Node Operator Binding v1¶
Source schema: doc/schemas/node-operator-binding.v1.schema.json
Machine-readable schema for a node-held operator-assurance certificate. The binding is a bundle over capability-passport.v1: the operator participant issues a node-primary-operator passport to the target node, and the node signs a separate acceptance proving that it accepts that participant as primary operator. Derived node assurance remains an eligibility gate, not reputation.
Governing Basis¶
doc/project/40-proposals/034-node-operator-binding-and-derived-node-assurance.mddoc/project/40-proposals/024-capability-passports-and-network-ledger-delegation.mddoc/project/40-proposals/025-seed-directory-as-capability-catalog.mddoc/normative/50-constitutional-ops/ROOT-IDENTITY-AND-NYMS.mddoc/normative/50-constitutional-ops/ROLE-TO-IAL-MATRIX.md
Project Lineage¶
Requirements¶
doc/project/50-requirements/requirements-006-node-networking-mvp.mddoc/project/50-requirements/requirements-010-middleware-executor.mddoc/project/50-requirements/requirements-011-dator-arca-contracts.md
Stories¶
doc/project/30-stories/story-001-swarm-node-onboarding.mddoc/project/30-stories/story-004-pod-client-onboarding.mddoc/project/30-stories/story-006-buyer-node-components.mddoc/project/30-stories/story-006-voluntary-swarm-exchange.mddoc/project/30-stories/story-007-settlement-capable-node.md
Fields¶
| Field | Required | Shape | Description |
|---|---|---|---|
schema/v |
yes |
const: 1 |
Schema version. |
binding/id |
yes |
string | Stable identifier of this node/operator binding bundle. |
binding/status |
yes |
enum: active, revoked, expired, superseded |
Lifecycle state of this binding bundle. Passport expiry or revocation should drive this projection. |
passport |
yes |
object | Full capability-passport.v1 artifact issued by the operator participant. In this profile it is the participant-side consent claim: I agree to be primary operator of this target node. |
node_acceptance |
yes |
object | Node-side acceptance proving that the target node accepts the passport issuer as its primary operator. A participant-issued passport without this node acceptance is not a binding. |
published/disclosure-mode |
no |
enum: local-only, present-on-demand, seed-directory |
Disclosure posture for this binding. seed-directory means the node explicitly chose higher availability for the node/operator relation. |
seed-directory/ref |
no |
string | Optional Seed Directory publication reference when disclosure mode is seed-directory. |
revocation/ref |
no |
string | Reference to the record that revoked or superseded this binding. |
policy_annotations |
no |
object | Optional local or federation policy annotations that do not change the core binding semantics. |
Definitions¶
| Definition | Shape | Description |
|---|---|---|
assuranceLevel |
enum: IAL0, IAL1, IAL2, IAL3, IAL4 |
Identity assurance level recognized by the surrounding policy for participant/operator identity proofing. |
signature |
object |
Conditional Rules¶
Rule 1¶
When:
{
"properties": {
"binding/status": {
"const": "revoked"
}
},
"required": [
"binding/status"
]
}
Then:
{
"required": [
"revocation/ref"
]
}
Rule 2¶
When:
{
"properties": {
"published/disclosure-mode": {
"const": "seed-directory"
}
},
"required": [
"published/disclosure-mode"
]
}
Then:
{
"required": [
"seed-directory/ref"
]
}
Field Semantics¶
schema/v¶
- Required:
yes - Shape: const:
1
Schema version.
binding/id¶
- Required:
yes - Shape: string
Stable identifier of this node/operator binding bundle.
binding/status¶
- Required:
yes - Shape: enum:
active,revoked,expired,superseded
Lifecycle state of this binding bundle. Passport expiry or revocation should drive this projection.
passport¶
- Required:
yes - Shape: object
Full capability-passport.v1 artifact issued by the operator participant. In this profile it is the participant-side consent claim: I agree to be primary operator of this target node.
node_acceptance¶
- Required:
yes - Shape: object
Node-side acceptance proving that the target node accepts the passport issuer as its primary operator. A participant-issued passport without this node acceptance is not a binding.
published/disclosure-mode¶
- Required:
no - Shape: enum:
local-only,present-on-demand,seed-directory
Disclosure posture for this binding. seed-directory means the node explicitly chose higher availability for the node/operator relation.
seed-directory/ref¶
- Required:
no - Shape: string
Optional Seed Directory publication reference when disclosure mode is seed-directory.
revocation/ref¶
- Required:
no - Shape: string
Reference to the record that revoked or superseded this binding.
policy_annotations¶
- Required:
no - Shape: object
Optional local or federation policy annotations that do not change the core binding semantics.
Definition Semantics¶
$defs.assuranceLevel¶
- Shape: enum:
IAL0,IAL1,IAL2,IAL3,IAL4
Identity assurance level recognized by the surrounding policy for participant/operator identity proofing.
$defs.signature¶
- Shape: object