chained, signed, append-only log of key events for an AID. The first entry in a KEL must be the one and only Inception event of that AID. 102 | 103 | [[def: Key event message]] 104 | 105 | ~ message whose body is a Key event and whose attachments may include signatures on its body. 106 | 107 | [[def: Key event receipt]] 108 | 109 | ~ message whose body references a Key event and whose attachments must include one or more signatures on that Key event. 110 | 111 | [[def: Key event receipt log, KERL]] 112 | 113 | ~ a key event receipt log is a [[ref: KEL]] that also includes all the consistent key event receipt [[ref: Message]]s created by the associated set of witnesses. See annex [Key event receipt log](#key-event-receipt-log) 114 | 115 | [[def: Key-State]] 116 | 117 | ~ a set of authoritative keys for an AID along with other essential information necessary to establish, evolve, verify, and validate control-signing authority for that AID. This information includes the current public keys and their thresholds (for a multi-signature scheme); pre-rotated key digests and their thresholds; [[ref: witness]]es and their thresholds; and configurations. An AID’s key state is first established through its [[ref:inception event]] and may evolve via subsequent [[ref: rotation event]]s. Thus, an AID’s key state is time-dependent. 118 | 119 | [[def: Live-Attack]] 120 | 121 | ~ an attack that compromises either the current signing keys used to sign non-establishment events or the current pre-rotated keys needed to sign a subsequent establishment event. See (Security Properties of Prerotation)[#live-attacks]. 122 | 123 | [[def: Message]] 124 | 125 | ~ a serialized data structure that comprises its body and a set of serialized data structures that are its attachments. Attachments may include but are not limited to signatures on the body. 126 | 127 | [[def: Next threshold]] 128 | 129 | ~ represents the number or fractional weights of signatures from the given set of next keys required to be attached to a [[ref: Message]] for the [[ref: Message]] to be considered fully signed. 130 | 131 | [[def: Non-establishment event]] 132 | 133 | ~ a Key event that does not change the current Key state for an AID. Typically, the purpose of a Non-establishment event is to anchor external data to a given Key state as established by the most recent prior Establishment event for an AID. 134 | 135 | [[def: Primitive:]] 136 | 137 | ~ a serialization of a unitary value. All Primitives in KERI must be expressed in CESR [[1]]. 138 | 139 | [[def: Rotation]] 140 | 141 | ~ the operation of revoking and replacing the set of authoritative keypairs for an AID. This operation is made verifiable and Duplicity evident upon acceptance as a Rotation event that is appended to the AID's KEL. 142 | 143 | [[def: Rotation event]] 144 | 145 | ~ an Establishment Event that provides the information needed to change the Key state which includes a change to the set of authoritative keypairs for an AID. 146 | 147 | [[def: Salt]] 148 | 149 | ~ random data fed as an additional input to a one-way function that hashes data. 150 | 151 | [[def: Seal]] 152 | 153 | ~ a seal is a cryptographic commitment in the form of a cryptographic digest or hash tree root (Merkle root) that anchors arbitrary data or a tree of hashes of arbitrary data to a particular event in the key event sequence. See annex (Seal)[#seal]. 154 | 155 | [[def: Self-addressed data, SAD]] 156 | 157 | ~ a representation of data content from which a SAID is derived. The SAID is both cryptographically bound to (content-addressable) and encapsulated by (self-referential) its SAD [[ref: SAID]]. 158 | 159 | [[def: Self-addressing identifiers, SAID]] 160 | 161 | ~ an identifier that is content-addressable and self-referential. A SAID is uniquely and cryptographically bound to a serialization of data that includes the SAID as a component in that serialization [[ref: SAID]]. 162 | 163 | [[def: Self-certifying identifier, SCID]] 164 | 165 | ~ a type of Cryptonym that is uniquely cryptographically derived from the public key of an asymmetric signing keypair, `(public, private)`. 166 | 167 | [[def: Validator]] 168 | 169 | ~ any entity or agent that evaluates whether or not a given signed statement as attributed to an identifier is valid at the time of its issuance. 170 | 171 | [[def: Verifiable]] 172 | 173 | ~ a condition of a KEL: being internally consistent with integrity of its backward and forward chaining digest as well as authenticity of its non-repudiable signatures. 174 | 175 | [[def: Verifier]] 176 | 177 | ~ any entity or agent that cryptographically verifies the signature(s) and digests on an event Message. 178 | 179 | [[def: Version]] 180 | 181 | ~ an instance of a KEL for an AID in which at least one event is unique between two instances of the [[ref: KEL]] 182 | 183 | [[def: Watcher]] 184 | 185 | ~ an _entity_ or _component_ that keeps a copy of a [[ref: KERL]] for an identifier but that is not designated by the _controller_ of the identifier as one of its witnesses. See annex [watcher](#watcher) 186 | 187 | [[def: Witness]] 188 | 189 | ~ a _witness_ is an _entity_ or _component_ designated (trusted) by the _controller_ of an _identifier_. The primary role of a witness is to verify, sign, and keep events associated with an identifier. A _witness_ is the _controller_ of its own self-referential _identifier_ which may or may not be the same as the _identifier_ to which it is a _witness_. See Annex A under KAWA (KERI's Algorithm for Witness Agreement). 190 | -------------------------------------------------------------------------------- /spec/terms-and-definitions-intro.md: -------------------------------------------------------------------------------- 1 | ## Terms and Definitions 2 | 3 | For the purposes of this document, the following terms and definitions apply. 4 | 5 | ISO and IEC maintain terminological databases for use in standardization at the following addresses: 6 | 7 | - ISO Online browsing platform: available at 8 | - IEC Electropedia: available at 9 | -------------------------------------------------------------------------------- /spec/terms-definitions/KERIs-algorithm-for-witness-agreement.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, keris-algorithm-for-witness-agreement, KERI’s Algorithm for Witness Agreement, KAWA]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/authentic-chained-data-container.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, authentic-chained-data-container, Authentic Chained Data Container, ACDC]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/autonomic-identifier.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, autonomic-identifier, Autonomic identifier, AID]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/autonomic-identity-system.md: -------------------------------------------------------------------------------- 1 | [[tref: toip1, autonomic-identity-system, Autonomic identity system, AIS]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/autonomic-namespace.md: -------------------------------------------------------------------------------- 1 | [[tref: toip1, autonomic-namespace, Autonomic namespace, AN]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/backer.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, backer, Backer]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/concise-binary-object-representation.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, concise-binary-object-representation, Concise Binary Object Representation, CBOR]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/configuration-traits.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, configuration-traits, Configuration traits,Modes]] 2 | 3 | ~ See also: [Configuration traits field](#configuration-traits-field). 4 | -------------------------------------------------------------------------------- /spec/terms-definitions/controller.md: -------------------------------------------------------------------------------- 1 | [[tref: toip1, controller, Controller]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/cryptographic-primitive.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, cryptographic-primitive, Cryptographic primitive]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/cryptonym.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, cryptonym, Cryptonym, Cryptonymous]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/current-threshold.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, current-threshold, Current threshold]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/dead-attack.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, dead-attack, Dead-attack]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/decentralized-key-management-infrastructure.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, decentralized-key-management-infrastructure, Decentralized Key Management Infrastructure, DKMI]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/duplicity.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, duplicity, Duplicity]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/end-verifiability.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, end-verifiability, End-verifiability]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/establishment-event.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, establishment-event, Establishment event]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/exchange-identifier.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, exchange-identifier, Exchange identifier]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/first-seen.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, first-seen, First-seen, First seen]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/inception-event.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, inception-event, Inception event]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/inception.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, inception, Inception]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/indexed-signature.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, indexed-signature,. Indexed signature]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/interaction-event.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, interaction-event, Interaction event]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-event-log.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, key-event-log, Key event log, KEL, kel]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-event-message.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, key-event-message, Key event message]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-event-receipt-infrastructure.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, key-event-receipt-infrastructure, Key event receipt infrastructure, KERI]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-event-receipt-log.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, key-event-receipt-log, Key event receipt log, KERL]] 2 | 3 | ~ See annex [Key event receipt log](#key-event-receipt-log). 4 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-event-receipt.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, key-event-receipt, Key event receipt]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-event.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, key-event, Key event]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/key-state.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, key-state, Key-state]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/live-attack.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, live-attack, Live-attack]] 2 | 3 | ~ See [Security Properties of Prerotation](#live-attacks). 4 | -------------------------------------------------------------------------------- /spec/terms-definitions/message.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, message, Message]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/messagepack.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, messagepack, MsgPack, MGPK]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/next-threshold.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, next-threshold, Next threshold]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/non-establishment-event.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, non-establishment-event, Non-establishment event]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/out-of-band-introduction.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, out-of-band-introduction, Out-of-band introduction, OOBI]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/primitive.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, primitive, Primitive]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/python-dict.md: -------------------------------------------------------------------------------- 1 | [[def: python-dict, Python dict, Python dictionary]] 2 | 3 | ~ A Python dict (short for dictionary) is a built-in data type for an associative array or hash table that stores key–value pairs: you look up a key and get its value. 4 | -------------------------------------------------------------------------------- /spec/terms-definitions/receipt.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, receipt, Receipt]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/receiver.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, receiver, Receiver]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/rotation-event.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, rotation-event, Rotation event]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/rotation.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, rotation, Rotation]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/routed-exchange-message.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, routed-exchange-message, Routed exchange message]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/saidive.md: -------------------------------------------------------------------------------- 1 | [[def: saidive, SAIDive]] 2 | 3 | ~ any fields that are derived from digest of the message body using the SAID protocol. 4 | -------------------------------------------------------------------------------- /spec/terms-definitions/salt.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, salt, Salt]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/seal.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, seal, Seal]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/self-addressed-data.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, self-addressed-data, Self-addressed data, SAD]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/self-addressing-identifier.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, self-addressing-identifier, Self-addressing identifier, SAID]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/self-certifying-identifier.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, self-certifying-identifier, Self-certifying identifier, SCID]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/signature.md: -------------------------------------------------------------------------------- 1 | [[tref: toip1, digital-signature, Signature, Signatures]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/validator.md: -------------------------------------------------------------------------------- 1 | [[tref: toip2, validator, Validator]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/verifiable.md: -------------------------------------------------------------------------------- 1 | [[tref: toip1, verifiable, Verifiable]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/verifier.md: -------------------------------------------------------------------------------- 1 | [[tref: toip1, verifier, Verifier]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/version.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, version, Version]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/watcher.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, watcher, Watcher]] 2 | -------------------------------------------------------------------------------- /spec/terms-definitions/witness.md: -------------------------------------------------------------------------------- 1 | [[tref: keri1, witness, Witness]] 2 | -------------------------------------------------------------------------------- /specs.json: -------------------------------------------------------------------------------- 1 | { 2 | "specs": [ 3 | { 4 | "title": "KERI specification", 5 | "description": "Create technical specifications in markdown. Based on the original Spec-Up, extended with Terminology tooling", 6 | "author": "Trust over IP Foundation", 7 | "spec_directory": "./spec", 8 | "spec_terms_directory": "terms-definitions", 9 | "output_path": "./docs", 10 | "markdown_paths": [ 11 | "spec-head.md", 12 | "terms-and-definitions-intro.md", 13 | "spec-body.md" 14 | ], 15 | "logo": "https://raw.githubusercontent.com/trustoverip/spec-up-t-starter-pack/main/spec-up-t-starterpack/static/logo.svg", 16 | "logo_link": "https://github.com/trustoverip/spec-up-t", 17 | "favicon": "https://raw.githubusercontent.com/trustoverip/spec-up-t-starter-pack/main/spec-up-t-starterpack/static/favicon.ico", 18 | "source": { 19 | "host": "github", 20 | "account": "trustoverip", 21 | "repo": "tswg-keri-specification", 22 | "branch": "main" 23 | }, 24 | "external_specs": [ 25 | { 26 | "external_spec": "keri1", 27 | "gh_page": "https://trustoverip.github.io/kerisuite-glossary/", 28 | "url": "https://github.com/trustoverip/kerisuite-glossary", 29 | "terms_dir": "spec/terms-definitions" 30 | }, 31 | { 32 | "external_spec": "toip1", 33 | "gh_page": "https://trustoverip.github.io/ctwg-main-glossary/", 34 | "url": "https://github.com/trustoverip/ctwg-main-glossary", 35 | "terms_dir": "spec/terms-definitions" 36 | }, 37 | { 38 | "external_spec": "toip2", 39 | "gh_page": "https://trustoverip.github.io/ctwg-general-glossary/", 40 | "url": "https://github.com/trustoverip/ctwg-general-glossary", 41 | "terms_dir": "spec/terms-definitions" 42 | } 43 | ], 44 | "katex": false 45 | } 46 | ] 47 | } --------------------------------------------------------------------------------