- A
- ACDC #acdc
- ADC #acdc
- agency #acdc
Agents can be people, edge computers and the functionality within wallets. The service an agent offers is agency.
- agent #acdc
A representative for an identity. MAY require the use of a wallet. MAY support transfer.
- AID #acdc
- ambient verifiability #acdc
Verifiable by anyone, anywhere, at anytime. E.g. Ambient Duplicity Detection describes the possibility of detecting duplicity by anyone, anywhere, anytime.
- AN #acdc
- APC #acdc
- API #acdc
- append only event logs #acdc
Append-only is a property of computer data storage such that new data can be appended to the storage, but where existing data is immutable.
A blockchain is an example of an append-only log. The events can be transactions. Bitcoin is a well-known Append only log where the events are totally ordered and signed transfers of control over unspent transaction output.
More on Wikipedia
- application programming interface #acdc
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software.
- authentic chained data container #acdc
In brief, an ACDC or ADC proves digital data consistency and authenticity in one go. An ACDC cryptographically secures commitment to data contained, and its identifiers are self-addressing, which means they point to themselves and are also contained ìn the data.
- authentic data container #acdc
A mechanism for conveying data that allows the authenticity of its content to be proved.
- authentic provenance chain #acdc
Interlinked presentations of evidence that allow data to be tracked back to its origin in an objectively verifiable way.
- authentic web #acdc
The authentic web is the internet as a whole giant verifiable data structure. Also called Web5. The web will be one big graph. That's the mental model of the 'authentic web'.
- authenticity #acdc
The quality of having an objectively verifiable origin; contrast veracity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).
Established control authority over an identifier, that has received attestations to it, e.g. control over the identifier has been verified to its root-of-trust. So the (control over the) identifier is 'authoritative' because it can be considered accurate, renowned, honourable and / or respected.
Also used to describe PKI key pairs that have this feature.Authority in ToIP glossary
Is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.
More formally, "to authorize" is to define an access policy.
Also 'AVR'. This a representative of a Legal Entity that are authorized by the DAR of a Legal Entity to request issuance and revocation of:
- vLEI Legal Entity Credentials
- Legal Entity Official Organizational Role vLEI Credentials (OOR vLEI Credentials)
- Legal Entity Engagement Context Role vLEI Credentials (ECR vLEI Credentials).
Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.
- autonomic computing systems #acdc
Self managing computing systems using algorithmic governance, from the 90's way way way before DAOs. KERI creator Sam Smith worked at funded Navy research in the 90's on autonomic survivable systems as in "self-healing" systems: "We called them autonomic way back then".
- autonomic identifier #acdc
An identifier that is self-certifying and self-sovereign.
- autonomic identity system #acdc
There's nobody that can intervene with the establishment of the authenticity of a control operation because you can verify all the way back to the root-of-trust.
- autonomic namespace #acdc
A namespace that is self-certifying and hence self-administrating. ANs are therefore portable = truly self sovereign.
- AVR #acdc
- B
- backer #acdc
The terms Backer and Witness are closely related in KERI. Backers include both regular KERI witnesses and ledger-registered backers.
- BADA #acdc
- base64 #acdc
In computer programming, Base64 is a group of binary-to-text encoding schemes that represent binary data (more specifically, a sequence of 8-bit bytes) in sequences of 24 bits that can be represented by four 6-bit Base64 digits.
More on source Wikipedia
- best available data acceptance mechanism #acdc
The BADA security model provides a degree of replay attack protection. The attributate originator (issuer, author, source) is provided by an attached signature couple or quadruple. A single reply could have multiple originators. When used as an authorization the reply attributes may include the identifier of the authorizer and the logic for processing the associated route may require a matching attachment. BADA is part of KERI's Zero Trust Computing Architecture for Data Management: How to support Secure Async Data Flow Routing in KERI enabled Applications.
- BFT #acdc
- binding #acdc
In short, the technique of connecting two data elements together. In the context of KERI it's the association of data or an identifier with another identifier or a subject (a person, organization or machine), thereby lifting the privacy of the subject through that connection, i.e. binding.
- blake3 #acdc
BLAKE3 is a relatively young (2020) cryptographic hash function based on Bao and BLAKE2.
- blind oobi #acdc
A blind OOBI means that you have some mechanisms in place for verifying the AID instead of via the OOBI itself. A blind OOBI is essentially a URL. It's called "blind" because the witness is not in the OOBI itself. You haves other ways of verifying the AID supplied.
- branch #acdc
In software development a 'branch' refers to the result of branching: the duplication of an object under version control for further separate modification.
- byzantine agreement #acdc
(non PoW) Byzantine Agreement is Byzantine fault tolerance of distributed computing systems that enable them to come to consensus despite arbitrary behavior from a fraction of the nodes in the network. BA consensus makes no assumptions about the behavior of nodes in the system. Practical Byzantine Fault Tolerance (pBFT) is the prototypical model for Byzantine agreement, and it can reach consensus fast and efficiently while concurrently decoupling consensus from resources (i.e., financial stake in PoS or electricity in PoW).
- byzantine fault tolerance #acdc
A Byzantine fault (also interactive consistency, source congruency, error avalanche, Byzantine agreement problem, Byzantine generals problem, and Byzantine failure) is a condition of a computer system, particularly distributed computing systems, where components may fail and there is imperfect information on whether a component has failed. The term takes its name from an allegory, the "Byzantine Generals Problem", developed to describe a situation in which, in order to avoid catastrophic failure of the system, the system's actors must agree on a concerted strategy, but some of these actors are unreliable. In a Byzantine fault, a component such as a server can inconsistently appear both failed and functioning to failure-detection systems, presenting different symptoms to different observers. It is difficult for the other components to declare it failed and shut it out of the network, because they need to first reach a consensus regarding which component has failed in the first place. Byzantine fault tolerance (BFT) is the dependability of a fault-tolerant computer system to such conditions.
- C
- certificate transparency #acdc
Certificate Transparency (CT) is an Internet security standard and open source framework for monitoring and auditing digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates. As of 2021, Certificate Transparency is mandatory for all SSL/TLS certificates.
- CESR #acdc
- cesr proof signatures #acdc
CESR Proof Signatures are an extension to the Composable Event Streaming Representation [CESR] that provide transposable cryptographic signature attachments on self-addressing data (SAD) [SAID]. Any SAD, such as an Authentic Chained Data Container (ACDC) Verifiable Credential [ACDC] for example, may be signed with a CESR Proof Signature and streamed along with any other CESR content. In addition, a signed SAD can be embedded inside another SAD and the CESR proof signature attachment can be transposed across envelope boundaries and streamed without losing any cryptographic integrity.
(Philip Feairheller, IETF-cesr-proof)
- chain link confidentiality #acdc
Chains together a sequence of Disclosees which may also include a set of constraints on data usage by both second and third parties expressed in legal language such that the constraints apply to all recipients of the disclosed data thus the phrase "chain link" confidentiality. Each Disclosee in the sequence in turn is the Discloser to the next Disclosee.
This is the primary mechanism of granting digital data rights through binding information exchange to confidentiality laws. Confidentiality is dynamically negotiated on a per-event, per-data exchange basis according to the data that is being shared in a given exchange.
- chain of custody #acdc
From Wikipedia (Source): Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests.
- claim #acdc
An assertion of the truth of something, typically one which is disputed or in doubt. A set of claims might convey personally identifying information: name, address, date of birth and citizenship, for example. (Source).
- CLC #acdc
- clone #acdc
A copy of a system that is - and works exactly as the original
- cloud agent #acdc
Cloud agent is software that is installed on the cloud server instances in order to provide security, monitoring, and analysis solutions for the cloud. They actually provide information and helps to provide control over cloud entities.
Paraphrased by @henkvancann based on source.
Also see Agent.- code table #acdc
- code table selector #acdc
the first character in the text code of CESR stream that determines which code table to use, either a default code table or a code table selector character when not the default code table. Thus the 1 character text code table must do double duty. It must provide selectors for the different text code tables and also provide type codes for the most popular primitives that have a pad size of 1 that appear is the default code table.
- cold start stream parsing #acdc
After a reboot (or cold start), a stream processor looks for framing information to know how to parse groups of elements in the stream.
If that framing information is ambiguous then the parser may become confused and require yet another cold start. While processing a given stream a parser may become confused especially if a portion of the stream is malformed in some way. This usually requires flushing the stream and forcing a cold start to resynchronize the parser to subsequent stream elements.
- collective signature #acdc
a group signature scheme, that (i) is shared by a set of signing groups and (ii) combined collective signature shared by several signing groups and several individual signers. The protocol of the first type is constructed and described in detail. It is possible to modify the described protocol which allows transforming the protocol of the first type into the protocol of the second type. The proposed collective signature protocols have significant merits, one of which is connected with possibility of their practical using on the base of the existing public key infrastructures.
SourceCollective signature have a variable length as a function of the number of signers.
- collision #acdc
In cryptography and identity collision generally refers to something going wrong because an identical result has been produced but it refers to - or points to - different sources or assets backing this result.
E.g. two hashes collide, meaning two different digital sources produce the same hash.
Another example is name(space) collision.- compact variant #acdc
Either a most compact version of an ACDC or the fully compact version of an ACDC. An Issuer commitment via a signature to any variant of ACDC (compact, full, etc) makes a cryptographic commitment to the top-level section fields shared by all variants of that ACDC because the value of a top level section field is either the SAD or the SAID of the SAD of the associated section.
- complementary integrity verification #acdc
A mechanism that can verify integrity independent of needing access to a previous instance or reference version of the information for comparison.
Source: Neil Thomson- composability #acdc
- composable #acdc
- composable event streaming representation #acdc
This compact encoding scheme fully supports both textual and binary streaming applications of attached crypto material of all types. This approach includes composability in both the textual and binary streaming domains. The primitives may be the minimum possible but still composable size. Making composability a guaranteed property allows future extensible support of new compositions of streaming formats based on pre-existing core primitives and compositions of core primitives. This enables optimized stream processing in both the binary and text domains. Also called 'CESR'.
- configuration files #acdc
In computing, configuration files (commonly known simply as config files) are files used to configure the parameters and initial settings for some computer programs. They are used for user applications, server processes and operating system settings.
More on source Wikipedia
- consensus mechanism #acdc
How groups of entitities come to decisions. In general to learn about consensus mechanisms read any textbook on decision making, automated reasoning, multi-objective decision making, operations research etc.
- content addressable hash #acdc
Finding content by a hash of this content, generated by a one-way hash function applied to the content.
Content addressing is a way to find data in a network using its content rather than its location. The way we do is by taking the content of the content and hashing it. Try uploading an image to IPFS and get the hash using the below button.
- contextual linkability #acdc
Refers to the condition where vendors or other data capture points provide enough context at point of capture to be able to use statistical correlation with existing data sets to link any of a person's disclosed attributes to a set of already known data points about a given person.
This sort of linkability nullifies the perceived protection of selective disclosure through zero knowledge proofs since the disclosed data can be combined with context to easily link the disclosed data to an existing profile of the person.
These threats mainly focus on a subject (the entity) who wants to hide as much of his identifiable information (or at least make it as unlikable as possible). This can occur when the subject wants to authenticate himself to a certain service (multiple authentication principles are shown in the tree), but also during regular communication (browsing, client-server requests, etc.) by means of the contextual information connected or linked to the the activity or communication.
More at sourceContractually protected disclosure is the primary defense against contextual linkability.
- contingent disclosure #acdc
{TBW prio 1}
- contractually protected disclosure #acdc
Usage of schema-based and contract-based controls to limit the exchange of information to provide both mechanical and legal protection on the sharing of data.
Mechanical protection is composed of sharing the schema of the data to be shared prior to sharing the actual data contents. This mechanical protection is then combined through the IPEX protocol with disclosures of legal contracts to be agreed to prior to sharing the desired data contents.
Once the legal agreements have been met then the disclosure mechanism exchanges the desired data contents.
This is also the most elaborate form of disclosure by an IPEX. Contractually protected disclosure includes both chain-link confidential and contingent disclosure.
Paraphrased by @henkvancann based on sourceIn identity systems Control Authority is who controls what and that is the primary factor in determining the basis for trust in them. The entity with control authority takes action through operations that affect the
- creation (inception)
- updating
- rotation
- revocation
- deletion
- and delegation of the authentication factors and their relation to the identifier.
- controller #acdc
The entity that has the ability to make changes to an identity, cryptocurrency or verifiable credential.
The controller of an autonomic identifier is the entity (person, organization, or autonomous software) that has the capability, as defined by derivation, to make changes to an Event Log. This capability is typically asserted by the control of a single inception key. In DIDs this is typically asserted by the control of set of cryptographic keys used by software acting on behalf of the controller, though it may also be asserted via other mechanisms. In KERI an AID has one single controller. Note that a DID may have more than one controller, and the DID
subjectcan be the DID controller, or one of them.- coroutines #acdc
Computer programs that can be suspended and resumed at will.
- correlation #acdc
In our scope this is an identifier used to indicate that external parties have observed how wallet contents are related.
- count code #acdc
- credential #acdc
Evidence of authority, status, rights, entitlement to privileges, or the like.
(source)- CRUD #acdc
Is acronym for the traditional client-server database update policy is CRUD (Create, Read, Update, Delete).
CRUD as opposed to RUN which is the acronym for the new peer-to-peer end-verifiable monotonic update policy.
- crypto libraries #acdc
Cryptography libraries deal with cryptography algorithms and have API function calls to each of the supported features.
- cryptocurrency #acdc
A digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a digital ledger or computerized database using strong cryptography to secure transaction record entries, to control the creation of additional digital coin records.
See more on source Wikipedia.- cryptographic commitment scheme #acdc
is a cryptographic primitive that allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later.
Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are binding.
More on wikipedia- cryptographic primitive #acdc
Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.
More on source Wikipedia-page- cryptographic strength #acdc
The term "cryptographically strong" is often used to describe an encryption algorithm, and implies, in comparison to some other algorithm (which is thus cryptographically weak), greater resistance to attack. But it can also be used to describe hashing and unique identifier and filename creation algorithms.
More on Wikipedia- cryptonym #acdc
A code name, call sign or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person.
Source Wikipedia- CT #acdc
- custodial agent #acdc
An agent owned by an individual who has granted signing authority to a custodian who is usually also the host of the running agent software. Using partial rotation to facilitate custodial key management the owner of the identifier retains rotational authority and thus the ability to "fire" the custodian at any time without requiring the cooperation of the custodian.
- custodial rotation #acdc
Rotation based on control authority that is split between two key sets. The first for signing authority and the second (pre-roateted) for rotation authority the associated thresholds and key list can be structured in such a way that a designated custodial agent can hold signing authority while the original controller can hold exclusive rotation authority.
Partial pre-rotation supports the important use case that of custodial key rotation to authorize a custodial agent.
Paraphrased by @henkvancann on the bases of the IETF-KERI draft 2022 by Samual Smith.- D
- DAG #acdc
- DAR #acdc
- data anchor #acdc
Data anchors are digests of digital data, that uniquely identify this data. The digest is the anchor and can be used to identify - and point to the data at the same time.
- decentralized identifier #acdc
Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID.
Source W3C.org.- decentralized identity #acdc
is a technology that uses cryptography to allow individuals to create and control their own unique identifiers. They can use these identifiers to obtain
Verifiable Credentialsfrom trusted organizations and, subsequently, present elements of these credentials as proof of claims about themselves. In this model, the individual takes ownership of their own identity and need not cede control to centralized service providers or companies.KERIs definition of decentralization (centralization) is about control not spatial distribution. In our definition decentralized is not necessarily the same as distributed. By distributed we mean that activity happens at more than one site. Thus decentralization is about control and distribution is about place. To elaborate, when we refer to decentralized infrastructure we mean infrastructure under decentralized (centralized) control no matter its spatial distribution. Thus decentralized infrastructure is infrastructure sourced or controlled by more than oneentity.- decentralized key management infrastructure #acdc
Decentralized Public Key Infrastructure (DPKI) or Decentralized Key Management System (DKMS) goal is to ensure that no single third-party can compromise the integrity and security of the system as as whole.
Source- DEL #acdc
- delegated identifier #acdc
Matches the act of delegation with the appropriate digital twin. Consequently when applied recursively, delegation may be used to compose arbitrarily complex trees of hierarchical (delegative) key management event streams. This is a most powerful capability that may provide an essential building block for a generic universal decentralized key management infrastructure (DKMI) that is also compatible with the demand of generic event streaming applications.
More in the whitepaper
- delegation #acdc
A person or group of persons officially elected or appointed to represent another or others.
- derivation code #acdc
All crypto material appears in
KERIin a fully qualified representation. This includes a derivation code prepended to the crypto-material.
Also 'DAR'. These are representatives of a Legal Entity that are authorized by the Legal Entity to act officially on behalf of the Legal Entity. DARs can authorize:
- vLEI Issuer Qualification Program Checklists
- execute the vLEI Issuer Qualification Agreement
- provide designate/replace Authorized vLEI Representatives (AVRs).
Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.
- DHT #acdc
- DID #acdc
- digest #acdc
verifiable cryptographic commitment. It's a collision resistant hash of content.
From Wikipedia (Source):
A digest is a cryptographic hash function (CHF) is a mathematical algorithm that maps data of an arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function for which it is practically infeasible to invert or reverse the computation.[1]
- digital signature #acdc
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
- directed acyclic graph #acdc
From Wikipedia (source):
In mathematics, particularly graph theory, and computer science, a directed acyclic graph (DAG /ˈdæɡ/ (listen)) is a directed graph with no directed cycles. That is, it consists of vertices and edges (also called arcs), with each edge directed from one vertex to another.
- discloser #acdc
An ACDC in a disclosure is disclosed by the Discloser.
- distributed hash table #acdc
It is a distributed system that provides a lookup service similar to a hash table: key-value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The main advantage of a DHT is that nodes can be added or removed with minimum work around re-distributing keys. Keys are unique identifiers which map to particular values, which in turn can be anything from addresses, to documents, to arbitrary data.
(Source: Wikipedia)- DKMI #acdc
- domain #acdc
Trust domain and / or Domain name
- domain name #acdc
A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are used in various networking contexts and for application-specific naming and addressing purposes.
More on Source Wikipedia.- DPKI #acdc
- dual text binary encoding format #acdc
(ietf-cesr-proof)
{TBW prio2}
- duplicitous event log #acdc
This is a record of inconsistent event messages produced by a given controller or witness with respect to a given KERL. The duplicitous events are indexed to the corresponding event in a KERL. A duplicitous event is represented by a set of two or more provably mutually inconsistent event messages with respect to a KERL. Each juror keeps a duplicitous event log (DEL) for each controller and all designated witness with respect to a KERL. Any validator may confirm duplicity by examining a DEL.
- E
- eclipse attack #acdc
An eclipse attack is a P2P network-based attack. Eclipse attack can only be performed on nodes that accept incoming connections from other nodes, and not all nodes accept incoming connections.
In a bitcoin network, by default, there are a maximum of 117 incoming TCP connections and 8 outgoing TCP connections.
Source- ECR #acdc
- electronic signature #acdc
An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created (e.g., eIDAS in the European Union, NIST-DSS in the USA or ZertES in Switzerland).
- end verifiable #acdc
When a log is end verifiable, it means that the log may be verified by any end user that receives a copy. No trust in intervening infrastructure is needed to verify the log and validate the content.
- engagement context role #acdc
A person that represents the Legal Entity in a functional or in another context role and is issued an ECR vLEI Credential.
- entity #acdc
entity in the #essiflab glossary.
- entropy #acdc
-
The term entropy is also used to describe the degree of unpredictability of a message. Entropy is then measured in bits. The degree or strength of randomness determines how difficult it would be for someone else to reproduce the same large random number. This is called collision resistance.
- ephemeral #acdc
Lasting for a markedly brief time. Having a short lifespan.
In the context of identifiers is often referred to as identifiers for one time use; or throw-away identifiers.- escrow #acdc
'Escrow' as a noun is a (legal) arrangement in which a third party temporarily holds money or property until a particular condition has been met.
'Escrow' as a verb: we use it in protocol design to handle out of order events. Store the event and wait for the other stuff to show up and then continue processing of the event. So escrowing is the process of storing this event. We root back to the event later.
- escrow state #acdc
The current state of all the temporary storage locations (what events are waiting for what other information) that KERI protocol needs to keep track of, due to its fully asynchronous nature.
- establishment event #acdc
An event that establishes control authority. What are the authoritative key-pairs in any point in time. For a trivial system this is one authoritative key pair and it never changes. However, if we need persistance in our identifier and we want to be able to for example overcome compromise of our keys, we need to be able to do something like rotate keys.
Source Sam Smith- extensible business reporting language #acdc
XBRL is the open international standard for digital business reporting, managed by a global not for profit consortium, XBRL International.
- F
- first seen #acdc
"First seen" in KERI is the first verified event, accepted in the KEL. It has no effect on the timing of what has arrived in escrow for example; in escrow there can be garbage. Every 'first seen' event is propagated world wide within micro-seconds to the watchers. Only in this microseconds windows that you could have a live key conprise attack. If that happens, this where you have to look after this duplicity-attack a bit more in depth to handle it safely. E.g. a valid key rotation.
- frame code #acdc
- fully compact #acdc
The most compact form of an ACDC. This is the only signed variant of an ACDC and this signature is anchored in a transaction event log (TEL) for the ACDC. This is one valid choice for an ACDC schema.
This form is part of the graduated disclosure mechanism in ACDCs.- fully expanded #acdc
The most user-friendly version of an ACDC credential. It doesn't need to be signed and typically is not signed since the most compact version which is signed can be computed from this form and then the signature can be looked up in the transaction event log of the ACDC in question.
Regarding the graduated disclosure objective this form is the one with the highest amount of disclosure for a given node of an ACDC graph.
- G
- GAR #acdc
- ghost credential #acdc
Is a valid credential within in a 90 days grace period (the revocation transaction time frame before it's booked to revocation registry). {TBW prio 3}
- GLEIF #acdc
Global Legal Entity Identifier Foundation
A representative of GLEIF authorized to perform the identity verifications requirements needed to issue the QVI vLEI Credential.
Source: Draft vLEI Ecosystem Governance Framework Glossary.
- GLEIS #acdc
Global Legal Entity Identifier System
- governance framework #acdc
Also called 'Governance structure'. Governance frameworks are the structure of a government and reflect the interrelated relationships, factors, and other influences upon the institution. Governance frameworks structure and delineate power and the governing or management roles in an organization. They also set rules, procedures, and other informational guidelines.
More in source Wikipedia.- GPG #acdc
- graduated disclosure #acdc
disclosure performed by a presentation exchange that has cross-variant (see compact variant) Issuer commitment verifiability as an essential property. It supports graduated disclosure by the Disclosee of any or all variants wether it be full, compact, metadata, partial, selective, bulk issued, or contractually protected.
Paraphrased by @henkvancann based on source- graph fragment #acdc
An ACDC is a verifiable data structure and part of a graph, consisting of a node property and one or two edge proporties.
- group code #acdc
- group framing code #acdc
special framing codes can be specified to support groups of primitives in CESR. Grouping enables pipelining. Other suitable terms for these special framing codes are group codes or count codes for short. These are suitable terms because these framing codes can be used to count characters, primitives in a group, or groups of primitives in a larger group when parsing and off-loading a stream of CESR primitives.
Source- H
- habery #acdc
The only hit (2022) in a Google search pointing to a github site 'habery DOT github DOT io' is NOT related.
- hierarchical asynchronous coroutines and input output #acdc
- hierarchical composition #acdc
Encoding protocol that is composable in a hierarchy and enables pipelining (multiplexing and de-multiplexing) of complex streams in either text or compact binary. This allows management at scale for high-bandwidth applications.
- hio #acdc
Weightless hierarchical asynchronous coroutines and I/O in Python.
Rich Flow Based Programming Hierarchical Structured Concurrency with Asynchronous IO.- I
- I O #acdc
- IANA #acdc
- identifier #acdc
Something to uniquely identify (public) identities; pointing to something or someone else.
- identifier system #acdc
Verifiable Credentials (VCs) and the emerging role of the LEI: Verifiable Credentials are digitally signed credentials that are not only tamper-resistant but capable of being verified in decentralized manner. vLEIs are based on the Trust over IP Authentic Chained Data Container (ACDC) specification (based on the Key Event Receipt Infrastructure (KERI) protocol (github.com/WebOfTrust/keri), both Internet Engineering Task Force (IETF) draft specifications). Verifiable Credentials are digitally signed credentials that are not only tamper-resistant but capable of being verified in decentralized manner. vLEIs are based on the Trust over IP Authentic Chained Data Container (ACDC) specification (based on the Key Event Receipt Infrastructure (KERI) protocol (github.com/WebOfTrust/keri), both Internet Engineering Task Force (IETF) draft specifications). More info on GLEIF site
- identity #acdc
A unique entity. Typically represented by a unique identifier.
- inception #acdc
The operation of creating an AID by binding it to the initial set of authoritative keypairs and any other associated information. This operation is made verifiable and duplicity evident upon acceptance as the inception event that begins the AID's KEL.
Source Sam Smith- inception event #acdc
The inception data must include the public key, the identifier derivation from that public key, and may include other configuration data. The identifier derivation may be simply represented by the
derivation code. A statement that includes the inception data with attached signature made with the private key comprises a cryptographic commitment to the derivation and configuration of the identifier that may be cryptographically verified by any entity that receives it.
A KERI inception statement is completely self-contained. No additional infrastructure is needed or more importantly must be trusted in order to verify the derivation and initial configuration (inception) of the identifier. The initial trust basis for the identifier is simply the signed inception statement.
(SamMSmith)- inconsistency #acdc
If a reason, idea, opinion, etc. is inconsistent, different parts of it do not agree, or it does not agree with something else. Data inconsistency occurs when similar data is kept in different formats in more than one file. When this happens, it is important to match the data between files.
- indexed signature #acdc
An indexed signature attachment is used when signing anything with a multi-key autonomic identifier. The index is included as part of the attachment, so a verifier knows which of the multiple public keys was used to generate a specific signature.
Source:Philip Feairheller- input output #acdc
In computing, input/output (I/O, or informally io or IO) is the communication between an information processing system, such as a computer, and the outside world, possibly a human or another information processing system. Inputs are the signals or data received by the system and outputs are the signals or data sent from it. The term can also be used as part of an action; to "perform I/O" is to perform an input or output operation.
- inquisitor #acdc
In the ACDC context it's a general term for someone (in a validating role) that launches an inquiry at some KERI witness.
- integrity #acdc
Integrity (of a message or data) means that the information is whole, sound, and unimpaired (not necessarily correct). It means nothing is missing from the information; it is complete and in intended good order. (Source: Neil Thomson)
- interleaved serialisation #acdc
Serializations of different types interleaved in an overarching format
- internal inconsistency #acdc
Internal is used to describe things that exist or happen inside an entity. In our scope of digital identifiers its (in)consistency is considered within the defining data structures and related data stores.
In KERI we are protected against internal inconsistency by the hash chain datastructure of the KEL, because the only authority that can sign the log is the controller itself.
- interoperability #acdc
Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange.
More on source Wikipedia- interoperable #acdc
- IPEX #acdc
- issuance and presentation exchange protocol #acdc
provides a uniform mechanism for the issuance and presentation of ACDCs in a securely attributable manner.
- issuance event #acdc
The initial transaction event log event anchored to the issuing AID’s key event log that represents the issuance of an ACDC credential.
Source: Philip Feairheller.It's a sort of "inception event" of a verifiable credential.
- issuance exchange #acdc
A special case of a presentation exchange where the Discloser is the Issuer of the origin (Primary) ACDC of the DAG formed by the set of chained ACDCs so disclosed.
In an issuance exchange, when the origin ACDC has an Issuee, the Disclosee MAY also be the origin ACDC's Issuee.
- issuee #acdc
An ACDC is optionally issued to the Issuee. When present, the Issuee identifier (AID) appears at the top level of the attribute section or in the attribute list at the top level of the attribute aggregate section of the ACDC.
- issuer #acdc
An ACDC is issued by the Issuer. The Issuer identifier (AID) appears in the top level of the ACDC.
- J
- javascript object signing and encryption #acdc
Related:
JWK,JWT. More info- JOSE #acdc
- judge #acdc
determines current authoritative key set for identifier from the key event receipt logs from a set of witnesses. Judges transmit the 'judgement' of watchers concerning duplicity.
- K
- KA2CE #acdc
- KAACE #acdc
- keep #acdc
Is KERI's and ACDC's user interface that uses the keripy agent for its backend. It uses the REST API exposed from the keripy agent.
Source: Philip Feairheller- KEL #acdc
- KERI #acdc
- keri command line interface #acdc
- keri improvement doc #acdc
These docs are modular so teams of contributors can independently work and create PRs of individual KIDs; KIDs answer the question "how we do it". We add commentary to the indivudual KIDs that elaborate on the why. It has been split from the how to not bother implementors with the why.
- keri ox #acdc
The RUST programming-language implementation of the KERI protocol.
- keridemlia #acdc
It is a contraction of KERI and Kademlia. It's the distributed database of Witness IP-addresses based on a Distributed Hash Tabel. It also does the CNAME - stuff that DNS offers for KERI: the mapping between an identifier and it's controller AID stored in the KEL to its current wittness AID and the wittness AID to the IP address. (@henkvancann)
- keripy #acdc
The Python programming-language implementation of the KERI protocol.
- KERL #acdc
- key #acdc
In our digital scope it's a mechanism for granting or restricting access to something. MAY be used to issue and prove, MAY be used to transfer and control over identity and cryptocurrency. More
- key compromise #acdc
More in the security sections of Universal Identifier Theory
- key event #acdc
Concretely, the serialized data structure of an entry in the key event log for an AID. Abstractly, the data structure itself. Key events come in different types and are used primarily to establish or change the authoritative set of keypairs and/or anchor other data to the authoritative set of keypairs at the point in the key event log actualized by a particular entry.
Source Sam Smith- key event log #acdc
KELs are hash-chained Key Events. These are blockchains in a narrow definition, but not in the sense of ordering (not ordered) or global consensus mechanisms (which is not needed). (SamMSmith)
A KEL is KERI's VDS: the proof of key state of its identifier.
- key event message #acdc
Message whose body is a key event and whose attachments may include signatures on its body.
Source Sam Smith- key event receipt #acdc
Message whose body references a key event and whose attachments MUST include one or more signatures on that key event.
Source Sam Smith- key event receipt infrastructure #acdc
Also
KERI. It's a new approach to decentralized identifiers and decentralized key management that promises significant benefits forSSI(self-sovereign identity) andToIP(Trust over IP) infrastructure.
(@drummondreed)KERI is an identifier system that fixes the internet. It's a fully decentralized permission-less key management architecture. It solves the
secure attribution problemto its identifiers and allows portability.
(@henkvancann)- key event receipt log #acdc
Signed Key Events, keeping track of establishment events. To begin with the inception event and any number of rotation events. We call that the establishment subsequence. The Key Event Receipt Logs are built from receipts of events signed by the witnesses of those events (these are called commitments); these are also append-only but not hash-chained. (@henkvancann)
- key management #acdc
management of cryptographic keys in a crypto-system. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys (also rotation). It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
Successful key management is critical to the security of a crypto-system. It is the more challenging side of cryptography in a sense that it involves aspects of social engineering such as system policy, user training, organizational and departmental interactions, and coordination between all of these elements, in contrast to pure mathematical practices that can be automated.
More on wikipedia
- key pair #acdc
is a private key and its corresponding public key resulting from a one-way crypto-graphical function; a key pair is used with an asymmetric-key (public-key) algorithm in a so called Public Key Infrastructure (PKI).
- key state #acdc
Includes the set of currently authoritative keypairs for an AID and any other information necessary to secure or establish control authority over an AID.
Source Sam Smith- key stretching #acdc
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key.
- key transparency #acdc
Key Transparency does this by using piece of blockchain technology called a Merkle Tree.
More on Stackexchange how key transparency works.
(@henkvancann)- keystore #acdc
A keystore in KERI is the encrypted data store that hold the private keys for a collection of AIDs.
Source: Philip Feairheller.- KID #acdc
- kli #acdc
- L
- lead bytes #acdc
In order to avoid confusion with the use of the term pad character, when pre-padding with bytes that are not replaced later, we use the term lead bytes. So lead-bytes are added "pre-conversion".
- ledger backer #acdc
A witness in KERI that is ledger-registered. It's a type of backer that proof its authenticity by a signing key anchored to the public key of a data item on a (public) blockchain.
- legal entity #acdc
Unique parties that are legally or financially responsible for the performance of financial transactions or have the legal right in their jurisdiction to enter independently into legal contracts.
- legal entity engagement context role vlei credential governance framework #acdc
A document that details the requirements for vLEI Role Credentials issued to representatives of a Legal Entity in other than official roles but in functional or other context of engagement.
Source: Draft vLEI Ecosystem Governance Framework Glossary.- legal entity official organizational role vlei credential governance framework #acdc
A document that details the requirements for vLEI Role Credentials issued to official representatives of a Legal Entity.
Source: Draft vLEI Ecosystem Governance Framework Glossary.- legal entity vlei credential governance framework #acdc
A document that details the requirements for vLEI Credential issued by a Qualified vLEI Issuer to a Legal Entity.
- LEI #acdc
Legal Entity Identifier
- levels of assurance #acdc
KERI has the same LOAs for entropy and trust in human behavior preserving the security of key pairs and preserving their own privacy. It has high LOAs for the cryptographic bindings of controllers and identifiers. Also the validation of witnesses and watchtowers has high a LOA.
- liveness #acdc
On wikipedia
- LoA #acdc
- LoC #acdc
- loci of control #acdc
Locus of control is the degree to which people believe that they, as opposed to external forces (beyond their influence), have control over the outcome of events in their lives. Also 'LoC'.
More on wikipedia- locked state #acdc
The default status a KERI data store is in once it has been created using a passcode; it is by default encrypted.
- M
- management TEL #acdc
- management transaction event log #acdc
A 'management TEL' will signal the creation of the Virtual Credential Registry (VCR) and track the list of Registrars that will act as Backers for the individual _ transaction event logs (TELs)_ for each virtual credential (VC).
- message #acdc
serialized data structure event, an actionable message
- most compact #acdc
An ACDC that, for a given level of disclosure, is as compact as it can be which means
- it has the SAIDs for each section that are not disclosed
- it has expanded sections that are disclosed
Multiple forms of a single ACDC can be called the "most compact" version given that each level of graduated disclosure will have a "most compacted" version. If all the blocks are expanded of a most compact version then it becomes fully expanded. If all the blocks are replaced with SAIDs then it becomes fully compacted.
This form is a part of the graduated disclosure objective.
- multicodec #acdc
Is a self-describing multi-format, it wraps other formats with a tiny bit of self-description. A multi-codec identifier is both a variant (variable length integer) and the code identifying data.
See more at GitHub Multi-codec
Multi-codec is an agreed-upon codec table. It is designed for use in binary representations, such as keys or identifiers (i.e CID). It is then used as a prefix to identify the data that follows.
- multiplexing #acdc
In telecommunications and computer networking, multiplexing (sometimes contracted to muxing) is a method by which multiple analog or digital signals are combined into one signal over a shared medium. The aim is to share a scarce resource - a physical transmission medium.
More on source Wikipedia-page- multisig #acdc
also multi-signature or multisignature; is a digital signature scheme which allows a group of users to sign a single piece of digital data.
Paraphrased by @henkvancann from Wikipedia source- N
- naive conversion #acdc
Non-CESR Base64 conversion. How people are used to using the Base64 encode and decode. Without pre-padding etc all the stuff CESR does to ensure aligns on 24 bit boundaries so CESR never uses the '=' pad character. But naive Base64 will pad if the length is not 24 bit aligned.
Source: Samuel Smith in issue 34Naive conversion is a text to binary conversion or vice versa that doesn't anticipate on either composability and / or on the concatenation capability of the result of such an operation.
- namespace #acdc
In an identity system, an identifier can be generalized to a namespace to provide a systematic way of organizing identifiers for related resources and their attributes. A namespace is a grouping of symbols or identifiers for a set of related objects.
A namespace employs some scheme for assigning identifiers to the elements of the namespace. A simple name-spacing scheme uses a prefix or prefixes in a hierarchical fashion to compose identifiers. The following is an example of a namespace scheme for addresses within the USA that uses a hierarchy of prefixes:
state.county.city.zip.street.number.An example element in this namespace may be identified with the following:
utah.wasatch.heber.84032.main.150S.- nested cooperative delegated identifiers #acdc
More in chapter Nested Delegation Recovery of the whitepaper
- NFT #acdc
- non establishment event #acdc
Key Event that does not change the current key-state for an AID. Typically the purpose of a non-establishment event is to anchor external data to a given key state as established by the most recent prior establishment event for an AID.
Source Sam Smith- non fungible token #acdc
Sometimes an NFT doesn't only uniquely represent a digital asset. It can be the digital twin of - and is also (hopefully) backed by - a real-life asset. Even in this perspective KERI and ACDC are more emcompassing too, because in the KERI/ACDC case we are dealing with globally portable unique digital twins, not anchored to (read
locked in) a blockchain.- non normative #acdc
A theory is called non-normative if it does not do what has described under 'Normative'. In general, the purpose of non-normative theories is not to give answers, but rather to describe possibilities or predict what might happen as a result of certain actions.
Source.- non repudiable #acdc
Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract, signature or commitment.
The term is often seen in a legal setting when the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".- non transferable #acdc
No capacity to transfer (the control over) a certain digital asset in an unobstructed or loss-less manner. As opposed to transferable.
For example not legally transferable to the ownership of another entity.
- non transferable identifier #acdc
Controlling keys over this identifier cannot be rotated and therefore this identifier is non-transferable to other control.
An identifier of this type has specific positive features like short-lived, peer to peer, one-time use, discardable, etc. that are very practical in certain use cases. Moreover non-transferable identifiers are much easier to govern than persistent identifiers that are transferable.- normative #acdc
a theory is “normative” if it, in some sense, tells you what you should do - what action you should take. If it includes a usable procedure for determining the optimal action in a given scenario.
Source.- O
- official organizational role #acdc
Also 'OOR'. A person that represents the Legal Entity in an official organizational role and is issued an OOR vLEI Credential.
Source Draft vLEI Ecosystem Governance Framework Glossary.- one way functions #acdc
In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here, "easy" and "hard" are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems.
More on Wikipedia- OOBI #acdc
- OOR #acdc
- out of band introduction #acdc
Out-of-band Introductions (OOBIs) are discovery and validation of IP resources for KERI autonomic identifiers. Discovery via URI, trust via KERI.
The simplest form of a KERI OOBI is a namespaced string, a tuple, a mapping, a structured message, or structured attachment that contains both a KERI AID and a URL. The OOBI associates the URL with the AID. In tuple form this abstractly:
(url, aid)and concretely
("http://8.8.5.6:8080/oobi", "EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM")- owner #acdc
Owner in ToIP glossary
- ownership #acdc
Ownership in ToIP glossary
- P
- P2P #acdc
- pad #acdc
is a character used to fill empty space, because many applications have fields that must be a particular length.
Source- partial pre rotation #acdc
- partial rotation #acdc
The pre-rotation mechanism supports partial pre-rotation or more exactly partial rotation of pre-rotated keypairs. It's a rotation operation on a set of pre-rotated keys that may keep some keys in reserve (i.e unexposed) while exposing others as needed.
Partial rotation serves two important purposes:
Paraphrased by @henkvancann on the bases of the IETF-KERI draft 2022 by Samual Smith.
- passcode #acdc
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity.
More on source Wikipedia- payload #acdc
The term 'payload' is used to distinguish between the 'interesting' information in a chunk of data or similar, and the overhead to support it. It is borrowed from transportation, where it refers to the part of the load that 'pays': for example, a tanker truck may carry 20 tons of oil, but the fully loaded vehicle weighs much more than that - there's the vehicle itself, the driver, fuel, the tank, etc. It costs money to move all these, but the customer only cares about (and pays for) the oil, hence, 'pay-load'. Source.
- peer to peer #acdc
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer network of nodes
More on source Wikipedia
- persistent data structure #acdc
An append only verifiable data structure. What we sign may not change.
- persistent identifier #acdc
- PGP #acdc
- pii #acdc
personally identifiable information
- pipelining #acdc
In computing, a pipeline, also known as a data pipeline, is a set of data processing elements connected in series, where the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion. Some amount of buffer storage is often inserted between elements.
More on source Wikipedia-page- PKI #acdc
- post pad #acdc
the action and / or result of extending a string with trailing pad characters to align to a certain length in bits or bytes.
- pre pad #acdc
the action and / or result of prepending a string with leading pad characters to align to a certain length in bits or bytes.
- pre rotation #acdc
It is a new invention in KERI. Pre-rotation is a cryptographical commitment (a hash) to the next private key in the rotation-scheme.
The pre-rotation scheme provides secure verifiable rotation that mitigates successful exploit of a given set of signing private keys from a set of (public, private) key-pairs when that exploit happens sometime after its creation and its first use to issue a self-certifying identifier. In other words, it assumes that the private keys remains private until after issuance of the associated identifier. Source: chapter Pre-rotation in whitepaper- prefix #acdc
A prefix that is composed of a basic Base-64 (URL safe) derivation code pre-pended to Base-64 encoding of a basic public digital signing key.
Including the derivation code in the prefix binds the derivation process along with the public key to the resultant identifier.An example of the prefix with a one character derivation code and a 32 byte public key encoded into a 44 character Based-64 string follows:
BDKrJxkcR9m5u1xs33F5pxRJP6T7hJEbhpHrUtlDdhh0
- presentation exchange #acdc
An exchange that provides disclosure of one or more ACDCs between a Discloser and a Disclosee.
A presentation exchange is the process by which authenticatable information may be exchanged between two parties, namely, the Discloser and Disclosee.
- pretty good privacy #acdc
Is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
More on wikipedia
So also the often confusing GPG term.- primary root of trust #acdc
In KERI its a root-of-trust that is cryptographically verifiable all the way to its current controlling key pair in a PKI.
- primitive #acdc
In general in computing a 'primitive' is the simplest type of programming language item. It may also refer to the smallest processing unit accessible by a programmer.
Source- promiscuous mode #acdc
It is the mode a watcher runs in. A watcher uses the same code as a witness. However a watcher does so "lacking standards of selection; acting without careful judgment; indiscriminate". Or "Showing little forethought or critical judgment; casual."
SourceProof that somebody or something has certain rights or permissions. It's about data. Whereas proof of authorship is about data and its original creator.
A proof-of-authority provides verifiable authorizations or permissions or rights or credentials.Proof that somebody or something has originally created certain content. It's about data's inception. Whereas proof-of-authority is about rights attached to this data.
For example, a signature constitutes direct proof of authorship; less directly, handwriting analysis may be submitted as proof of authorship of a document.[21] Privileged information in a document can serve as proof that the document's author had access to that information; such access might in turn establish the location of the author at certain time, which might then provide the author with an alibi.
Source- protocol #acdc
Generic term to describe a code of correct conduct. Also called "etiquette": a code of personal behavior.
- pseudo random number #acdc
A (set of) value(s) or element(s) that is statistically random, but it is derived from a known starting point and is typically repeated over and over. Pseudo-random numbers provide necessary values for processes that require randomness, such as creating test signals or for synchronizing sending and receiving devices in a spread spectrum transmission.
It is called "pseudo" random, because the algorithm can repeat the sequence, and the numbers are thus not entirely random.
Source- PTEL #acdc
- public key infrastructure #acdc
Is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
More on Wikipedia
- public transaction event log #acdc
The KEL is used to establish control authority over the keys used to commit to the events of the TEL and sign the VC. The events of the TEL are used to establish the issuance or revocation state of the VCs issued by the controller of the identifier represented by the KEL.
- public verifiable credential registry #acdc
is a form of a Verifiable Data Registry that tracks the issuance/revocation state of credentials issued by the controller of the KEL.
Two types of TELs will be used for this purpose. The first type of TEL is the management TEL and will signal the creation of the Registry and track the list of Registrars that will act as Backers for the individual TELs for each VC. The second type of TEL is the VC TEL which will track the issued or revoked state of each VC and will contain a reference to it's corresponding management TEL.
- Q
- QAR #acdc
- qualified #acdc
When qualified, a cryptographic primitive includes a prepended derivation code (as a proem) that indicates the cryptographic algorithm or suite used for that derivation. This simplifies and compactifies the essential information needed to use that cryptographic primitive. All cryptographic primitives expressed in either text or binary CESR are qualified by definition [CESR-ID]. Qualification is an essential property of CESR [CESR-ID].¶
Sam Smith, IETF-keri- qualified vlei issuer #acdc
The contracting party to the vLEI Issuer Qualification Agreement that has been qualified by GLEIF as a Qualified vLEI Issuer.
Source: Draft vLEI Ecosystem Governance Framework Glossary.- qualified vlei issuer vlei credential governance framework #acdc
A document that details the requirements to enable this Credential to be issued by GLEIF to Qualified vLEI Issuers which allows the Qualified vLEI Issuers to issue, verify and revoke Legal Entity vLEI Credentials, Legal Entity Official Organizational Role vLEI Credentials, and Legal Entity Engagement Context Role vLEI Credentials.
- QVI #acdc
- R
- race condition #acdc
A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of the possible behaviors is undesirable.
Source.- receipt #acdc
event message or reference with one or more witness signatures
- receipt log #acdc
ordered record of all key event receipts for a given set of witnesses
- redundant credential #acdc
Multiple credentials issued by the same issuer (e.g. a QVI). They do not have anything to do with each other. They are independently valid.
- registrar #acdc
identifiers that serve as backers for each transaction event log (TEL) under its provenance. This list of Registrars can be rotated with events specific to a certain type of TEL. In this way, a Registrar is analogous to a Backer in KERI KELs and Registrar lists are analogous to Backer lists in KERI KELs.
- registry #acdc
In our digital mental model it's an official digital record book. When people refer to a registry, they usually mean a specific instance, within a multi-tenant registry. E.g. Docker Hub is a multi-tenant registry, where there’s a set of official / public images.
- replay attack #acdc
A replay attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants. The added danger of replay attacks is that a hacker doesn't even need advanced skills to decrypt a message after capturing it from the network. The attack could be successful simply by resending the whole thing.
More on how it works and stopping replay attacks at source- repo #acdc
Software is our line of work. In this, 'repo' is the short hand for 'Repository', mostly referring to a software repo(sitory) on Github.com, Gitlab (https://gitlab.com) or other software repository hosting services.
- reserve rotation #acdc
One important use case for partial rotation is to enable pre-rotated key pairs designated in one establishment event to be held in reserve and not exposed at the next (immediately subsequent) establishment event.
Source IETF-KERI draft 2022 by Samual Smith.- revocation event #acdc
Revocation is the act of recall or annulment. It is the cancelling of an act, the recalling of a grant or privilege, or the making void of some deed previously existing.
More on source Wikipedia- ricardian contract #acdc
The Ricardian contract, as invented by Ian Grigg in 1996, is a method of recording a document as a contract at law, and linking it securely to other systems, such as accounting, for the contract as an issuance of value.
It is robust through use of identification by cryptographic hash function, transparent through use of readable text for legal prose and efficient through markup language to extract essential information.
More at source Wikipedia- rotation #acdc
The operation of revoking and replacing the set of authoritative key pairs for an AID. This operation is made verifiable and duplicity evident upon acceptance as a rotation event that is appended to the AID's KEL.
Source Sam SmithThe (exclusive) right to rotate the authoritative key pair and establish changed control authority.
- rotation event #acdc
A type of establishment event that provides the information needed to change the key-state which includes a change to the set of authoritative keypairs for an AID.
Source Sam Smith- RUN #acdc
The acronym for the new peer-to-peer end-verifiable monotonic update policy is RUN (Read, Update, Nullify).
RUN as opposed to CRUD which is the traditional client-server database update policy.
- run off the crud #acdc
Run off the CRUD means the source of truth for each data item is a decentralized controller Peer, a given database hosted by any Peer does not create records in the traditional sense of a server creating records for a client.
- S
- SAD #acdc
- SAID #acdc
- sally #acdc
is an implementation of a verification service and acting as a reporting server. It is purpose-built software for the vLEI ecosystem to allow participants in the vLEI ecosystem present credentials, so the GLEIF Reporting API can show what vLEIs are; issued to Legal Entities.
- salt #acdc
- SATP #acdc
- schema namespace registry #acdc
a centrally managed schema registry where corporations or individuals reserve schemas within a specific namespace in order to have an interoperable schema that is labeled with a corporation-specific or individual-specific namespace.
- schema registry #acdc
Central registry for credential schemas based on namespaces.
- SCID #acdc
- seal #acdc
A seal is a cryptographic proof in a secondary root-of-trust (e.g. TEL) that is anchored in a primary-root-of-trust (e.g.KEL).
- secondary root of trust #acdc
In KERI its a root-of-trust that, for its secure attribution, depends on another verifiable data structure (VDS) which MUST be a primary root-of-trust.
By its nature and cryptographic anchoring via seals to a primary root-of-trust, a secondary root-of-trust still has a high level of trustability and can be automatically verified.- secure asset transfer protocol #acdc
KERI has portable identifiers per definition. KERI identifier are not locked into silos like distributed ledgers. KERI IDs have their own native hash-chained data structures (KEL, KERL and TEL).
- secure attribution #acdc
In short: secure attribution is "whodunit?!" in cyberspace.
Secure attribution is strongly related to making and proving statements. A controller makes statements to the a validator or verifier, who in turn validates the statements issued. A controller "owns" the statement: content and attribution via digital signatures.
Secure attribution of a statement is a way of proving that the statement is an authentic statement of thecontroller. In the context of KERI and ACDC secure means aValidatormay cryptographically verify the statement.- seed #acdc
In cryptography a 'seed' is a pseudorandomly generated number, often expressed in representation of a series of words.
Paraphrased from wikipedia- self addressing data #acdc
While all KERI event messages are self-addressing data (SAD), there is a broad class of SADs that are not KERI events but that require signature attachments. ACDC Verifiable credentials fit into this class of SADs. With more complex data structures represented as SADs, such as verifiable credentials, there is a need to provide signature attachments on nested subsets of SADs.
(Philip Feairheller, ietf-cesr-proof)- self addressing identifier #acdc
A terse way to describe a SAID and its data is to write an expression that consists of the token
SAIDfollowed by a token with field names in canonical order, where the field containing the SAID itsef is marked by the suffix=said. For example, the saidification of a simpleContactInfodata structure might be given asSAID(name, address, phone, email, id=said).- self certifying identifier #acdc
A Self-Certifying Identifier (SCID) cryptographically binds an identifier to a public and private key pair. It is an identifier that can be proven to be the one and only identifier tied to a public key using cryptography alone.
- self framing #acdc
a textual encoding that includes type, size, and value is self-framing.
Source Samual M Smith- self sovereign identity #acdc
Self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transactions with one another.
Paraphrased by @henkvancann, sources eSSIF-lab and ToIP.- self sovereignty #acdc
Self sovereignty in Trust over IP wiki.
- server sent event #acdc
Mailbox notifications; a streaming service for the agent U/I, to get notifications from the KERI system itself.
- service endpoint #acdc
In our context we consider a web service endpoint which is a URL at which clients of specific service can get access to the service.
- signed digest #acdc
commitment to content, by digitally signing a digest of this content.
- signify #acdc
Signify is a web client (key) event signing - and key pair creation app that minimizes the use of KERI on the client.
The main reason is that we want to minimize what needs to be put in the client or the cloud. Most proofs should be cryptographically verifiable and it should not be able to be repudiated (successful pointing fingers should be prevented), and this happens when the signatures come straight from the controller.
The authority to sign on behalf of the controller of the authoritative key pair. Often in situation where delegation has taken place, e.g. a custodial agent. These are limited rights because rotation authority is not included.
- signing threshold #acdc
Is the minimum number of valid signatures to satisfy the requirement for successful verification in a Threshold Signature Scheme.
- single signature identifier #acdc
or single sig identifier; is an identifier controlled by a one-of-one signing keypair
- solicited issuance #acdc
The issuance of a Legal Entity vLEI Credentials, OOR vLEI Credentials and ECR vLEI Credentials upon receipt by the QAR of a Fully Signed issuance request from the AVR(s) of the Legal Entity.
Source: Draft vLEI Ecosystem Governance Framework Glossary.- source of truth #acdc
The source of truth is a trusted data source that gives a complete picture of the data object as a whole.
Source: LinkedIN.- spanning layer #acdc
An all encompassing layer horizontal layer in a software architecture. Each trust layer only spans platform specific applications. It bifurcates the internet trust map into domain silos (e.g. twitter.com), because there is no spanning trust layer.
- SSI #acdc
- ssi system #acdc
The SSI Infrastructure consists of the technological components that are deployed all over the world for the purpose of providing, requesting and obtaining data for the purpose of negotiating and/or executing electronic transactions. Paraphrased by @henkvancann based on source eSSIF-lab
- sub shell #acdc
A subshell is basically a new shell just to run a desired program. A subshell can access the global variables set by the 'parent shell' but not the local variables. Any changes made by a subshell to a global variable is not passed to the parent shell.
Source- T
- TCP #acdc
- tcp endpoint #acdc
This is a service endpoint of the web transmission control protocol
- TEL #acdc
- text binary concatenation composability #acdc
An encoding has composability when any set of self-framing concatenated primitives expressed in either the text domain or binary domain may be converted as a group to the other domain and back again without loss.
- threshold signature scheme #acdc
or TSS; is a type of digital signature protocol used by Mutli-party Computation (MPC) wallets to authorize transactions or key state changes.
Source Cryptoapis- top level section #acdc
The fields of an ACDC in compact variant. The value of a top level section field is either the SAD or the SAID of the SAD of the associated section. An Issuer commitment via a signature to any variant of ACDC (compact, full, etc) makes a cryptographic commitment to the top-level section fields shared by all variants of that ACDC.
Paraphrased by @henkvancann based on source.- trans contextual value #acdc
Value that is transferrable between contexts
- transaction event log #acdc
An externally anchored transactions log via cryptographic commitments in a KEL.
- transfer off ledger #acdc
The act of transferring control authority over an identifier from a ledger (or blockchain) to the native verifiable KERI data structure Key Event Log.
- transferable #acdc
Capable of being transferred or conveyed from one place or person to another. Place can be its and bits. The adjective transferable also means 'Negotiable', as a note, bill of exchange, or other evidence of property, that may be conveyed from one person to another by indorsement or other writing; capable of being transferred with no loss of value. As opposed to non-transferable.
Source- transferable identifier #acdc
Control over the identifier can be transferred by rotating keys.
A synonym is 'persistent identifier'.{TBW prio 1}
- transmission control protocol #acdc
One of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP).
More on source Wikipedia.- trust domain #acdc
A trust domain is the ecosystem of interactions that rely on a trust basis. A trust basis binds controllers, identifiers, and key-pairs. For example the Facebook ecosystem of social interactions is a trust domain that relies on Facebook’s identity system of usernames and passwords as its trust basis.
(Source whitepaper)- U
- UI #acdc
- uniform resource locator #acdc
A Uniform Resource Locator (URL), colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.
- unsolicited issuance #acdc
Issuance of a Legal Entity vLEI Credential upon notice by a QAR to the AVR(s) of the Legal Entity that a Legal Entity vLEI Credential has been solicited on the Legal Entity’s behalf.
Source: Draft vLEI Ecosystem Governance Framework Glossary.- URL #acdc
- user interface #acdc
A user interface (UI or U/I) is the space where interactions between humans and machines occur.
- V
- validate #acdc
ESSIF-lab definition of validate. Although this definition is very general, in the KERI/ACDC vocabulary 'validate' currently has extra diverse meanings extending the one of eSSIF-lab, such as
- evaluate
- verify
In contrast, validator and verifier have been clearly outlined in the WebofTrust vocabulary.
- validator #acdc
determines current authoritative key set for identifier from at least one key event (receipt) log. Types:
- Validator of any verifiable data structure
- Validator as a node in distributed consensus or participant
Validator and verifier are close to synonyms for our purposes.
A
validatorin KERI and ACDC is anybody that wants to establish control-authority over an identifier, created by the controller of the identifier. Validators verify the log, they apply duplicity detection or they leverage somebody else's duplicity detection or apply any other logic so they can say "Yes, these are events I can trust".- VC #acdc
- VC TEL #acdc
- VDS #acdc
- veracity #acdc
The quality of being true; contrast authenticity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).
- verifiable #acdc
able to cryptographically verify a certain data structure on its consistency and its authenticity
- verifiable credential #acdc
- verifiable data structure #acdc
Provides proof of key state for its identifier. In KERI it is the Key Event Log (
KEL). Key management is embedded in KELs, including recovery from key compromise.- verifiable legal entity identifier #acdc
Here at Rapidlei.
- verified integrity #acdc
A mechanism that can unambiguously assess whether the information is/continues to be whole, sound and unimpaired
- verifier #acdc
the entity that (cryptographically) verifies data received from peers (check structure, signatures, dates). More narrowly defined for the KERI suite: cryptographically verifies signature(s) on an event message.
Notice the subtile difference between validator and verifier.
- verify #acdc
Verify in eSSIF-lab glossary
- verify signature #acdc
Applying an algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity.
- virtual credential transaction event log #acdc
will track the issued or revoked state of each virtual credential (VC) and will contain a reference to its corresponding management transaction event log (management TEL).
- vLEI #acdc
- vlei credential #acdc
Credential concerning a verifiable Legal Entity Identifier, residing in the GLEIS and compliant with one or more of the GLEIF Governance Frameworks
- vlei ecosystem governance framework #acdc
The Verifiable LEI (vLEI) Ecosystem Governance Framework Information Trust Policies. It's a document that defines the information security, privacy, availability, confidentiality and processing integrity policies that apply to all vLEI Ecosystem Members.
Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.- vlei role credential #acdc
A vLEI credential that attests a role.
{TBW prio 3}
- W
- wallet #acdc
A crypto wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions and digital identifiers.
Paraphrased by @henkvancann from source Wikipedia- watcher #acdc
KERI alternative to total global ordering and consensus protocols is a mechanism called duplicity detection. In the verification and validation watchers are all that matter; they guarantee that logs are immutable by one very simple rule: "first seen wins".
- web of trust #acdc
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other
OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner.
Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). As with computer networks, there are many independent webs of trust, and any user (through their identity certificate) can be a part of, and a link between, multiple webs. The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP.
More on Wikipedia
- well known witnesses #acdc
Don't use the creation of well-known witnesses in a production environment, but for running tests it's suitable.
- witness #acdc
In KERI and ACDC context, a witness is an entity or component designated (trusted) by the controller of an identifier. The primary role of a witness is to verify, sign, and keep events associated with an identifier. A witness is the controller of its own self-referential identifier which may or may not be the same as the identifier to which it is a witness.\
An identifier witness therefore is part of its trust basis and may be controlled (but not necessarily so) by its controller. The purpose of a pool of witnesses is to protect the controller from external exploit of its identifier.
The term Backer and Witness are closely related in KERI but not synonyms or interchangeable.- X
- XBRL #acdc
- Z
- zero trust #acdc
a Zero Trust approach trusts no one.