Nym Certificate v1¶
Source schema: doc/schemas/nym-certificate.v1.schema.json
Machine-readable schema for a council-issued application-layer pseudonym certificate. This artifact remains above the transport boundary and can be attached to nym-authored application messages.
Governing Basis¶
doc/project/20-memos/nym-layer-roadmap-and-revocable-anonymity.mddoc/project/40-proposals/015-nym-certificates-and-renewal-baseline.md
Project Lineage¶
Requirements¶
Stories¶
Fields¶
| Field | Required | Shape | Description |
|---|---|---|---|
schema/v |
yes |
const: 1 |
Schema version. |
nym/id |
yes |
string | Certified nym identity. |
epoch |
yes |
integer | Epoch number of this pseudonym line. |
issued-at |
yes |
string | Issue timestamp of the certificate. |
expires-at |
yes |
string | End of ordinary validity for application-message signing. |
leniency-until |
yes |
string | End of grace semantics for continuity work. After this moment the old line is dead. |
issuer/id |
yes |
string | Issuing council identity in canonical council:did:key:z... form. |
line/predecessor-nym-id |
no |
string | Optional public predecessor line when the nym continues an earlier visible pseudonymous history. |
line/succession |
no |
ref: nym-succession.v1.schema.json |
Optional public continuity proof signed by the predecessor nym. |
signature |
yes |
ref: #/$defs/signature |
|
policy_annotations |
no |
object |
Definitions¶
| Definition | Shape | Description |
|---|---|---|
signature |
object |
Conditional Rules¶
Rule 1¶
When:
{
"required": [
"line/predecessor-nym-id"
]
}
Then:
{
"required": [
"line/succession"
]
}
Rule 2¶
When:
{
"required": [
"line/succession"
]
}
Then:
{
"required": [
"line/predecessor-nym-id"
]
}
Field Semantics¶
schema/v¶
- Required:
yes - Shape: const:
1
Schema version.
nym/id¶
- Required:
yes - Shape: string
Certified nym identity.
epoch¶
- Required:
yes - Shape: integer
Epoch number of this pseudonym line.
issued-at¶
- Required:
yes - Shape: string
Issue timestamp of the certificate.
expires-at¶
- Required:
yes - Shape: string
End of ordinary validity for application-message signing.
leniency-until¶
- Required:
yes - Shape: string
End of grace semantics for continuity work. After this moment the old line is dead.
issuer/id¶
- Required:
yes - Shape: string
Issuing council identity in canonical council:did:key:z... form.
line/predecessor-nym-id¶
- Required:
no - Shape: string
Optional public predecessor line when the nym continues an earlier visible pseudonymous history.
line/succession¶
- Required:
no - Shape: ref:
nym-succession.v1.schema.json
Optional public continuity proof signed by the predecessor nym.
signature¶
- Required:
yes - Shape: ref:
#/$defs/signature
policy_annotations¶
- Required:
no - Shape: object
Definition Semantics¶
$defs.signature¶
- Shape: object