Service CA Material v1¶
Source schema: doc/schemas/service-ca-material.v1.schema.json
Signed governance-published trust material candidate for a scoped service CA. This artifact is not a local trust decision; a node may use it only after local policy accepts the issuer, scope, and policy reference.
Governing Basis¶
Project Lineage¶
Fields¶
| Field | Required | Shape | Description |
|---|---|---|---|
schema |
yes |
const: service-ca-material.v1 |
Schema discriminator. MUST be exactly service-ca-material.v1. |
ca/id |
yes |
string | Stable identifier of this CA material artifact or CA lineage member. |
service/kind |
yes |
enum: seed-directory, agora, artifact-delivery, inac, other |
Service surface for which this CA material is being announced. |
scope |
yes |
ref: #/$defs/scope |
|
material |
yes |
ref: #/$defs/material |
|
valid/from |
yes |
string | Start of the publication validity window. |
valid/until |
yes |
string | End of the publication validity window. Nodes MUST ignore this candidate after this time unless a newer accepted artifact supersedes it. |
rotation |
no |
ref: #/$defs/rotation |
|
issuer |
yes |
ref: #/$defs/issuer |
|
policy/ref |
no |
string | Optional local-policy reference or governance policy identifier that tells a node which acceptance rule may authorize this trust material. |
signature |
yes |
ref: #/$defs/signature |
Definitions¶
| Definition | Shape | Description |
|---|---|---|
scope |
object | Scope in which this CA material may be considered. Local trust policy MUST match against this scope before using the material. |
material |
object | |
rotation |
object | |
issuer |
object | |
signature |
object | |
sha256Digest |
string | |
| ## Field Semantics |
schema¶
- Required:
yes - Shape: const:
service-ca-material.v1
Schema discriminator. MUST be exactly service-ca-material.v1.
ca/id¶
- Required:
yes - Shape: string
Stable identifier of this CA material artifact or CA lineage member.
service/kind¶
- Required:
yes - Shape: enum:
seed-directory,agora,artifact-delivery,inac,other
Service surface for which this CA material is being announced.
scope¶
- Required:
yes - Shape: ref:
#/$defs/scope
material¶
- Required:
yes - Shape: ref:
#/$defs/material
valid/from¶
- Required:
yes - Shape: string
Start of the publication validity window.
valid/until¶
- Required:
yes - Shape: string
End of the publication validity window. Nodes MUST ignore this candidate after this time unless a newer accepted artifact supersedes it.
rotation¶
- Required:
no - Shape: ref:
#/$defs/rotation
issuer¶
- Required:
yes - Shape: ref:
#/$defs/issuer
policy/ref¶
- Required:
no - Shape: string
Optional local-policy reference or governance policy identifier that tells a node which acceptance rule may authorize this trust material.
signature¶
- Required:
yes - Shape: ref:
#/$defs/signature
Definition Semantics¶
$defs.scope¶
- Shape: object
Scope in which this CA material may be considered. Local trust policy MUST match against this scope before using the material.
$defs.material¶
- Shape: object
$defs.rotation¶
- Shape: object
$defs.issuer¶
- Shape: object
$defs.signature¶
- Shape: object
$defs.sha256Digest¶
- Shape: string