# Spec-Up-T Demo

# Intro

This is a default Spec-Up-T installation. Find information on the Spec-Up-T documentation website.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

# Terms and Definitions Intro

# Demo terms, definitions and external definitions

A demo of terms and definitions, and references to external definitions.

ADR

architectural-decision-record

More in extended KERI glossary

API

application-programming-interface

More in extended KERI glossary

BFT

byzantine-fault-tolerance

More in extended KERI glossary

CBOR

concise-binary-object-representation

More in extended KERI glossary

CRUD

Is acronym for the traditional client-server database update policy is CRUD (Create, Read, Update, Delete).

CRUD as opposed to RUN which is the acronym for the new peer-to-peer end-verifiable monotonic update policy.

More in extended KERI glossary

CSPRNG

means “Cryptographically Secure Pseudorandom Number Generator,” which means that a sequence of numbers (bits, bytes…) that is produced from an algorithm that is deterministic (the sequence is generated from some unknown internal state), hence pseudorandom is also cryptographically secure, or not.

(Source: https://crypto.stackexchange.com/questions/12436/what-is-the-difference-between-csprng-and-prng)

More in extended KERI glossary

CT

certificate-transparency

More in extended KERI glossary

DAG

directed-acyclic-graph

More in extended KERI glossary

DHT

distributed-hash-table

More in extended KERI glossary

E2E

end-to-end

More in extended KERI glossary

FFI

foreign-function-interface

More in extended KERI glossary

GLEIF

Global Legal Entity Identifier Foundation

More in extended KERI glossary

GPG

gnu-privacy-guard

More in extended KERI glossary

HSM

hardware-security-module

More in extended KERI glossary

I-O

input-output

More in extended KERI glossary

IANA

internet-assigned-numbers-authority

More in extended KERI glossary

JOSE

javascript-object-signing-and-encryption

More in extended KERI glossary

JSON

javascript-object-notation

More in extended KERI glossary

LEI

Legal Entity Identifier

More in extended KERI glossary

LLM

large-language-model

More in extended KERI glossary

LoA

levels-of-assurance

More in extended KERI glossary

LoC

loci-of-control

More in extended KERI glossary

MFA

multi-factor-authentication

More in extended KERI glossary

MIME-type

media-type

More in extended KERI glossary

NFT

non-fungible-token

More in extended KERI glossary

P2P

peer-to-peer

More in extended KERI glossary

PGP

pretty-good-privacy

More in extended KERI glossary

PKI

public-key-infrastructure

More in extended KERI glossary

PRNG

means “Pseudorandom Number Generator” which means that a sequence of numbers (bits, bytes…) is produced from an algorithm which looks random, but is in fact deterministic (the sequence is generated from some unknown internal state), hence pseudorandom.

Such pseudorandomness can be cryptographically secure, or not. It is cryptographically secure if nobody can reliably distinguish the output from true randomness, even if the PRNG algorithm is perfectly known (but not its internal state). A non-cryptographically secure PRNG would fool basic statistical tests but can be distinguished from true randomness by an intelligent attacker.

(Source: https://crypto.stackexchange.com/questions/12436/what-is-the-difference-between-csprng-and-prng)

More in extended KERI glossary

SATP

secure-asset-transfer-protocol

More in extended KERI glossary

TCP

transmission-control-protocol

More in extended KERI glossary

TEE

trusted-execution-environment

More in extended KERI glossary

TPM

trusted-platform-module

More in extended KERI glossary

UI

user-interface

More in extended KERI glossary

URL

uniform-resource-locator

More in extended KERI glossary

VC

verifiable-credential

More in extended KERI glossary

VDS

verifiable-data-structure

More in extended KERI glossary

XBRL

extensible-business-reporting-language

More in extended KERI glossary

agency

Agents can be people, edge computers and the functionality within wallets. The service an agent offers is agency.

More in extended KERI glossary

append-only-event-logs

Append-only is a property of computer data storage such that new data can be appended to the storage, but where existing data is immutable.

A blockchain is an example of an append-only log. The events can be transactions. Bitcoin is a well-known Append only log where the events are totally ordered and signed transfers of control over unspent transaction output.

More on Wikipedia

More in extended KERI glossary

application-programming-interface

An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software.

More in extended KERI glossary

architectural-decision-record

Is a justified software design choice that addresses a functional or non-functional requirement that is architecturally significant.

Source adr.github.io

More in extended KERI glossary

authentic-web

The authentic web is the internet as a whole giant verifiable data structure. Also called Web5. The web will be one big graph. That’s the mental model of the ‘authentic web’.

More in extended KERI glossary

authenticity

The quality of having an objectively verifiable origin ; contrast veracity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).

Authenticity is strongly related to digital security. Ideally it should be verifiable (to a root-of-trust). The future picture therein is the authentic-web.

More in extended KERI glossary

authority

https://glossary.trustoverip.org/#term:authority

More in extended KERI glossary

authorization

Is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.

More formally, “to authorize” is to define an access policy.

More in extended KERI glossary

autonomic-computing-systems

Self managing computing systems using algorithmic governance, from the 90’s way way way before DAOs. KERI creator Sam Smith worked at funded Navy research in the 90’s on autonomic survivable systems as in “self-healing” systems: “We called them autonomic way back then”.

More in extended KERI glossary

base64

In computer programming, Base64 is a group of binary-to-text encoding schemes that represent binary data (more specifically, a sequence of 8-bit bytes) in sequences of 24 bits that can be represented by four 6-bit Base64 digits.

More on source Wikipedia

More in extended KERI glossary

blake3

BLAKE3 is a relatively young (2020) cryptographic hash function based on Bao and BLAKE2.

More in extended KERI glossary

branch

In software development a ‘branch’ refers to the result of branching: the duplication of an object under version control for further separate modification.

More in extended KERI glossary

byzantine-agreement

(non PoW) Byzantine Agreement is byzantine-fault-tolerance of distributed computing systems that enable them to come to consensus despite arbitrary behavior from a fraction of the nodes in the network. BA consensus makes no assumptions about the behavior of nodes in the system. Practical Byzantine Fault Tolerance (pBFT) is the prototypical model for Byzantine agreement, and it can reach consensus fast and efficiently while concurrently decoupling consensus from resources (i.e., financial stake in PoS or electricity in PoW).

More in extended KERI glossary

byzantine-fault-tolerance

A Byzantine fault (also interactive consistency, source congruency, error avalanche, byzantine-agreement problem, Byzantine generals problem, and Byzantine failure) is a condition of a computer system, particularly distributed computing systems, where components may fail and there is imperfect information on whether a component has failed.

More in extended KERI glossary

canonicalization

In computer science, canonicalization (sometimes standardization or normalization) is a process for converting data that has more than one possible representation into a “standard,” “normal,” or canonical form.

This can be done to compare different representations for equivalence, to count the number of distinct data structures, to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.

More on source Wikipedia

More in extended KERI glossary

certificate-transparency

Certificate Transparency (CT) is an Internet security standard and open source framework for monitoring and auditing digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates. As of 2021, Certificate Transparency is mandatory for all SSL/TLS certificates.

More in extended KERI glossary

chain-of-custody

From Wikipedia (Source):

Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests.

More in extended KERI glossary

claim

An assertion of the truth of something, typically one which is disputed or in doubt. A set of claims might convey personally identifying information: name, address, date of birth and citizenship, for example. (Source).

More in extended KERI glossary

clone

A copy of a system that is - and works exactly as the original

More in extended KERI glossary

cloud-agent

Cloud agent is software that is installed on the cloud server instances in order to provide security, monitoring, and analysis solutions for the cloud. They actually provide information and helps to provide control over cloud entities.

Paraphrased by @henkvancann based on source.

Also see agent.

More in extended KERI glossary

code-table

a code table is the Internet’s most comprehensive yet simple resource for browsing and searching for alt codes, ascii codes, entities in html, unicode characters, and unicode groups and categories.

Source

More in extended KERI glossary

collision

In cryptography and identity collision generally refers to something going wrong because an identical result has been produced but it refers to - or points to - different sources or assets backing this result.

E.g. two hashes collide, meaning two different digital sources produce the same hash.

Another example is name(space) collision.

More in extended KERI glossary

complementary-integrity-verification

A mechanism that can verify integrity independent of needing access to a previous instance or reference version of the information for comparison.

Source: Neil Thomson

More in extended KERI glossary

composability

short for text-binary concatenation composability. An encoding has Composability when any set of Self-Framing concatenated Primitives expressed in either the Text domain or Binary domain may be converted as a group to the other Domain and back again without loss.

Source: Dr. S.Smith

More in extended KERI glossary

concatenation

In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of “snow” and “ball” is “snowball”.

More on source Wikipedia page

More in extended KERI glossary

confidentiality

All statements in a conversation are only known by the parties to that conversation.

Source: Samuel Smith, at IIW-37, Oct 2023.

More in extended KERI glossary

configuration-files

In computing, configuration files (commonly known simply as config files) are files used to configure the parameters and initial settings for some computer programs. They are used for user applications, server processes and operating system settings.

More on source Wikipedia

More in extended KERI glossary

consensus-mechanism

How groups of entitities come to decisions. In general to learn about consensus mechanisms read any textbook on decision making, automated reasoning, multi-objective decision making, operations research etc.

More in extended KERI glossary

content-addressable-hash

Finding content by a hash of this content, generated by a one-way hash function applied to the content.

Content addressing is a way to find data in a network using its content rather than its location. The way we do is by taking the content of the content and hashing it. Try uploading an image to IPFS and get the hash using the below button.

More in extended KERI glossary

controller

an entity that can cryptographically prove the control authority over an AID and make changes on the associated KEL. A controller of a multi-sig AID may consist of multiple controlling entities.

Source: Dr. S.Smith, 2024

More in extended KERI glossary

coroutines

Computer programs that can be suspended and resumed at will.

More in extended KERI glossary

correlation

In our scope this is an identifier used to indicate that external parties have observed how wallet contents are related.

More in extended KERI glossary

credential

Evidence of authority, status, rights, entitlement to privileges, or the like.

(source)

A credential has its current state and a history, which is captured in a doc or a graph.

More in extended KERI glossary

crypto-libraries

Cryptography libraries deal with cryptography algorithms and have API function calls to each of the supported features.

More in extended KERI glossary

cryptocurrency

A digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a digital ledger or computerized database using strong cryptography to secure transaction record entries, to control the creation of additional digital coin records.

See more on source Wikipedia.

More in extended KERI glossary

cryptographic-commitment-scheme

is a cryptographic primitive that allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later.

Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are binding.

More on wikipedia

More in extended KERI glossary

cryptographic-primitive

the serialization of a value associated with a cryptographic operation including but not limited to a digest (hash), a salt, a seed, a private key, a public key, or a signature.

Source: Dr. S.Smith, 2024

More in extended KERI glossary

cryptographic-strength

The term “cryptographically strong” is often used to describe an encryption algorithm, and implies, in comparison to some other algorithm (which is thus cryptographically weak), greater resistance to attack. But it can also be used to describe hashing and unique identifier and filename creation algorithms.

More on Wikipedia

More in extended KERI glossary

cryptonym

a cryptographic pseudonymous identifier represented by a string of characters derived from a random or pseudo-random secret seed or salt via a one-way cryptographic function with a sufficiently high degree of cryptographic strength (e.g., 128 bits, see appendix on cryptographic-strength. A cryptonym is a type of primitive.

More in extended KERI glossary

data-anchor

Data anchors are digest of digital data, that uniquely identify this data. The digest is the anchor and can be used to identify - and point to the data at the same time.

More in extended KERI glossary

decentralized-key-management-infrastructure

a key management infrastructure that does not rely on a single entity for the integrity and security of the system as a whole. Trust in a DKMI is decentralized through the use of technologies that make it possible for geographically and politically disparate entities to reach an agreement on the key state of an identifier DPKI.

Source: Dr. S.Smith, 2024

More in extended KERI glossary

digest

verifiable cryptographic commitment. It’s a collision-resistant hash of content.

More in extended KERI glossary

digital-signature

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).

More in extended KERI glossary

directed-acyclic-graph

From Wikipedia (source):

In mathematics, particularly graph theory, and computer science, a directed acyclic graph (DAG /ˈdæɡ/ (listen)) is a directed graph with no directed cycles. That is, it consists of vertices and edges (also called arcs), with each edge directed from one vertex to another.

More in extended KERI glossary

disclosee

a role of an entity that is a recipient to which an ACDC is disclosed. A Disclosee may or may not be the Issuee of the disclosed ACDC.

Source: Dr. S. Smith

More in extended KERI glossary

discloser

a role of an entity that discloses an authentic-chained-data-container. A Discloser may or may not be the Issuer of the disclosed ACDC.

Source: Dr. S. Smith

More in extended KERI glossary

distributed-hash-table

It is a distributed system that provides a lookup service similar to a hash table: key-value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The main advantage of a DHT is that nodes can be added or removed with minimum work around re-distributing keys.

More in extended KERI glossary

dnd

Do Not Delegate is a flag/attribute for an AID, and this is default set to “you can delegate.”

More in extended KERI glossary

domain-name

A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are used in various networking contexts and for application-specific naming and addressing purposes.

More on Source Wikipedia.

More in extended KERI glossary

double-spend-proof

Total global ordering of transactions so that value can’t be spent twice at the same time from the unit of value. Or in everyday language: you can’t spend your money twice.

More in extended KERI glossary

duplicity

the existence of more than one version of a Verifiable key-event-log for a given AID.

Source: Dr. S.Smith, 2024

More in extended KERI glossary

eclipse-attack

An eclipse attack is a peer-to-peer network-based attack. Eclipse attack can only be performed on nodes that accept incoming connections from other nodes, and not all nodes accept incoming connections.

In a bitcoin network, by default, there are a maximum of 117 incoming TCP connections and 8 outgoing TCP connections.

Source

More in extended KERI glossary

edge

a top-level field map within an ACDC that provides edges that connect to other ACDCs, forming a labeled property graph (LPG).

Source: Dr. S. Smith

More in extended KERI glossary

electronic-signature

An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created (e.g., eIDAS in the European Union, NIST-DSS in the USA or ZertES in Switzerland).

More in extended KERI glossary

end-to-end

Inter-host communication and data flow transformations, considered in motion and at rest.

1. E2E Security. Inter-host communication must be end-to-end signed/encrypted and data must be stored signed/encrypted. Data is signed/encrypted in motion and at rest.

2. E2E Provenance. Data flow transformations must be end-to-end provenanced using verifiable data items (verifiable data chains or VCs). Every change shall be provenanced.

Paraphrased from source Universal Identifier Theory by Samuel Smith

More in extended KERI glossary

end-verifiable

When a log is end verifiable, it means that the log may be verified by any end user that receives a copy. No trust in intervening infrastructure is needed to verify the log and validate the content.

More in extended KERI glossary

entity

entity in the #essiflab glossary.

More in extended KERI glossary

entropy

Unpredictable information. Often used as a secret or as input to a key generation algorithm.

More in extended KERI glossary

ephemeral

Lasting for a markedly brief time. Having a short lifespan.

In the context of identifiers is often referred to as identifiers for one time use; or throw-away identifiers.

More in extended KERI glossary

escrow

‘Escrow’ as a noun is a (legal) arrangement in which a third party temporarily holds money or property until a particular condition has been met.

‘Escrow’ as a verb: we use it in protocol design to handle out of order events. Store the event and wait for the other stuff to show up and then continue processing of the event. So escrowing is the process of storing this event. We root back to the event later.

More in extended KERI glossary

extensible-business-reporting-language

XBRL is the open international standard for digital business reporting, managed by a global not for profit consortium, XBRL International.

More in extended KERI glossary

foreign-function-interface

Is a mechanism by which a program written in one, usually an interpreted (scripted), programming language that can call routines or make use of services written or compiled in another one.

More on Source: https://en.wikipedia.org/wiki/Foreign_function_interface

More in extended KERI glossary

gnu-privacy-guard

also GnuPG; is a free-software replacement for Symantec’s PGP cryptographic software suite. It is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems.

More on wikipedia

See more about the closely related and often-confusing term PGP.

More in extended KERI glossary

governance-framework

Also called ‘Governance structure’. Governance frameworks are the structure of a government and reflect the interrelated relationships, factors, and other influences upon the institution. Governance frameworks structure and delineate power and the governing or management roles in an organization. They also set rules, procedures, and other informational guidelines.

More in source Wikipedia.

More in extended KERI glossary

graph-fragment

An ACDC is a verifiable data structure and part of a graph, consisting of a node property and one or two edge proporties.

More in extended KERI glossary

hardware-security-module

A HSM is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authenticity and other cryptographic functions.

More in source Wikipedia

More in extended KERI glossary

hierarchical-asynchronous-coroutines-and-input-output

HIO is an acronym which stands for ‘Weightless hierarchical asynchronous coroutines and I/O in Python’.

It’s Rich Flow Based Programming Hierarchical Structured Concurrency with Asynchronous IO. That mouthful of terms has been explained further on Github.

HIO builds on very early work on hierarchical structured concurrency with lifecycle contexts from ioflo, ioflo github, and ioflo manuals.

More in extended KERI glossary

hierchical-deterministic-keys

An HDK type is a deterministic Bitcoin wallet derived from a known seed that allows child keys to be created from the parent key. Because the child key is generated from a known seed, a relationship between the child and parent keys is invisible to anyone without that seed.

More in extended KERI glossary

hio

Weightless hierarchical asynchronous coroutines and I/O in Python.

Rich Flow Based Programming Hierarchical Structured Concurrency with Asynchronous IO.

More in extended KERI glossary

identifier-system

a system for uniquely identifying (public) identities

More in extended KERI glossary

identifier

Something to uniquely identify (public) identities; pointing to something or someone else.

More in extended KERI glossary

identity

A unique entity. Typically represented by a unique identifier.

More in extended KERI glossary

inception

The operation of creating an AID by binding it to the initial set of authoritative keypairs and any other associated information. This operation is made verifiable and duplicity evident upon acceptance as the inception event that begins the AID’s KEL.

Source Sam Smith

More in extended KERI glossary

inconsistency

If a reason, idea, opinion, etc. is inconsistent, different parts of it do not agree, or it does not agree with something else. Data inconsistency occurs when similar data is kept in different formats in more than one file. When this happens, it is important to match the data between files.

More in extended KERI glossary

input-output

In computing, input/output (I/O, or informally io or IO) is the communication between an information processing system, such as a computer, and the outside world, possibly a human or another information processing system. Inputs are the signals or data received by the system and outputs are the signals or data sent from it. The term can also be used as part of an action; to “perform I/O” is to perform an input or output operation.

More in extended KERI glossary

integrity

Integrity (of a message or data) means that the information is whole, sound, and unimpaired (not necessarily correct). It means nothing is missing from the information; it is complete and in intended good order.

Source: Neil Thomson

More in extended KERI glossary

internal-inconsistency

Internal is used to describe things that exist or happen inside an entity. In our scope of digital identifier its (in)consistency is considered within the defining data structures and related data stores.

In key-event-receipt-infrastructure, you are protected against internal inconsistency by the hash chain data structure of the key-event-log because the only authority that can sign the log is the controller itself.

More in extended KERI glossary

internet-assigned-numbers-authority

is the organization that oversees the allocation of IP addresses to internet service providers (ISPs).

Source

More in extended KERI glossary

interoperability

Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange.

More on source Wikipedia

More in extended KERI glossary

interoperable

interoperability

More in extended KERI glossary

ip-address

An Internet Protocol address (IP address) is a numerical label such as ‘192.0.2.1’ that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing.

Much more on source Wikipedia

More in extended KERI glossary

issuee

a role of an entity to which the claims of an ACDC are asserted.

Source: Dr. S. Smith

More in extended KERI glossary

issuer

a role of an entity that asserts claims and creates an ACDC from these claims.

Source: Dr. S. Smith

More in extended KERI glossary

javascript-object-notation

JSON (JavaScript Object Notation, pronounced /ˈdʒeɪsən/; also /ˈdʒeɪˌsɒn/) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other serializable values). It is a common data format with diverse uses in electronic data interchange, including that of web applications with servers.

More in extended KERI glossary

javascript-object-signing-and-encryption

is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties. The JOSE framework provides a collection of specifications to serve this purpose.

More in extended KERI glossary

key-compromise

Basically there are three infrastructures that are included in “key management” systems that must be protected:

• Key pair creation and storage

• Event signing

• Event signature verification

So when we say “key compromise” we really mean compromise of one of those three things.

More in extended KERI glossary

key-management

management of cryptographic keys in a crypto-system. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys (also #key-rotation). It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

More in extended KERI glossary

key-pair

is a private key and its corresponding public key resulting from a one-way crypto-graphical function; a key pair is used with an asymmetric-key (public-key) algorithm in a so called public-key-infrastructure (PKI).

More in extended KERI glossary

key-state

a set of currently authoritative keypairs for an AID and any other information necessary to secure or establish control authority over an AID. This includes current keys, prior next key digests, current thresholds, prior next thresholds, witnesses, witness thresholds, and configurations.

More in extended KERI glossary

key-stretching

In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key.

More in extended KERI glossary

key-transparency

provides a lookup service for generic records and a public, tamper-proof audit log of all record changes. While being publicly auditable, individual records are only revealed in response to queries for specific IDs.

More in extended KERI glossary

key

In our digital scope it’s a mechanism for granting or restricting access to something. MAY be used to issue and prove, MAY be used to transfer and control over identity and cryptocurrency. More

More in extended KERI glossary

keystore

A keystore in KERI is the encrypted data store that hold the private keys for a collection of AIDs.

Source: Philip Feairheller.

More in extended KERI glossary

large-language-model

A large language model (LLM) is a language model consisting of a neural network with many parameters (typically billions of weights or more), trained on large quantities of unlabeled text using self-supervised learning or semi-supervised learning.

More on Source Wikipedia

More in extended KERI glossary

lead-bytes

In order to avoid confusion with the use of the term pad character, when pre-padding with bytes that are not replaced later, we use the term lead bytes. So lead-bytes are added “pre-conversion”.

More in extended KERI glossary

legal-entity

Unique parties that are legally or financially responsible for the performance of financial transactions or have the legal right in their jurisdiction to enter independently into legal contracts.

More in extended KERI glossary

levels-of-assurance

Identity and other trust decisions are often not binary. They are judgement calls. Any time that judgement is not a simple “Yes/No” answer, you have the option for levels of assurance. Also ‘LoA’.

More in extended KERI glossary

live-attack

an attack that compromises either the current signing keys used to sign non-establishment events or the current pre-rotated keys needed to sign a subsequent establishment event. See (Security Properties of Prerotation)[#live-attacks].

Source: Dr. S.Smith

More in extended KERI glossary

liveness

Liveness refers to a set of properties of concurrent systems, that require a system to make progress despite the fact that its concurrently executing components (“processes”) may have to “take turns” in critical sections, parts of the program that cannot be simultaneously run by multiple processes.

More in extended KERI glossary

loci-of-control

Locus of control is the degree to which people believe that they, as opposed to external forces (beyond their influence), have control over the outcome of events in their lives. Also ‘LoC’.

More on wikipedia

More in extended KERI glossary

media-type

A Media type (formerly known as MIME type) is a standard way to indicate the nature and format of a file, in the same way as ‘image/jpeg’ for JPEG images, used on the internet.

It is a two-part identifier for file formats and format contents transmitted on the internet. Their purpose is somewhat similar to file extensions in that they identify the intended data format.

More in extended KERI glossary

message

a serialized data structure that comprises its body and a set of serialized data structures that are its attachments. Attachments may include but are not limited to signatures on the body.

Source: Dr. S.Smith

More in extended KERI glossary

messagepack

MessagePack is a computer data interchange format. It is a binary form for representing simple data structures like arrays and associative arrays. MessagePack aims to be as compact and simple as possible. The official implementation is available in a variety of languages

More in extended KERI glossary

multi-factor-authentication

Authentication by combining multiple security factors. Well-known factors are what you know, what you have and what you are.

More in extended KERI glossary

multicodec

Is a self-describing multi-format, it wraps other formats with a tiny bit of self-description. A multi-codec identifier is both a variant (variable length integer) and the code identifying data.

See more at GitHub Multi-codec

More in extended KERI glossary

multiplexing

In telecommunications and computer networking, multiplexing (sometimes contracted to muxing) is a method by which multiple analog or digital signals are combined into one signal over a shared medium. The aim is to share a scarce resource - a physical transmission medium.

More on source Wikipedia-page

More in extended KERI glossary

multisig

also multi-signature or multisignature; is a digital signature scheme which allows a group of users to sign a single piece of digital data.

Paraphrased by @henkvancann from Wikipedia source

More in extended KERI glossary

namespace

In an identity system, an identifier can be generalized to a namespace to provide a systematic way of organizing identifiers for related resources and their attributes. A namespace is a grouping of symbols or identifiers for a set of related objects.

More in extended KERI glossary

non-fungible-token

A non-fungible token (NFT) is a financial security consisting of digital data stored in a blockchain, a form of distributed ledger.

More in extended KERI glossary

non-normative

A theory is called non-normative if it does not do what has described under ‘normative’. In general, the purpose of non-normative theories is not to give answers, but rather to describe possibilities or predict what might happen as a result of certain actions.

Source.

More in extended KERI glossary

non-transferable

No transferable (the control over) a certain digital asset in an unobstructed or loss-less manner. As opposed to transferable.

For example not legally transferable to the ownership of another entity.

More in extended KERI glossary

normative

a theory is “normative” if it, in some sense, tells you what you should do - what action you should take. If it includes a usable procedure for determining the optimal action in a given scenario.

Source.

More in extended KERI glossary

one-way-function

In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here, “easy” and “hard” are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems.

More on Wikipedia

More in extended KERI glossary

owner

Owner in ToIP glossary

More in extended KERI glossary

ownership

Ownership in ToIP glossary

More in extended KERI glossary

pad

is a character used to fill empty space, because many applications have fields that must be a particular length.

Source

More in extended KERI glossary

passcode

A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user’s identity.

More on source Wikipedia

More in extended KERI glossary

payload

The term ‘payload’ is used to distinguish between the ‘interesting’ information in a chunk of data or similar and the overhead to support it. The payload refers to the interesting part.

More in extended KERI glossary

peer-to-peer

Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer network of nodes

More on source Wikipedia

More in extended KERI glossary

perfect-security

a special case of Information theoretic security itps.

Source: Dr. S. Smith

More in extended KERI glossary

persistent-data-structure

An append only verifiable data structure. What we sign may not change.

More in extended KERI glossary

pipelining

In computing, a pipeline, also known as a data pipeline, is a set of data processing elements connected in series, where the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion. Some amount of buffer storage is often inserted between elements.

More on source Wikipedia-page

More in extended KERI glossary

post-pad

the action and / or result of extending a string with trailing pad characters to align to a certain length in bits or bytes.

More in extended KERI glossary

post-quantum

In cryptography, post-quantum cryptography (PQC) (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer.

More on source Wikipedia

More in extended KERI glossary

pre-pad

the action and / or result of prepending a string with leading pad characters to align to a certain length in bits or bytes.

More in extended KERI glossary

pretty-good-privacy

Is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

More on wikipedia

So also the often confusing GPG term.

More in extended KERI glossary

primitive

a serialization of a unitary value. All Primitives in KERI must be expressed in composable-event-streaming-representation.

Source: Dr. S.Smith

More in extended KERI glossary

privacy

Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

The domain of privacy partially overlaps with security, which can include the concepts of appropriate use and protection of information. Privacy may also take the form of bodily integrity.

More on source Wikipedia

More in extended KERI glossary

proof-of-authority

Proof that somebody or something has certain rights or permissions. It’s about data. Whereas proof-of-authorship is about data and its original creator.

A proof-of-authority provides verifiable authorizations or permissions or rights or credentials.

More in extended KERI glossary

protocol

Generic term to describe a code of correct conduct. Also called “etiquette”: a code of personal behavior.

More in extended KERI glossary

provenance

From Wikipedia (Source):

Provenance (from the French provenir, ‘to come from/forth’) is the chronology of the ownership, custody or location of a historical object. The term was originally mostly used in relation to works of art but is now used in similar senses in a wide range of fields, including archaeology, paleontology, archives, manuscripts, printed books, the circular economy, and science and computing.

More in extended KERI glossary

pseudo-random-number

A (set of) value(s) or element(s) that is statistically random, but it is derived from a known starting point and is typically repeated over and over.

More in extended KERI glossary

public-key-infrastructure

Is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

More on Wikipedia

More in extended KERI glossary

race-condition

A race condition or race hazard is the condition of an electronics, software, or other system where the system’s substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of the possible behaviors is undesirable.

Source.

More in extended KERI glossary

rainbow-table-attack

A rainbow table attack is a password-cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database.

More in extended KERI glossary

receipt

event message or reference with one or more witness signatures.

See Also:

key-event-receipt

More in extended KERI glossary

registry

In our digital mental model it’s an official digital record book. When people refer to a registry, they usually mean a specific instance, within a multi-tenant registry. E.g. Docker Hub is a multi-tenant registry, where there’s a set of official / public images.

More in extended KERI glossary

replay-attack

A replay attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants.

More in extended KERI glossary

repo

Software is our line of work. In this, ‘repo’ is the short hand for ‘Repository’, mostly referring to a software repo(sitory) on Github.com, Gitlab (https://gitlab.com) or other software repository hosting services.

More in extended KERI glossary

revocation

Revocation is the act of recall or annulment. It is the cancelling of an act, the recalling of a grant or privilege, or the making void of some deed previously existing.

More on source Wikipedia

More in extended KERI glossary

ricardian-contract

The Ricardian contract, as invented by Ian Grigg in 1996, is a method of recording a document as a contract at law, and linking it securely to other systems, such as accounting, for the contract as an issuance of value.

More in extended KERI glossary

root-of-trust

A root-of-trust is some component of a system that is security by design and its security characteristics may be inherently trusted or relied upon by other components of the system.

More in extended KERI glossary

salt

random data fed as an additional input to a one-way function that hashes data.

Source: Dr. S. Smith

More in extended KERI glossary

schema-namespace-registry

a centrally managed schema-registry where corporations or individuals reserve schemas within a specific namespace in order to have an interoperable schema that is labeled with a corporation-specific or individual-specific namespace.

More in extended KERI glossary

schema-registry

Central registry for credential schemas based on namespaces.

More in extended KERI glossary

seal

a seal is a cryptographic commitment in the form of a cryptographic digest or hash tree root (Merkle root) that anchors arbitrary data or a tree of hashes of arbitrary data to a particular event in the key event sequence.

Source: Dr. S. Smith

More in extended KERI glossary

security-overlay-properties-trillema

An identifier system has some degree of any combination of the three properties authenticity, privacy and confidentiality, but not all three completely.

More in extended KERI glossary

seed

In cryptography a ‘seed’ is a pseudorandomly generated number, often expressed in representation of a series of words.

Paraphrased from wikipedia

More in extended KERI glossary

self-sovereignty

Self sovereignty in Trust over IP wiki.

More in extended KERI glossary

semver

Semantic Versioning Specification 2.0. See also (https://semver.org/)[https://semver.org/].

Source: Dr. S.Smith

More in extended KERI glossary

service-endpoint

In our context we consider a web service endpoint which is a uniform-resource-locator at which clients of specific service can get access to the service.

More in extended KERI glossary

signed-digest

commitment to content, by digitally signing a digest of this content.

More in extended KERI glossary

signing-threshold

Is the minimum number of valid signatures to satisfy the requirement for successful verification in a threshold-signature-scheme.

More in extended KERI glossary

source-of-truth

The source of truth is a trusted data source that gives a complete picture of the data object as a whole.

Source: LinkedIN.

More in extended KERI glossary

spanning-layer

An all encompassing layer horizontal layer in a software architecture. Each trust layer only spans platform specific applications. It bifurcates the internet trust map into domain silos (e.g. twitter.com), because there is no spanning trust layer.

More in extended KERI glossary

stream

a CESR Stream is any set of concatenated Primitives, concatenated groups of Primitives, or hierarchically composed groups of primitives.

Source: Dr. S. Smith

More in extended KERI glossary

sub-shell

A subshell is basically a new shell just to run a desired program. A subshell can access the global variables set by the ‘parent shell’ but not the local variables. Any changes made by a subshell to a global variable is not passed to the parent shell.

Source

More in extended KERI glossary

supermajority

Sufficient majority that is labeled immune from certain kinds of attacks or faults.

More in extended KERI glossary

tcp-endpoint

This is a service-endpoint of the web transmission-control-protocol

More in extended KERI glossary

threshold-structure-security

A threshold structure for security allows for weaker key management or execution environment infrastructure individually, but achieve greater overall security by multiplying the number of attack surfaces that an attacker must overcome to compromise a system.

More in extended KERI glossary

trans-contextual-value

Value that is transferrable between contexts. How do we recapture the value in our data? 1- Leverage cooperative network effects 2- Retake control of our data.

Source Samuel Smith

More in extended KERI glossary

transmission-control-protocol

One of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP).

More on source Wikipedia.

More in extended KERI glossary

tritet

3 bits. See Performant resynchronization with unique start bits.

Source: Dr. S. Smith

More in extended KERI glossary

trusted-execution-environment

Protected hardware/software/firmware security system. The controller may protect its key generation, key storage, and event signing infrastructure by running it inside a trusted execution environment (TEE).

More in extended KERI glossary

trusted-platform-module

A device that enhances the security and privacy (of identity systems) by providing hardware-based cryptographic functions.

# Functions

A TPM can generate, store, and protect encryption keys and authentication credentials that are used to verify the identity of a user or a device.

A TPM can also measure and attest the integrity of the software and firmware that are running on a system, to ensure that they have not been tampered with or compromised.

# Form

A TPM can be implemented as a physical chip, a firmware module, or a virtual device.

Source: Bing chat sept 2023

More in extended KERI glossary

ts-node

npm package that lets you run typescript from a shell

More in extended KERI glossary

uniform-resource-locator

A Uniform Resource Locator (URL), colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.

More in extended KERI glossary

user-interface

A user interface (UI or U/I) is the space where interactions between humans and machines occur.

More in extended KERI glossary

validate

ESSIF-lab definition of validate. Although this definition is very general, in the KERI/ACDC vocabulary, ‘validate’ currently has extra diverse meanings extending the one of eSSIF-lab, such as

• evaluate

• verify

More in extended KERI glossary

validator

any entity or agent that evaluates whether or not a given signed statement as attributed to an identifier is valid at the time of its issuance.

Source: Dr. S. Smith

More in extended KERI glossary

variable-length

a type of count code allowing for vaiable size signatures or attachments which can be parsed to get the full size.

Source: Dr. S. Smith

More in extended KERI glossary

veracity

The quality of being true; contrast authenticity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).

More in extended KERI glossary

verifiable-data-registry

A role a system might perform by mediating issuance and verification of ACDCs. See verifiable data registry.

Source: Dr. S. Smith

More in extended KERI glossary

verifiable-data-structure

A verifiable data structure is a data structure that incorporates cryptographic techniques to ensure the integrity and authenticity of its contents. It allows users to verify the correctness of the data stored within the structure without relying on a trusted third party.

#Sources-Definition-ChatGPT

More in extended KERI glossary

verifiable

a condition of a KEL: being internally consistent with the integrity of its backward and forward chaining digest and authenticity of its non-repudiable signatures.

Source: Dr. S. Smith

Explanation

Able to cryptographically verify a certain data structure on its inconsistency and its authenticity

More in extended KERI glossary

verified-integrity

A mechanism that can unambiguously assess whether the information is/continues to be whole, sound and unimpaired

More in extended KERI glossary

verifier

any entity or agent that cryptographically verifies the signature(s) and digests on an event Message.

Source Dr. S. Smith

More in extended KERI glossary

verify-signature

Applying an algorithm that, given the message, public key and signature, either accepts or rejects the message’s claim to authenticity.

More in extended KERI glossary

version

an instance of a KEL for an AID in which at least one event is unique between two instances of the kel.

Source: Dr. S. Smith

More in extended KERI glossary

wallet

A crypto wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions and digital identifiers.

Paraphrased by @henkvancann from source Wikipedia

More in extended KERI glossary

web-of-trust

In cryptography, a web of trust is a concept used in PGP, gnu-privacy-guard, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner.

More in extended KERI glossary

zero-trust-computing

A security model centered on the principle of “never trust, always verify.” It assumes that threats can exist inside and outside the network, and thus, no entity — a device, user, or system — is inherently trusted. This approach requires continuous verification of all users and devices attempting to access network resources.

More in extended KERI glossary

zero-trust

a Zero Trust approach trusts no one.

More in extended KERI glossary

# Demo of example markup in Spec-Up-T and Markdown

# Blockquote

To be, or not to be, that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles And by opposing end them. To die—to sleep, No more;

# Notices

::: note Basic Note
  Check this out.
:::

::: issue Issue Notice
  I take issue with that, kind sir.
:::

::: warning Warning Notice
  Houston, I think we have a problem
:::

::: todo Really Important
  Get this done!
:::

::: example Code Example
  Put your code block here
:::

// Some comment in JSON
{
  "foo": "bar",
  "baz": 2
}

# Content Insertion

Use the following format to pull in content from other files in your project:

This text has been inserted here from another file: [[insert: assets/test.text]]

This text has been inserted here from another file: Beam me in, Scotty!

You can even insert content within more complex blocks, like the JSON object below which is being pulled in and rendered in a syntax-highlighted example block:

::: example Code Example
```json
[[insert: assets/test.json]]
```
:::

{
  "foo": {
    "bar": 1
  }
}

# Tables

|              Stage | Direct Products | ATP Yields |
| -----------------: | --------------: | ---------: |
|         Glycolysis |           2 ATP |            |
|                 ^^ |          2 NADH |   3--5 ATP |
| Pyruvaye oxidation |          2 NADH |      5 ATP |
|  Citric acid cycle |           2 ATP |            |
|                 ^^ |          6 NADH |     15 ATP |
|                 ^^ |         2 FADH2 |      3 ATP |
|     **30--32** ATP |                 |            |
[Net ATP yields per hexose]

|     |     |     |     |     |     |     |     |
| --- | --- | --- | --- | --- | --- | --- | --- |
| ♜   |     | ♝   | ♛   | ♚   | ♝   | ♞   | ♜   |
|     | ♟   | ♟   | ♟   |     | ♟   | ♟   | ♟   |
| ♟   |     | ♞   |     |     |     |     |     |
|     | ♗   |     |     | ♟   |     |     |     |
|     |     |     |     | ♙   |     |     |     |
|     |     |     |     |     | ♘   |     |     |
| ♙   | ♙   | ♙   | ♙   |     | ♙   | ♙   | ♙   |
| ♖   | ♘   | ♗   | ♕   | ♔   |     |     | ♖   |

# Sequence Diagrams

```mermaid
sequenceDiagram
  Alice ->> Bob: Hello Bob, how are you?
  Bob-->>John: How about you John?
  Bob--x Alice: I am good thanks!
  Bob-x John: I am good thanks!
  Note right of John: Bob thinks a long
long time, so long
that the text does
not fit on a row.

  Bob-->Alice: Checking with John...
  Alice->John: Yes... John, how are you?
```

# Flows

```mermaid
graph TD
  A[Start] --> B{Is it?}
  B -->|Yes| C[OK]
  C --> D[Rethink]
  D --> B
  B -->|No| E[End]
```

# Charts

```js
{
  "type": "pie",
  "data": {
    "labels": [
      "Red",
      "Blue",
      "Yellow"
    ],
    "datasets": [
      {
        "data": [
          300,
          50,
          100
        ],
        "backgroundColor": [
          "#FF6384",
          "#36A2EB",
          "#FFCE56"
        ],
        "hoverBackgroundColor": [
          "#FF6384",
          "#36A2EB",
          "#FFCE56"
        ]
      }
    ]
  }
}
```

{
  "type": "pie",
  "data": {
    "labels": [
      "Red",
      "Blue",
      "Yellow"
    ],
    "datasets": [
      {
        "data": [
          300,
          50,
          100
        ],
        "backgroundColor": [
          "#FF6384",
          "#36A2EB",
          "#FFCE56"
        ],
        "hoverBackgroundColor": [
          "#FF6384",
          "#36A2EB",
          "#FFCE56"
        ]
      }
    ]
  }
}

# Syntax Highlighting

```json
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }],
  "service": [{
    "id":"did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}
```

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{ 
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }],
  "service": [{
    "id":"did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}

# TeX Math Equations

When the katex option is enabled, the KaTeX math engine is used for TeX rendering. You can find a list of supported features and examples here: https://katex.org/docs/supported.html.

$$\begin{pmatrix}x_2 \ y_2 \end{pmatrix} = \begin{pmatrix} A & B \ C & D \end{pmatrix}\cdot \begin{pmatrix} x_1 \ y_1 \end{pmatrix}$$

$$\def\arraystretch{1.5} \begin{array}{c:c:c} a & b & c \ \hline d & e & f \ \hdashline g & h & i \end{array}$$

$$ \underbrace{a+b+c}_{\text{Note: such math, much wow.}} $$

# Tab Panels

{
  "foo": "foo",
  "baz": 1
}

{
  "foo": "bar",
  "baz": 2
}

# Fancy Links

Spec-Up automatically upgrades the links of certain sites, like GitHub. GitHub is the only supported site with Fancy Links right now, but we’ll be adding more as we go.

# GitHub

• Issues
  • Source: https://github.com/decentralized-identity/presentation-exchange/issues/119
  • Render: https://github.com/decentralized-identity/presentation-exchange/issues/119
• Pull Requests
  • Source: https://github.com/decentralized-identity/sidetree/pull/863
  • Render: https://github.com/decentralized-identity/sidetree/pull/863
• Releases
  • Source: https://github.com/decentralized-identity/sidetree/releases/tag/v0.9.1
  • Render: https://github.com/decentralized-identity/sidetree/releases/tag/v0.9.1
• Projects
  • Source: https://github.com/decentralized-identity/sidetree/projects/1
  • Render: https://github.com/decentralized-identity/sidetree/projects/1

# Outro

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?