-
+
- A
+
- ACDC #wot
+ - + + + +
- ADC #wot +
- + + + +
- agency #wot +
Agents can be people, edge computers and the functionality within wallets. The service an agent offers is agency.
+ +
+
+- agent #wot +
An agent in KERIA terms is an instance of a keystore (Hab) that runs in a given instance of the KERIA agent server.
+ +
+
+- AID #wot +
- + + + +
- ambient verifiability #wot +
Verifiable by anyone, anywhere, at anytime. Although this seems a pretty general term, it was first used in the context of KERI by Sam Smith.
+An example of ambient verifiability is Ambient Duplicity Detection that describes the possibility of detecting duplicity by anyone, anywhere, anytime.
+ +
+
+- ample #wot +
The minimum required number of participants in an event to have a supermajority so that one and only one agreement or consensus on an event may be reached. This is a critical part of the KAACE agreement algorithm (consensus) in KERI for establishing consensus between witnesses on the key state of a KERI identifier. This consensus on key state forms the basis for accountability for a KERI controller, or what a person who controls a KERI identifier may be held legally responsible for.
+This supermajority is also called a sufficient majority that is labeled immune from certain kinds of attacks or faults.
+From section 11.4.2.4 Immune of v2.60 of the KERI whitepaper,
++
+Satisfaction of this constraint guarantees that at most one sufficient agreement occurs or none at +all despite a dishonest controller but where at most F of the witnesses are potentially faulty.
+Ample Agreement Constraint:
+
+Can apply to either
+-
+
- a group of KERI witnesses for a witnessed event or +
- a group of KERI identifier controllers participating in a multi-signature group. +
+
+- AN #wot +
- + + + +
- APC #wot +
- + + + +
- API #wot +
- + + + +
- append only event logs #wot +
Append-only is a property of computer data storage such that new data can be appended to the storage, but where existing data is immutable.
+A blockchain is an example of an append-only log. The events can be transactions. Bitcoin is a well-known Append only log where the events are totally ordered and signed transfers of control over unspent transaction output.
+More on Wikipedia
+ +
+
+- application programming interface #wot +
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software.
+ +
+
+- attributional trust #wot +
KERI offers cryptographic root-of-trust to establish attributional trust. In the real world you'd also need reputational trust. You can't have reputation without attributional trust.
+ +
+Read more in source Universal Identifier Theory
+
+- authentic chained data container #wot +
In brief, an ACDC or ADC proves digital data consistency and authenticity in one go. An ACDC cryptographically secures commitment to data contained, and its identifiers are self-addressing, which means they point to themselves and are also contained ìn the data.
+
+
+
+
+- authentic data #wot +
Integer and Provenanced data. Source: Timothy Ruff #IIW37
+ +
+
+- authentic data container #wot +
A mechanism for conveying data that allows the authenticity of its content to be proved.
+ +
+
+- authentic provenance chain #wot +
Interlinked presentations of evidence that allow data to be tracked back to its origin in an objectively verifiable way.
+ +
+
+- authentic web #wot +
The authentic web is the internet as a whole giant verifiable data structure. Also called Web5. The web will be one big graph. That's the mental model of the 'authentic web'.
+ +
+
+- authenticity #wot +
The quality of having an objectively verifiable origin ; contrast veracity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).
+Authenticity is strongly related to digital security. Ideally it should be verifiable (to a root-of-trust). The future picture therein is the Authentic Web.
+ +
+
+
+Established control authority over an identifier, that has received attestations to it, e.g. control over the identifier has been verified to its root-of-trust. So the (control over the) identifier is 'authoritative' because it can be considered accurate, renowned, honourable and / or respected.
+ +
+Also used to describe PKI key pairs that have this feature.
+
+
+Authority in ToIP glossary
+ +
+
+
+Is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.
+More formally, "to authorize" is to define an access policy.
+ +
+
+
+Also 'AVR'. This a representative of a Legal Entity that are authorized by the DAR of a Legal Entity to request issuance and revocation of:
+-
+
- vLEI Legal Entity Credentials +
- Legal Entity Official Organizational Role vLEI Credentials (OOR vLEI Credentials) +
- Legal Entity Engagement Context Role vLEI Credentials (ECR vLEI Credentials). +
Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.
+ +
+
+- autonomic computing systems #wot +
Self managing computing systems using algorithmic governance, from the 90's way way way before DAOs. KERI creator Sam Smith worked at funded Navy research in the 90's on autonomic survivable systems as in "self-healing" systems: "We called them autonomic way back then".
+ +
+
+- autonomic identifier #wot +
An identifier that is self-certifying and self-sovereign (or self-managing).
+ +
+
+- autonomic identity system #wot +
There's nobody that can intervene with the establishment of the authenticity of a control operation because you can verify all the way back to the root-of-trust.
+
+
+
+- autonomic namespace #wot +
A namespace that is self-certifying and hence self-administrating. ANs are therefore portable = truly self sovereign.
+ +
+
+- autonomic trust basis #wot +
When use an AID as the root-of-trust we form a so-called autonomic trust basis. This is diagrammed as follows:
+
+ +
+
+- AVR #wot +
- + + + +
- B
+
- backer #wot
+ The terms Backer and Witness are closely related in KERI. Backers include both regular KERI witnesses and ledger-registered backers.
+
+
+
+- BADA #wot +
- + + + +
- base media type #wot +
+credentialplusldplusjson.Other media types of credentials are allowed by must provide either unidirectional or bidirectional transformations. So for example we would create credential+acdc+json and provide a unidirectional transformation to credential+ld+json.
+We are going for
+credentialplusacdcplusjsonwithout@context. The main objection to use@contextis that it can change the meaning of a credential. +The other way around: ACDCs will include W3C credentials.Media types will be used to differentiate between types of credentials and verifiable credentials.
+ +
+
+- base64 #wot +
In computer programming, Base64 is a group of binary-to-text encoding schemes that represent binary data (more specifically, a sequence of 8-bit bytes) in sequences of 24 bits that can be represented by four 6-bit Base64 digits.
+More on source Wikipedia
+ +
+
+- bespoke credential #wot +
It's an issuance of the disclosure or presentation of other ACDCs. Bespoke means Custom or tailor made. +A bespoke credential serves as an on-the-fly contract with the issuee; it's a self-referencing and self-contained contract between the issuer and the verifier. Mind you, here the issuer and issuee are merely the discloser and disclosee of another (set of) ACDC(s).
+ +
+
+- best available data acceptance mechanism #wot +
The BADA security model provides a degree of replay attack protection. The attributate originator (issuer, author, source) is provided by an attached signature couple or quadruple. A single reply could have multiple originators. When used as an authorization the reply attributes may include the identifier of the authorizer and the logic for processing the associated route may require a matching attachment. +BADA is part of KERI's Zero Trust Computing Architecture for Data Management: How to support Secure Async Data Flow Routing in KERI enabled Applications.
+ +
+
+- bexter #wot +
The class variable length text that is used in CESR and preserves the round-trip transposability using Base64 URL safe-only encoding even though the text variable length.
+ +
+
+- BFT #wot +
- + + + +
- binding #wot +
In short, the technique of connecting two data elements together. In the context of KERI it's the association of data or an identifier with another identifier or a subject (a person, organization or machine), thereby lifting the privacy of the subject through that connection, i.e. binding.
+ +
+
+- bis #wot +
bis = backed vc issue, registry-backed transaction event log credential issuance
+ +
+
+- bivalent #wot +
A nested set of layered delegations in a delegation tree, wraps each layer with compromise recovery protection of the next higher layer. This maintains the security of the root layer for compromise recovery all the way out to the leaves in spite of the leaves using less secure key management methods.
+
+
To elaborate, in a cooperative delegation, the key generation and storage functions of the delegator and delegate, in terms of the controlling private keys, may be completely isolated from each other. This means that each may use its own independent key management infrastructure with no movement of private keys between the two infrastructures. We call this a bivalent key management infrastructure.
+Source Universal Identifier Theory by Samuel Smith
+ +
+
+- blake3 #wot +
BLAKE3 is a relatively young (2020) cryptographic hash function based on Bao and BLAKE2.
+ +
+
+- blind oobi #wot +
A blind OOBI means that you have some mechanisms in place for verifying the AID instead of via the OOBI itself. A blind OOBI is essentially a URL. It's called "blind" because the witness is not in the OOBI itself. You haves other ways of verifying the AID supplied.
+ +
+
+- blinded revocation registry #wot +
The current state of a transaction event log (TEL) be hidden or blinded such that the only way for a potential verifier of the state to observe that state is when the controller of a designated AID discloses it at the time of presentation.
+{BE CAREFUL WITH THE REST, JUST TEXT SNIPPETS TYPED IN FROM A CONVERSATION }
+No information can be obtained via a rainbow table attack because the hash has enough entropy added to it.
+{TBW on the basis of the last half hour of the recording ACDC meetup Dec 6 }
+The issuer creates and signs of the bulk issuance set of credentials and shares a salt with the any presenters. +The shared salt correlates between the issuer and the issuee, but that is the worst problem we have to consider, which is acceptable.
+See more in the section blindable state tel
+ +
+
+- BOLA #wot +
- + + + +
- bran #wot +
A cryptographic string used as a primary input, a seed, for creating key material for and autonomic-identifier.
+ +
+
+- branch #wot +
In software development a 'branch' refers to the result of branching: the duplication of an object under version control for further separate modification.
+ +
+
+
+Refers to security flaws where users can access data they shouldn't, due to inadequate permission checks on individual (sub)objects.
+ +
+
+- brv #wot +
brv = backed vc revoke, registry-backed transaction event log credential revocation
+ +
+
+- byzantine agreement #wot +
(non PoW) Byzantine Agreement is Byzantine fault tolerance of distributed computing systems that enable them to come to consensus despite arbitrary behavior from a fraction of the nodes in the network. BA consensus makes no assumptions about the behavior of nodes in the system. Practical Byzantine Fault Tolerance (pBFT) is the prototypical model for Byzantine agreement, and it can reach consensus fast and efficiently while concurrently decoupling consensus from resources (i.e., financial stake in PoS or electricity in PoW).
+ +
+
+- byzantine fault tolerance #wot +
A Byzantine fault (also interactive consistency, source congruency, error avalanche, Byzantine agreement problem, Byzantine generals problem, and Byzantine failure) is a condition of a computer system, particularly distributed computing systems, where components may fail and there is imperfect information on whether a component has failed. The term takes its name from an allegory, the "Byzantine Generals Problem", developed to describe a situation in which, in order to avoid catastrophic failure of the system, the system's actors must agree on a concerted strategy, but some of these actors are unreliable. +In a Byzantine fault, a component such as a server can inconsistently appear both failed and functioning to failure-detection systems, presenting different symptoms to different observers. It is difficult for the other components to declare it failed and shut it out of the network, because they need to first reach a consensus regarding which component has failed in the first place. +Byzantine fault tolerance (BFT) is the dependability of a fault-tolerant computer system to such conditions.
+ +
+
+- C
+
- CBOR #wot
+ - + + + +
- certificate transparency #wot +
Certificate Transparency (CT) is an Internet security standard and open source framework for monitoring and auditing digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates. As of 2021, Certificate Transparency is mandatory for all SSL/TLS certificates.
+ +
+
+- CESR #wot +
- + + + +
- cesr proof signatures #wot +
CESR Proof Signatures are an extension to the Composable Event Streaming Representation [CESR] that provide transposable cryptographic signature attachments on self-addressing data (SAD) [SAID]. Any SAD, such as an Authentic Chained Data Container (ACDC) Verifiable Credential [ACDC] for example, may be signed with a CESR Proof Signature and streamed along with any other CESR content. In addition, a signed SAD can be embedded inside another SAD and the CESR proof signature attachment can be transposed across envelope boundaries and streamed without losing any cryptographic integrity.
+
+(Philip Feairheller, IETF-cesr-proof)
+
+
+- cesride #wot +
is concerned with parsing CESR primitives.
+Cesride is built from cryptographic primitives that are named clearly and concisely. There are:
+ +Each primitive will have methods attached to it that permit one to generate and parse the qualified base2 or base64 representation. Common methods you'll find:
+-
+
.qb64()- qualified base-64 representation of cryptographic material as a string
+.qb64b()- qualified base-64 representation of cryptographic material as octets (bytes)
+.qb2()- qualified base-2 representation of cryptographic material as octets (bytes)
+.code()- qualifying code (describes the type of cryptographic material)
+.raw()- raw cryptographic material (unqualified) as octets (bytes)
+
Source by Jason Colburne
+ +
+
+- chain link confidentiality #wot +
Chains together a sequence of Disclosees which may also include a set of constraints on data usage by both second and third parties expressed in legal language such that the constraints apply to all recipients of the disclosed data thus the phrase "chain link" confidentiality. Each Disclosee in the sequence in turn is the Discloser to the next Disclosee.
+This is the primary mechanism of granting digital data rights through binding information exchange to confidentiality laws. Confidentiality is dynamically negotiated on a per-event, per-data exchange basis according to the data that is being shared in a given exchange.
+ +
+
+- chain of custody #wot +
From Wikipedia (Source): +Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests.
+ +
+
+- cigar #wot +
An unindexed signature.
+ +
+Source by Jason Colburne
+
+- claim #wot +
An assertion of the truth of something, typically one which is disputed or in doubt. A set of claims might convey personally identifying information: name, address, date of birth and citizenship, for example. (Source).
+ +
+
+- CLC #wot +
- + + + +
- clone #wot +
A copy of a system that is - and works exactly as the original
+ +
+
+- cloud agent #wot +
Cloud agent is software that is installed on the cloud server instances in order to provide security, monitoring, and analysis solutions for the cloud. They actually provide information and helps to provide control over cloud entities.
+ +
+Paraphrased by @henkvancann based on source.
+Also see Agent.
+
+- code table #wot +
+
+
+
+- code table selector #wot +
the first character in the text code of CESR stream that determines which code table to use, either a default code table or a code table selector character when not the default code table. Thus the 1 character text code table must do double duty. It must provide selectors for the different text code tables and also provide type codes for the most popular primitives that have a pad size of 1 that appear is the default code table.
+ +
+
+- cold start stream parsing #wot +
After a reboot (or cold start), a stream processor looks for framing information to know how to parse groups of elements in the stream.
+If that framing information is ambiguous then the parser may become confused and require yet another cold start. While processing a given stream a parser may become confused especially if a portion of the stream is malformed in some way. This usually requires flushing the stream and forcing a cold start to resynchronize the parser to subsequent stream elements.
+ +
+
+- collective signature #wot +
a group signature scheme, that (i) is shared by a set of signing groups and (ii) combined collective signature shared by several signing groups and several individual signers. The protocol of the first type is constructed and described in detail. It is possible to modify the described protocol which allows transforming the protocol of the first type into the protocol of the second type. The proposed collective signature protocols have significant merits, one of which is connected with possibility of their practical using on the base of the existing public key infrastructures.
+
+SourceCollective signature have a variable length as a function of the number of signers.
+ +
+
+- collision #wot +
In cryptography and identity collision generally refers to something going wrong because an identical result has been produced but it refers to - or points to - different sources or assets backing this result.
+E.g. two hashes collide, meaning two different digital sources produce the same hash.
+ +
+Another example is name(space) collision.
+
+- compact variant #wot +
Either a most compact version of an ACDC or the fully compact version of an ACDC. An Issuer commitment via a signature to any variant of ACDC (compact, full, etc) makes a cryptographic commitment to the top-level section fields shared by all variants of that ACDC because the value of a top level section field is either the SAD or the SAID of the SAD of the associated section.
+ +
+
+- complementary integrity verification #wot +
A mechanism that can verify integrity independent of needing access to a previous instance or reference version of the information for comparison.
+ +
+Source: Neil Thomson
+
+- composability #wot +
- + + + +
- composable #wot +
- + + + +
- composable event streaming representation #wot +
This compact encoding scheme fully supports both textual and binary streaming applications of attached crypto material of all types. This approach includes composability in both the textual and binary streaming domains. The primitives may be the minimum possible but still composable size. Making composability a guaranteed property allows future extensible support of new compositions of streaming formats based on pre-existing core primitives and compositions of core primitives. This enables optimized stream processing in both the binary and text domains. Also called 'CESR'.
+ +
+
+- concise binary object representation #wot +
- + + + +
- confidentiality #wot +
All statements in a conversation are only known by the parties to that conversation. Source: Samuel Smith, at IIW-37, Oct 2023.
+Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.
+ +
+More on source Wikipedia
+
+- configuration files #wot +
In computing, configuration files (commonly known simply as config files) are files used to configure the parameters and initial settings for some computer programs. They are used for user applications, server processes and operating system settings.
+More on source Wikipedia
+ +
+
+- consensus mechanism #wot +
How groups of entitities come to decisions. In general to learn about consensus mechanisms read any textbook on decision making, automated reasoning, multi-objective decision making, operations research etc.
+ +
+
+- content addressable hash #wot +
Finding content by a hash of this content, generated by a one-way hash function applied to the content.
+Content addressing is a way to find data in a network using its content rather than its location. The way we do is by taking the content of the content and hashing it. Try uploading an image to IPFS and get the hash using the below button.
+ +
+
+- contextual linkability #wot +
Refers to the condition where vendors or other data capture points provide enough context at point of capture to be able to use statistical correlation with existing data sets to link any of a person's disclosed attributes to a set of already known data points about a given person.
+This sort of linkability nullifies the perceived protection of selective disclosure through zero knowledge proofs since the disclosed data can be combined with context to easily link the disclosed data to an existing profile of the person.
+These threats mainly focus on a subject (the entity) who wants to hide as much of his identifiable information (or at least make it as unlikable as possible). This can occur when the subject wants to authenticate himself to a certain service (multiple authentication principles are shown in the tree), but also during regular communication (browsing, client-server requests, etc.) by means of the contextual information connected or linked to the the activity or communication.
+
+More at sourceContractually protected disclosure is the primary defense against contextual linkability.
+ +
+
+- contingent disclosure #wot +
Chain link confidentiality is a form of contingent disclosure.
+{TBW prio 1}
+ +
+
+- contractually protected disclosure #wot +
Usage of schema-based and contract-based controls to limit the exchange of information to provide both mechanical and legal protection on the sharing of data.
+Mechanical protection is composed of sharing the schema of the data to be shared prior to sharing the actual data contents. This mechanical protection is then combined through the IPEX protocol with disclosures of legal contracts to be agreed to prior to sharing the desired data contents.
+Once the legal agreements have been met then the disclosure mechanism exchanges the desired data contents.
+This is also the most elaborate form of disclosure by an IPEX. Contractually protected disclosure includes both chain-link confidential and contingent disclosure.
+ +
+Paraphrased by @henkvancann based on source
+
+
+In identity systems Control Authority is who controls what and that is the primary factor in determining the basis for trust in them. The entity with control authority takes action through operations that affect the
+-
+
- creation (inception) +
- updating +
- rotation +
- revocation +
- deletion +
- and delegation of the authentication factors and their relation to the identifier. +
+
+- controller #wot +
A controller is a controlling entity (person, organization, or autonomous software) of an identifier. For an autonomic identifier (AID), a controlling entity has the capability to make changes to the key event log (KEL) of the AID. This capability is typically asserted by the control of a set of cryptographic keys used by software acting on behalf of the controller, though it might also be asserted via other mechanisms.
+At any point in time, an identifier has at least one but may have more than one controlling entity. This set of controlling entities constitutes the controller. Without loss of generality, when the context is unambiguous, the term controller may refer either to the whole set or a member of the set of controlling entities.
+All key events on the identifier must include a signature from the sole controlling entity when there is only one controlling entity or at least one signature from one of the controlling entities when there is more than one. Typically, when there is more than one controlling entity, control is established via signatures from all or a subset of controlling entities. This is called multi-signature (multi-sig). In a threshold multi-sig scheme, the control authority is split among the controlling entities, where each is assigned a weight. In this case, the control authority over the identifier is established via signatures from a subset of controlling entities whose combined weights exceed an agreed threshold. These thresholded multiple signatures may be expressed as a single collective threshold signature when a collective signing scheme is used.
+The control authority over an identifier can also be divided into signing authority and rotation authority. The controller of the identifier may grant their authority to other entities. For example, in custodial rotation, the controller grants a designated custodial agent the signing authority while retaining their rotation authority. In the case of a delegated identifier, the delegated identifier is granted some degree of control authority from its delegating identifier.
+ +
+
+- cooperative delegation #wot +
The way KERI addresses the security-cost-performance architecture trade-off is via delegation of identifier prefixes. Delegation includes a delegator and a delegate. For this reason we may call this a cooperative delegation. This is a somewhat novel form of delegation. A major advantage of cooperative delegation is the delegator’s key management protects the delegate’s via recovery by the delegator. With cooperative delegation, any exploiter that compromises only the delegate’s authoritative keys may not capture control authority of the delegate. Any exploit of the delegate only is recoverable by the delegator.
+Source Universal Identifier Theory by Samuel Smith
+ +
+
+- coroutines #wot +
Computer programs that can be suspended and resumed at will.
+ +
+
+- correlation #wot +
In our scope this is an identifier used to indicate that external parties have observed how wallet contents are related.
+ +
+
+- count code #wot +
- + + + +
- credential #wot +
Evidence of authority, status, rights, entitlement to privileges, or the like.
+ +
+(source)
+A credential has its current state and a history, which is captured in a doc or a graph.
+
+- CRUD #wot +
Is acronym for the traditional client-server database update policy is CRUD (Create, Read, Update, Delete).
+CRUD as opposed to RUN which is the acronym for the new peer-to-peer end-verifiable monotonic update policy.
+ +
+
+- crypto libraries #wot +
Cryptography libraries deal with cryptography algorithms and have API function calls to each of the supported features.
+ +
+
+- cryptocurrency #wot +
A digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a digital ledger or computerized database using strong cryptography to secure transaction record entries, to control the creation of additional digital coin records.
+ +
+See more on source Wikipedia.
+
+- cryptographic commitment scheme #wot +
is a cryptographic primitive that allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later.
+Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are binding.
+ +
+More on wikipedia
+
+- cryptographic primitive #wot +
Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.
+ +
+More on source Wikipedia-page
+
+- cryptographic strength #wot +
The term "cryptographically strong" is often used to describe an encryption algorithm, and implies, in comparison to some other algorithm (which is thus cryptographically weak), greater resistance to attack. But it can also be used to describe hashing and unique identifier and filename creation algorithms.
+ +
+More on Wikipedia
+
+- cryptonym #wot +
A code name, call sign or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person.
+ +
+Source Wikipedia
+
+- CSPRNG #wot +
means "Cryptographically Secure Pseudorandom Number Generator" which means that a sequence of numbers (bits, bytes...) that is produced from an algorithm which is deterministic (the sequence is generated from some unknown internal state), hence pseudorandom, is also cryptographically secure, or not.
+It is cryptographically secure if nobody can reliably distinguish the output from true randomness, even if the PRNG algorithm is perfectly known (but not its internal state). A non-cryptographically secure PRNG would fool basic statistical tests but can be distinguished from true randomness by an intelligent attacker.
+ +
+(Source: https://crypto.stackexchange.com/questions/12436/what-is-the-difference-between-csprng-and-prng)
+
+- CT #wot +
- + + + +
- custodial agent #wot +
An agent owned by an individual who has granted signing authority to a custodian who is usually also the host of the running agent software. Using partial rotation to facilitate custodial key management the owner of the identifier retains rotational authority and thus the ability to "fire" the custodian at any time without requiring the cooperation of the custodian.
+ +
+
+- custodial rotation #wot +
Rotation based on control authority that is split between two key sets. The first for signing authority and the second (pre-roateted) for rotation authority the associated thresholds and key list can be structured in such a way that a designated custodial agent can hold signing authority while the original controller can hold exclusive rotation authority.
+Partial pre-rotation supports the important use case that of custodial key rotation to authorize a custodial agent.
+ +
+Paraphrased by @henkvancann on the bases of the IETF-KERI draft 2022 by Samual Smith.
+
+- D
+
- DAG #wot
+ - + + + +
- DAR #wot +
- + + + +
- data anchor #wot +
Data anchors are digests of digital data, that uniquely identify this data. The digest is the anchor and can be used to identify - and point to the data at the same time.
+ +
+
+- dead drop #wot +
| TBW | +the presenter controls the disclosure so you can't re-identify the data
+Tech meet KERI recording from minute 55, date June 29 2023.
+ +
+
+- decentralized identifier #wot +
Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID.
+ +
+Source W3C.org.
+
+- decentralized identity #wot +
is a technology that uses cryptography to allow individuals to create and control their own unique identifiers. They can use these identifiers to obtain
+Verifiable Credentialsfrom trusted organizations and, subsequently, present elements of these credentials as proof of claims about themselves. In this model, the individual takes ownership of their own identity and need not cede control to centralized service providers or companies.
+ +KERIs definition of decentralization (centralization) is about control not spatial distribution. In our definition decentralized is not necessarily the same as distributed. By distributed we mean that activity happens at more than one site. Thus decentralization is about control and distribution is about place. To elaborate, when we refer to decentralized infrastructure we mean infrastructure under decentralized (centralized) control no matter its spatial distribution. Thus decentralized infrastructure is infrastructure sourced or controlled by more than oneentity.
+
+- decentralized key management infrastructure #wot +
Decentralized Public Key Infrastructure (DPKI or Decentralized Key Management System (DKMS) goal is to ensure that no single third-party can compromise the integrity and security of the system as as whole.
+ +
+Source
+
+- DEL #wot +
- + + + +
- delegated identifier #wot +
Matches the act of delegation with the appropriate digital twin. Consequently when applied recursively, delegation may be used to compose arbitrarily complex trees of hierarchical (delegative) key management event streams. This is a most powerful capability that may provide an essential building block for a generic universal decentralized key management infrastructure (DKMI) that is also compatible with the demand of generic event streaming applications.
+More in the whitepaper
+ +
+
+- delegation #wot +
A person or group of persons officially elected or appointed to represent another or others.
+ +
+
+- derivation code #wot +
+ +
+
+
+Also 'DAR'. These are representatives of a Legal Entity that are authorized by the Legal Entity to act officially on behalf of the Legal Entity. DARs can authorize:
+-
+
- vLEI Issuer Qualification Program Checklists +
- execute the vLEI Issuer Qualification Agreement +
- provide designate/replace Authorized vLEI Representatives (AVRs). +
Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.
+ +
+
+- DHT #wot +
- + + + +
- DID #wot +
- + + + +
- diger #wot +
A primitive that represents a digest. It has the ability to verify that an input hashes to its raw value.
+ +
+Source by Jason Colburne
+
+- digest #wot +
verifiable cryptographic commitment. It's a collision resistant hash of content.
+From Wikipedia (Source):
+A digest is a cryptographic hash function (CHF) is a mathematical algorithm that maps data of an arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function for which it is practically infeasible to invert or reverse the computation.[1]
+ +
+
+- digital signature #wot +
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
+ +
+
+- dip #wot +
dip = delcept, delegated inception
+ +
+
+- direct mode #wot +
Two primary trust modalities motivated the KERI design, One of these is the direct (one-to-one) mode, in which the identity controller establishes control via verified signatures of the controlling key-pair. The direct mode doesn't use witnesses nor KERLs, but has direct (albeit intermittent) network contact with the validator.
+ +
+
+- directed acyclic graph #wot +
From Wikipedia (source):
+In mathematics, particularly graph theory, and computer science, a directed acyclic graph (DAG /ˈdæɡ/ (listen)) is a directed graph with no directed cycles. That is, it consists of vertices and edges (also called arcs), with each edge directed from one vertex to another.
+
+
+
+
+- discloser #wot +
An ACDC in a disclosure is disclosed by the Discloser.
+ +
+
+- discovery #wot +
A mechanism that helps systems or devices find each other automatically, often used in networks to identify services or resources. In decentralized identifier systems it helps to locate and verify digital identities without relying on a central authority.
+ +
+
+- distributed hash table #wot +
It is a distributed system that provides a lookup service similar to a hash table: key-value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The main advantage of a DHT is that nodes can be added or removed with minimum work around re-distributing keys. Keys are unique identifiers which map to particular values, which in turn can be anything from addresses, to documents, to arbitrary data.
+ +
+(Source: Wikipedia)
+
+- DKMI #wot +
- + + + +
- dnd #wot +
Do Not Delegate is a flag / attribute for a AID and this is default set to you can delegate.
+| TBW |
+ +
+
+- domain #wot +
Trust domain and / or Domain name
+ +
+
+- domain name #wot +
A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are used in various networking contexts and for application-specific naming and addressing purposes.
+ +
+More on Source Wikipedia.
+
+- double spend proof #wot +
The most important feature of a cryptocurrency is that it must be double spend proof. Because KERI's key event operations are idempotent they do not need to be double spend proofed, so we can greatly simplify the distributed consensus algorithm in KERI. Which makes KERI relatively more attractive for many applications including IoT applications by comparison.
+ +
+As a result of the relaxation of double spend proofing, KERI is able to break the distributed consensus algorithm into two halves and simplify it in the process. The two halves are the promulgation half (by witnesses) and the confirmation half (by valdators).
+
+- DPKI #wot +
- + + + +
- drt #wot +
drt = deltate, delegated rotation
+ +
+
+- dual indexed codes #wot +
a context-specific coding scheme, for the common use case of thresholded multi-signature schemes in CESR.
+ +
+
+- dual text binary encoding format #wot +
(ietf-cesr-proof)
+{TBW prio2}
+ +
+
+- duplicitous event log #wot +
This is a record of inconsistent event messages produced by a given controller or witness with respect to a given KERL. The duplicitous events are indexed to the corresponding event in a KERL. A duplicitous event is represented by a set of two or more provably mutually inconsistent event messages with respect to a KERL. Each juror keeps a duplicitous event log (DEL) for each controller and all designated witness with respect to a KERL. Any validator may confirm duplicity by examining a DEL.
+ +
+
+- duplicity detection #wot +
A mechanism to detect duplicity in cryptographically secured event logs.
+ +
+
+- E
+
- E2E #wot
+ - + + + +
- eclipse attack #wot +
An eclipse attack is a P2P network-based attack. Eclipse attack can only be performed on nodes that accept incoming connections from other nodes, and not all nodes accept incoming connections.
+In a bitcoin network, by default, there are a maximum of 117 incoming TCP connections and 8 outgoing TCP connections.
+ +
+Source
+
+- ECR #wot +
- + + + +
- electronic signature #wot +
An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created (e.g., eIDAS in the European Union, NIST-DSS in the USA or ZertES in Switzerland).
+ +
+
+- encrypt‐sender‐sign‐receiver #wot +
An authenticated encryption approach, using PKI. It covers authenticity and confidentiality.
+ +
+
+- end role #wot +
An end role is an authorization for one AID to serve in a role for another AID.
+For example, declaring that your Agent AID is serving in the role of Agent for your business AIDs.
+Source: Phil Feairheller
+ +
+
+- end to end #wot +
Inter-host communication and data flow transformations, considered in motion and at rest.
+-
+
- E2E Security. Inter-host communication must be end-to-end signed/encrypted and data must be stored signed/encrypted. Data is signed/encrypted in motion and at rest. +
- E2E Provenance. Data flow transformations must be end-to-end provenanced using verifiable data items (verifiable data chains or VCs). Every change shall be provenanced. +
Paraphrased from source Universal Identifier Theory by Samuel Smith
+ +
+
+- end verifiable #wot +
When a log is end verifiable, it means that the log may be verified by any end user that receives a copy. No trust in intervening infrastructure is needed to verify the log and validate the content.
+ +
+
+- engagement context role #wot +
A person that represents the Legal Entity in a functional or in another context role and is issued an ECR vLEI Credential.
+ +
+
+- entity #wot +
entity in the #essiflab glossary.
+ +
+
+- entropy #wot +
-
+
The term entropy is also used to describe the degree of unpredictability of a message. Entropy is then measured in bits. The degree or strength of randomness determines how difficult it would be for someone else to reproduce the same large random number. This is called collision resistance.
+ +
+
+ - ephemeral #wot +
Lasting for a markedly brief time. Having a short lifespan.
+ +
+In the context of identifiers is often referred to as identifiers for one time use; or throw-away identifiers.
+
+- escrow #wot +
'Escrow' as a noun is a (legal) arrangement in which a third party temporarily holds money or property until a particular condition has been met.
+'Escrow' as a verb: we use it in protocol design to handle out of order events. Store the event and wait for the other stuff to show up and then continue processing of the event. So escrowing is the process of storing this event. We root back to the event later.
+ +
+
+- escrow state #wot +
The current state of all the temporary storage locations (what events are waiting for what other information) that KERI protocol needs to keep track of, due to its fully asynchronous nature.
+ +
+
+- ESSR #wot +
- + + + +
- establishment event #wot +
A key creation or rotation event that establishes or transfers control authority for an identifier.
+Establishment events indicate which key pairs are authoritative (controlling) for an identifier at a given point in time.
+The subset of a key event log (KEL) that are establishment events are an ordered subsequence of the full KEL.
+For a non-transferable identifier this is one authoritative key pair and it never changes so there will only ever be one establishment event, the inception event.
+For transferable identifiers there can be multiple establishment events which would include the initial rotation event and any subsequent rotation events.
+Source Sam Smith
+ +
+
+- exn #wot +
exn = exchange
+ +
+
+- exp #wot +
exp = expose, sealed data exposition
+ +
+
+- extensible business reporting language #wot +
XBRL is the open international standard for digital business reporting, managed by a global not for profit consortium, XBRL International.
+ +
+
+- F
+
- FFI #wot
+ - + + + +
- field map #wot +
A traditional
+key:valuepair renamed to avoid confusing with the cryptographic use of the term 'key'.To avoid confusion with the cryptographic use of the term key we instead use the term field to refer to a mapping pair and the terms field label and field value for each member of a pair. These pairs can be represented by two tuples e.g (
+ +label, value). We qualify this terminology when necessary by using the term field map to reference such a mapping.
+
+- first seen #wot +
"First seen" in KERI is the first verified event, accepted in the KEL. It has no effect on the timing of what has arrived in escrow for example; in escrow there can be garbage. Every 'first seen' event is propagated world wide within micro-seconds to the watchers. Only in this microseconds windows that you could have a live key conprise attack. If that happens, this where you have to look after this duplicity-attack a bit more in depth to handle it safely. E.g. a valid key rotation.
+ +
+
+- foreign function interface #wot +
Is a mechanism by which a program written in one, usually an interpreted (scripted), programming language that can call routines or make use of services written or compiled in another one.
+ +
+More on Source: https://en.wikipedia.org/wiki/Foreign_function_interface
+
+- frame code #wot +
- + + + +
- full disclosure #wot +
A disclosure of data in all its details.
+When used in the context of selective disclosure, full disclosure means detailed disclosure of the selectively disclosed attributes not detailed disclosure of all selectively disclosable attributes. Whereas when used in the context of partial disclosure, full disclosure means detailed disclosure of the field map that was so far only partially disclosed.
+ +
+
+- fully compact #wot +
The most compact form of an ACDC. This is the only signed variant of an ACDC and this signature is anchored in a transaction event log (TEL) for the ACDC. +This is one valid choice for an ACDC schema.
+ +
+This form is part of the graduated disclosure mechanism in ACDCs.
+
+- fully expanded #wot +
The most user-friendly version of an ACDC credential. It doesn't need to be signed and typically is not signed since the most compact version which is signed can be computed from this form and then the signature can be looked up in the transaction event log of the ACDC in question.
+Regarding the graduated disclosure objective this form is the one with the highest amount of disclosure for a given node of an ACDC graph.
+ +
+
+- G
+
- GAR #wot
+ GLEIF authorized representative
+ +
+GLEIF Ecosystem Governance Framework v1.0 Glossary
+
+- ghost credential #wot +
Is a valid credential within in a 90 days grace period (the revocation transaction time frame before it's booked to revocation registry). {TBW prio 3}
+ +
+
+- GLEIF #wot +
Global Legal Entity Identifier Foundation
+ +
+
+
+A representative of GLEIF authorized to perform the identity verifications requirements needed to issue the QVI vLEI Credential.
+Source: Draft vLEI Ecosystem Governance Framework Glossary.
+ +
+
+- GLEIS #wot +
Global Legal Entity Identifier System
+ +
+
+- governance framework #wot +
Also called 'Governance structure'. Governance frameworks are the structure of a government and reflect the interrelated relationships, factors, and other influences upon the institution. Governance frameworks structure and delineate power and the governing or management roles in an organization. They also set rules, procedures, and other informational guidelines.
+ +
+More in source Wikipedia.
+
+- GPG #wot +
- + + + +
- graduated disclosure #wot +
selectively disclosing more data as time and/or necessity progresses.
+Disclosure performed by a presentation exchange that has cross-variant (see compact variant) Issuer commitment verifiability as an essential property. It supports graduated disclosure by the Disclosee of any or all variants wether it be full, compact, metadata, partial, selective, bulk issued, or contractually protected.
+ +
+Paraphrased by @henkvancann based on source
+
+- graph fragment #wot +
An ACDC is a verifiable data structure and part of a graph, consisting of a node property and one or two edge proporties.
+
+
+
+- group code #wot +
- + + + +
- group framing code #wot +
special framing codes can be specified to support groups of primitives in CESR. Grouping enables pipelining. Other suitable terms for these special framing codes are group codes or count codes for short. These are suitable terms because these framing codes can be used to count characters, primitives in a group, or groups of primitives in a larger group when parsing and off-loading a stream of CESR primitives.\
+ +
+Source
+
+- H
+
- hab #wot
+ A Hab is a keystore for one identifier. The Python implementation in KERIpy, also used by KERIA uses LMDB to store key material and all other data.
+Many Habs are included within and managed by a Habery.
+ +
+
+- habery #wot +
The only hit (2022) in a Google search pointing to a github site 'habery DOT github DOT io' is NOT related.
+ +
+
+- hardware security module #wot +
A HSM is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.
+ +
+More in source Wikipedia
+
+- hierarchical asynchronous coroutines and input output #wot +
- + + + +
- hierarchical composition #wot +
Encoding protocol that is composable in a hierarchy and enables pipelining (multiplexing and de-multiplexing) of complex streams in either text or compact binary. This allows management at scale for high-bandwidth applications.
+ +
+
+- hierchical deterministic keys #wot +
A HDK type is a type of deterministic bitcoin wallet derived from a known seed, that allow for the creation of child keys from the parent key. Because the child key is generated from a known seed there is a relationship between the child and parent keys that is invisible to anyone without that seed. The HD protocol (BIP 32) can generate a near infinite number of child keys from a deterministically-generated seed (chain code) from its parent, providing the functionality of being able to recreate those exact same child keys as long as you have the seed.
+ +
+More at W3 source
+
+- hio #wot +
Weightless hierarchical asynchronous coroutines and I/O in Python.
+ +
+Rich Flow Based Programming Hierarchical Structured Concurrency with Asynchronous IO.
+
+- HSM #wot +
- + + + +
- I
+
- I O #wot
+ - + + + +
- IANA #wot +
- + + + +
- icp #wot +
icp = incept, inception
+ +
+
+- identifier #wot +
Something to uniquely identify (public) identities; pointing to something or someone else.
+ +
+
+- identifier system #wot +
Verifiable Credentials (VCs) and the emerging role of the LEI: Verifiable Credentials are digitally signed credentials that are not only tamper-resistant but capable of being verified in decentralized manner. vLEIs are based on the Trust over IP Authentic Chained Data Container (ACDC) specification (based on the Key Event Receipt Infrastructure (KERI) protocol (github.com/WebOfTrust/keri), both Internet Engineering Task Force (IETF) draft specifications). +Verifiable Credentials are digitally signed credentials that are not only tamper-resistant but capable of being verified in decentralized manner. vLEIs are based on the Trust over IP Authentic Chained Data Container (ACDC) specification (based on the Key Event Receipt Infrastructure (KERI) protocol (github.com/WebOfTrust/keri), both Internet Engineering Task Force (IETF) draft specifications). +More info on GLEIF site
+ +
+
+- identity #wot +
A unique entity. Typically represented by a unique identifier.
+ +
+
+- identity assurance #wot +
The heavy-lifting to be done by a trusted (middle-man) party to establish - and then offer reputational trust. An example of such a party is GLEIF. Instead, KERI is for attributional trust. In the real world you need both.
+ +
+Read more in source Universal Identifier Theory
+
+- inception #wot +
The operation of creating an AID by binding it to the initial set of authoritative keypairs and any other associated information. This operation is made verifiable and duplicity evident upon acceptance as the inception event that begins the AID's KEL.
+ +
+Source Sam Smith
+
+- inception event #wot +
The inception data must include the public key, the identifier derivation from that public key, and may include other configuration data. The identifier derivation may be simply represented by the
+ +derivation code. A statement that includes the inception data with attached signature made with the private key comprises a cryptographic commitment to the derivation and configuration of the identifier that may be cryptographically verified by any entity that receives it.
+A KERI inception statement is completely self-contained. No additional infrastructure is needed or more importantly must be trusted in order to verify the derivation and initial configuration (inception) of the identifier. The initial trust basis for the identifier is simply the signed inception statement.
+(SamMSmith)
+
+- inconsistency #wot +
If a reason, idea, opinion, etc. is inconsistent, different parts of it do not agree, or it does not agree with something else. Data inconsistency occurs when similar data is kept in different formats in more than one file. When this happens, it is important to match the data between files.
+ +
+
+- indexed signature #wot +
Also called siger. An indexed signature attachment is used when signing anything with a multi-key autonomic identifier. The index is included as part of the attachment, so a verifier knows which of the multiple public keys was used to generate a specific signature.
+ +
+Source:Philip Feairheller
+
+- indirect mode #wot +
Two primary trust modalities motivated the KERI design, One these is the indirect (one-to-many) mode, which depends on witnessed key event re- ceipt logs (KERL) as a secondary root-of-trust for validating events. This gives rise to the acronym KERI for key event receipt infrastructure.
+ +
+The indirect mode extends that trust basis with witnessed key event receipt logs (KERL) for validating events. The security and accountability guarantees of indirect mode are provided by KA2CE or KERI’s Agreement Algorithm for Control Establishment among a set of witnesses.
+Source: Abstract KERI white paper
+
+- input output #wot +
In computing, input/output (I/O, or informally io or IO) is the communication between an information processing system, such as a computer, and the outside world, possibly a human or another information processing system. Inputs are the signals or data received by the system and outputs are the signals or data sent from it. The term can also be used as part of an action; to "perform I/O" is to perform an input or output operation.
+ +
+
+- inquisitor #wot +
In the ACDC context it's a general term for someone (in a validating role) that launches an inquiry at some KERI witness.
+ +
+
+- integrity #wot +
Integrity (of a message or data) means that the information is whole, sound, and unimpaired (not necessarily correct). It means nothing is missing from the information; it is complete and in intended good order. (Source: Neil Thomson)
+ +
+
+- Interactive authentication design #wot +
A group of approaches having an interactive mechanism that requires a set of requests and responses or challenge responses with challenge response replies for secure authentication.
+ +
+More in source Keri Request Authentication Mechanism (KRAM) by Samuel Smith
+
+- interceptor #wot +
a keria class that allows to push events that are happening inside the cloud agent to other backend processes. +It is similar to the notifier class but it is used to "notify" other web services.
+ +
+
+- interleaved serialisation #wot +
Serializations of different types interleaved in an overarching format
+ +
+
+- internal inconsistency #wot +
Internal is used to describe things that exist or happen inside an entity. In our scope of digital identifiers its (in)consistency is considered within the defining data structures and related data stores.
+In KERI we are protected against internal inconsistency by the hash chain datastructure of the KEL, because the only authority that can sign the log is the controller itself.
+ +
+
+
+- + + + +
- interoperability #wot +
Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange.
+ +
+More on source Wikipedia
+
+- interoperable #wot +
- + + + +
- IPEX #wot +
- + + + +
- iss #wot +
iss = vc issue, verifiable credential issuance
+ +
+
+- issuance and presentation exchange protocol #wot +
provides a uniform mechanism for the issuance and presentation of ACDCs in a securely attributable manner.
+ +
+
+- issuance event #wot +
The initial transaction event log event anchored to the issuing AID’s key event log that represents the issuance of an ACDC credential.
+
+Source: Philip Feairheller.It's a sort of "inception event" of a verifiable credential.
+ +
+
+- issuance exchange #wot +
A special case of a presentation exchange where the Discloser is the Issuer of the origin (Primary) ACDC of the DAG formed by the set of chained ACDCs so disclosed.
+In an issuance exchange, when the origin ACDC has an Issuee, the Disclosee MAY also be the origin ACDC's Issuee.
+ +
+
+- issuee #wot +
An ACDC is optionally issued to the Issuee. When present, the Issuee identifier (AID) appears at the top level of the attribute section or in the attribute list at the top level of the attribute aggregate section of the ACDC.
+ +
+
+- issuer #wot +
An ACDC is issued by the Issuer. The Issuer identifier (AID) appears in the top level of the ACDC.
+ +
+
+- ixn #wot +
JSON field name (attribute) for Interaction Event; its content (value) contains a hash pointer. All TEL events are anchored in a KEL in either ixn (interaction) or rot (rotation events). This is the foundation enabling a verifiable credential protocol to be built on top of KERI.
+ +
+Source Kent Bull 2023
+
+- J
+
- javascript object notation #wot
+ - + + + +
- javascript object signing and encryption #wot +
Related:
+ +JWK,JWT. More info
+
+- JOSE #wot +
- + + + +
- JSON #wot +
JavaScript Object Notation. JSON is a language-independent data format. It was derived from JavaScript. It's an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other serializable values).
+ +
+More on source Wikipedia
+
+- judge #wot +
A judge is an entity or component that examines the entries of one or more KERLs and DELs of a given identifier to validate that the event history is from a non-duplicitous controller and has been witnessed by a sufficient number of non-duplicitous witnesses such that it may be trusted or conversely not-trusted by a validator.
+ +
+
+- juror #wot +
A juror has a simpler task of performing duplicity detection on events and event receipts.
+ +
+
+- jury #wot +
The jury is the set of entities or components acting as jurors.
+ +
+
+- K
+
- KA2CE #wot
+ - + + + +
- KAACE #wot +
- + + + +
- keep #wot +
Is KERI's and ACDC's user interface that uses the keripy agent for its backend. It uses the REST API exposed from the keripy agent.
+ +
+Source: Philip Feairheller
+
+- KEL #wot +
- + + + +
- KERI #wot +
- + + + +
- keri command line interface #wot +
- + + + +
- keri event stream #wot +
A stream of verifiable KERI data, consisting of the key event log and other data such as a transaction event log. This data is a CESR event stream (TODO: link to IANA application/cesr media type) and may be serialized in a file using CESR encoding. We refer to these CESR stream resources as KERI event streams to simplify the vocabulary.
+Source
+ +did:websToIP specification
+
+- keri improvement doc #wot +
These docs are modular so teams of contributors can independently work and create PRs of individual KIDs; KIDs answer the question "how we do it". We add commentary to the indivudual KIDs that elaborate on the why. It has been split from the how to not bother implementors with the why.
+ +
+
+- keri ox #wot +
The RUST programming-language implementation of the KERI protocol.
+ +
+
+- keri request authentication method #wot +
All requests from a web client must use KRAM (KERI Request Authentication Method) for reply attack protection. The method is essentially based on each request body needing to include a date time string field in ISO-8601 format that must be within an acceptable time window relative to the server's date time.
+ +
+Source SKWA GitHub repo, more info in HackMD.io write-up
+
+- keri suite #wot +
The KERI suite is the set of inter-related developments (KERI, ACDC, OOBI, CESR, IPEX, etc) under the Web-of -Trust user on Github
+ +
+
+- keri suite search engine #wot +
KERISSE is the Docusaurus self-education site of Web-of-Trust GitHub repo with Typesense search facilities. Because of its focus on well-versed developers in the field of SSI and the support of their journey to understand the structure of the code and how things work in the KERI suite it's more a search engine that drills down on documentation.
+ +
+
+- keria #wot +
KERI Agent in the cloud. The KERIA service will expose 3 separate HTTP endpoints on 3 separate network interfaces.
+-
+
- Boot Interface - Exposes one endpoint for Agent Worker initialization. +
- Admin Interface - The REST API for command and control operations from the Signify Client. +
- KERI Protocol Interface - CESR over HTTP endpoint for KERI protocol interactions with the rest of the world. +
More at Source Github repo
+ +
+
+- keride #wot +
is a Rust programming language library for Key Event Receipt Infrastructure. Among its features +is CESR, signing, prefixing, pathing, and parsing.
+ +
+More on Github repo
+
+- keridemlia #wot +
It is a contraction of KERI and Kademlia. It's the distributed database of Witness IP-addresses based on a Distributed Hash Tabel. It also does the CNAME - stuff that DNS offers for KERI: the mapping between an identifier and it's controller AID stored in the KEL to its current wittness AID and the wittness AID to the IP address. +(@henkvancann)
+ +
+
+- KERIMask #wot +
A wallet similar to MetaMask, the manifestation will be a browser extension and it will connect to KERIA servers in order for a person to control AIDs from their browser.
+ +
+
+- keripy #wot +
The Python programming-language implementation of the KERI protocol.
+ +
+
+- KERISSE #wot +
- + + + +
- KERL #wot +
- + + + +
- key #wot +
In our digital scope it's a mechanism for granting or restricting access to something. MAY be used to issue and prove, MAY be used to transfer and control over identity and cryptocurrency. More
+ +
+
+- key compromise #wot +
More in the security sections of Universal Identifier Theory
+ +
+
+- key event #wot +
Concretely, the serialized data structure of an entry in the key event log for an AID. Abstractly, the data structure itself. Key events come in different types and are used primarily to establish or change the authoritative set of keypairs and/or anchor other data to the authoritative set of keypairs at the point in the key event log actualized by a particular entry.
+ +
+Source Sam Smith
+
+- key event log #wot +
KELs are hash-chained Key Events. These are blockchains in a narrow definition, but not in the sense of ordering (not ordered) or global consensus mechanisms (which is not needed). (SamMSmith)
+A KEL is KERI's VDS: the proof of key state of its identifier.
+ +
+
+- key event message #wot +
Message whose body is a key event and whose attachments may include signatures on its body.
+ +
+Source Sam Smith
+
+- key event receipt #wot +
Message whose body references a key event and whose attachments MUST include one or more signatures on that key event.
+ +
+Source Sam Smith
+
+- key event receipt infrastructure #wot +
Also
+KERI. It's a new approach to decentralized identifiers and decentralized key management that promises significant benefits forSSI(self-sovereign identity) andToIP(Trust over IP) infrastructure.
+(@drummondreed)KERI is an identifier system that fixes the internet. It's a fully decentralized permission-less key management architecture. It solves the
+ +secure attribution problemto its identifiers and allows portability.
+(@henkvancann)
+
+- key event receipt log #wot +
Signed Key Events, keeping track of establishment events. To begin with the inception event and any number of rotation events. We call that the establishment subsequence. +The Key Event Receipt Logs are built from receipts of events signed by the witnesses of those events (these are called commitments); these are also append-only but not hash-chained. +(@henkvancann)
+
+ +
+
+- key management #wot +
management of cryptographic keys in a crypto-system. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys (also rotation). It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
+Successful key management is critical to the security of a crypto-system. It is the more challenging side of cryptography in a sense that it involves aspects of social engineering such as system policy, user training, organizational and departmental interactions, and coordination between all of these elements, in contrast to pure mathematical practices that can be automated.
+More on wikipedia
+ +
+
+- key pair #wot +
is a private key and its corresponding public key resulting from a one-way crypto-graphical function; a key pair is used with an asymmetric-key (public-key) algorithm in a so called Public Key Infrastructure (PKI).
+ +
+
+- key state #wot +
Includes the set of currently authoritative keypairs for an AID and any other information necessary to secure or establish control authority over an AID.
+ +
+Source Sam Smith
+
+- key stretching #wot +
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key.
+ +
+
+- key transparency #wot +
Key Transparency does this by using piece of blockchain technology called a Merkle Tree.
+ +
+More on Stackexchange how key transparency works.
+(@henkvancann)
+
+- keystore #wot +
A keystore in KERI is the encrypted data store that hold the private keys for a collection of AIDs.
+ +
+Source: Philip Feairheller.
+
+- KID #wot +
- + + + +
- kli #wot +
- + + + +
- KRAM #wot +
- + + + +
- ksn #wot +
ksn = state, key state notice
+ +
+
+- L
+
- large language model #wot
+ A large language model (LLM) is a language model consisting of a neural network with many parameters (typically billions of weights or more), trained on large quantities of unlabeled text using self-supervised learning or semi-supervised learning.
+ +
+More on Source Wikipedia
+
+- lead bytes #wot +
In order to avoid confusion with the use of the term pad character, when pre-padding with bytes that are not replaced later, we use the term lead bytes. So lead-bytes are added "pre-conversion".
+ +
+
+- ledger backer #wot +
A witness in KERI that is ledger-registered. It's a type of backer that proof its authenticity by a signing key anchored to the public key of a data item on a (public) blockchain.
+ +
+
+- legal entity #wot +
Unique parties that are legally or financially responsible for the performance of financial transactions or have the legal right in their jurisdiction to enter independently into legal contracts.
+ +
+
+- legal entity engagement context role vlei credential governance framework #wot +
A document that details the requirements for vLEI Role Credentials issued to representatives of a Legal Entity in other than official roles but in functional or other context of engagement.
+ +
+Source: Draft vLEI Ecosystem Governance Framework Glossary.
+
+- legal entity official organizational role vlei credential governance framework #wot +
A document that details the requirements for vLEI Role Credentials issued to official representatives of a Legal Entity.
+ +
+Source: Draft vLEI Ecosystem Governance Framework Glossary.
+
+- legal entity vlei credential governance framework #wot +
A document that details the requirements for vLEI Credential issued by a Qualified vLEI Issuer to a Legal Entity.
+ +
+
+- legitimized human meaningful identifier #wot +
An AID and its associated self-certifying trust basis gives rise to a trust domain for associated cryptographically verifiable non-repudiable statements. Every other type of identifier including human meaningful identifiers may then be secured in this resultant trust domain via an end-verifiable authorization. This authorization legitimizes that human meaningful identifier as an LID through its association with an AID. The result is a secured trust domain specific identifier couplet of aid|lid.
+ +
+
+- LEI #wot +
Legal Entity Identifier
+ +
+
+- levels of assurance #wot +
KERI has the same LOAs for entropy and trust in human behavior preserving the security of key pairs and preserving their own privacy. It has high LOAs for the cryptographic bindings of controllers and identifiers. Also the validation of witnesses and watchtowers has high a LOA.
+ +
+
+- LID #wot +
- + + + +
- liveness #wot +
On wikipedia
+ +
+
+- LoA #wot +
- + + + +
- LoC #wot +
- + + + +
- loci of control #wot +
Locus of control is the degree to which people believe that they, as opposed to external forces (beyond their influence), have control over the outcome of events in their lives. Also 'LoC'.
+ +
+More on wikipedia
+
+- locked state #wot +
The default status a KERI data store is in once it has been created using a passcode; it is by default encrypted.
+ +
+
+- M
+
- management TEL #wot
+ - + + + +
- management transaction event log #wot +
A 'management TEL' will signal the creation of the Virtual Credential Registry (VCR) and track the list of Registrars that will act as Backers for the individual _ transaction event logs (TELs)_ for each virtual credential (VC).
+ +
+
+- message #wot +
serialized data structure event, an actionable message
+ +
+
+- messagepack #wot +
- + + + +
- MFA #wot +
- + + + +
- moobi #wot +
Multi OOBI would allow to share a bunch of different end-points (oobis) all at once. A way for a single store to share multiple endpoints for that store.
+ +
+
+- most compact #wot +
An ACDC that, for a given level of disclosure, is as compact as it can be which means
+-
+
- it has the SAIDs for each section that are not disclosed +
- it has expanded sections that are disclosed +
Multiple forms of a single ACDC can be called the "most compact" version given that each level of graduated disclosure will have a "most compacted" version. If all the blocks are expanded of a most compact version then it becomes fully expanded. If all the blocks are replaced with SAIDs then it becomes fully compacted.
+This form is a part of the graduated disclosure objective.
+ +
+
+- multi factor authentication #wot +
Authentication by combining multiple security factors. Well-known factors are what you know, what you have and what you are.
+| TBW |
+ +
+
+- multi valent #wot +
A delegator may have multiple delegates thereby enabling elastic horizontal scalability. Multiple delegates from a single delegator. Furthermore, each delegate may act as a delegator for its own delegates to form a nested delegation tree.
+
+This allows mapping key management infrastructures to any hierarchically structured organization's computing infrastructure. With this construction, both security and performance trade-offs may be made as appropriate. Such an extended delegation setup we call a multivalent key management infrastructure.
+
Source Universal Identifier Theory by Samuel Smith
+ +
+
+- multicodec #wot +
Is a self-describing multi-format, it wraps other formats with a tiny bit of self-description. A multi-codec identifier is both a variant (variable length integer) and the code identifying data.
+See more at GitHub Multi-codec
+Multi-codec is an agreed-upon codec table. It is designed for use in binary representations, such as keys or identifiers (i.e CID). It is then used as a prefix to identify the data that follows.
+ +
+
+- multiplexing #wot +
In telecommunications and computer networking, multiplexing (sometimes contracted to muxing) is a method by which multiple analog or digital signals are combined into one signal over a shared medium. The aim is to share a scarce resource - a physical transmission medium.
+ +
+More on source Wikipedia-page
+
+- multisig #wot +
also multi-signature or multisignature; is a digital signature scheme which allows a group of users to sign a single piece of digital data.
+ +
+Paraphrased by @henkvancann from Wikipedia source
+
+- N
+
- naive conversion #wot
+ Non-CESR Base64 conversion. How people are used to using the Base64 encode and decode. Without pre-padding etc all the stuff CESR does to ensure aligns on 24 bit boundaries so CESR never uses the '=' pad character. But naive Base64 will pad if the length is not 24 bit aligned.
+
+Source: Samuel Smith in issue 34Naive conversion is a text to binary conversion or vice versa that doesn't anticipate on either composability and / or on the concatenation capability of the result of such an operation.
+ +
+
+- namespace #wot +
In an identity system, an identifier can be generalized to a namespace to provide a systematic way of organizing identifiers for related resources and their attributes. A namespace is a grouping of symbols or identifiers for a set of related objects.
+A namespace employs some scheme for assigning identifiers to the elements of the namespace. A simple name-spacing scheme uses a prefix or prefixes in a hierarchical fashion to compose identifiers. The following is an example of a namespace scheme for addresses within the USA that uses a hierarchy of prefixes:
+
+state.county.city.zip.street.number. +An example element in this namespace may be identified with the following:
+
+ +utah.wasatch.heber.84032.main.150S. +
+
+- ndigs #wot +
Digests of public keys, not keys themselves. The reason to use ndigs is to prove control over public keys or to hide keys. It's used in Keripy and consists of a list of qualified base64 digests of public rotation key derivations.
+ +
+
+- nested cooperative delegated identifiers #wot +
More in chapter Nested Delegation Recovery of the whitepaper
+ +
+
+- NFT #wot +
- + + + +
- non establishment event #wot +
A key event tieing or anchoring a data payload to the key event log of an identifier. This data payload includes a set of one or more seals each of which anchor data to the key event.
+
+The data payload event may be used to make verifiable, authoritative statements on behalf of the identifier controller.
+These might include authorizations of encryption keys, communication routes, service endpoints, and so forth.Transactions or workflows composed of non-establishment events are secured by virtue of being included in the verifiable key event +sequence with the verifiable authoritative establishment events.
+A non-establishment event is a key event that does not change the current key-state for an AID.
+Source KERI Whitepaper Section 7.22 page 46
+ +
+Source Sam Smith
+
+- non fungible token #wot +
Sometimes an NFT doesn't only uniquely represent a digital asset. It can be the digital twin of - and is also (hopefully) backed by - a real-life asset. Even in this perspective KERI and ACDC are more emcompassing too, because in the KERI/ACDC case we are dealing with globally portable unique digital twins, not anchored to (read
+ +locked in) a blockchain.
+
+- non interactive authentication design #wot +
A group of approaches having non-interactive mechanisms that pose unique problems because they do not allow a challenge response reply handshake. A request is submitted that is self-authenticating without additional interaction. The main benefits of non-interactive authentication are scalability and path independent end-to-end verifiability. These benefits become more important in decentralized applications that employ zero-trust architectures.
+ +
+More in source Keri Request Authentication Mechanism (KRAM) by Samuel Smith
+
+- non normative #wot +
A theory is called non-normative if it does not do what has described under 'Normative'. In general, the purpose of non-normative theories is not to give answers, but rather to describe possibilities or predict what might happen as a result of certain actions.
+ +
+Source.
+
+- non repudiable #wot +
Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract, signature or commitment.
+ +
+The term is often seen in a legal setting when the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".
+
+- non transferable #wot +
No capacity to transfer (the control over) a certain digital asset in an unobstructed or loss-less manner. As opposed to transferable.
+For example not legally transferable to the ownership of another entity.
+ +
+
+- non transferable identifier #wot +
Controlling keys over this identifier cannot be rotated and therefore this identifier is non-transferable to other control.
+ +
+An identifier of this type has specific positive features like short-lived, peer to peer, one-time use, discardable, etc. that are very practical in certain use cases. Moreover non-transferable identifiers are much easier to govern than persistent identifiers that are transferable.
+
+- normative #wot +
a theory is “normative” if it, in some sense, tells you what you should do - what action you should take. If it includes a usable procedure for determining the optimal action in a given scenario.
+ +
+Source.
+
+- O
+
- official organizational role #wot
+ Also 'OOR'. A person that represents the Legal Entity in an official organizational role and is issued an OOR vLEI Credential.
+ +
+Source Draft vLEI Ecosystem Governance Framework Glossary.
+
+- one way function #wot +
In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here, "easy" and "hard" are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems.
+ +
+More on Wikipedia
+
+- OOBI #wot +
- + + + +
- OOR #wot +
- + + + +
- opcode #wot +
Opcodes are meant to provide stream processing instructions that are more general and flexible than simply concatenated primitives or groups of primitives.
+ +
+
+- out of band introduction #wot +
Out-of-band Introductions (OOBIs) are discovery and validation of IP resources for KERI autonomic identifiers. Discovery via URI, trust via KERI.
+The simplest form of a KERI OOBI is a namespaced string, a tuple, a mapping, a structured message, or structured attachment that contains both a KERI AID and a URL. The OOBI associates the URL with the AID. In tuple form this abstractly:
+
+(url, aid) +and concretely
+
+ +("http://8.8.5.6:8080/oobi", "EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM") +
+
+- owner #wot +
Owner in ToIP glossary
+ +
+
+- ownership #wot +
Ownership in ToIP glossary
+ +
+
+- P
+
- P2P #wot
+ - + + + +
- pad #wot +
is a character used to fill empty space, because many applications have fields that must be a particular length.
+ +
+Source
+
+- parside #wot +
is a bunch of generators. Responsible for pulling out a stream of bits from a CESR stream and parse it. +Sam Smith suggested for Parside to not iterate stuff, only parse chunks delimited by the count code. (Source Cesride: meeting Feb 2 2023)
+ +
+
+- partial disclosure #wot +
An ACDC attribute section can be a nested branch in a tree. Partial disclosure is the weaker version because you can either decide to disclose or not. Selective disclosure is more fine grained.
+ +
+
+- partial pre rotation #wot +
- + + + +
- partial rotation #wot +
The pre-rotation mechanism supports partial pre-rotation or more exactly partial rotation of pre-rotated keypairs. It's a rotation operation on a set of pre-rotated keys that may keep some keys in reserve (i.e unexposed) while exposing others as needed.
+Partial rotation serves two important purposes:
+ +Paraphrased by @henkvancann on the bases of the IETF-KERI draft 2022 by Samual Smith.
+ +
+
+- passcode #wot +
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity.
+ +
+More on source Wikipedia
+
+- pathing #wot +
It was designed send to sign portions of a credential. Designed for complex cases like
+-
+
- a credential embedded in another credential +
- multiple signers, only signing portions of a credential (partial signing) +
In these cases we provide a path (using SAD path language) to what is signed. +We have never used it for credentials, however we do need it for +forwarding in KERI embedded messages - see video discussion.
+ +
+
+- payload #wot +
The term 'payload' is used to distinguish between the 'interesting' information in a chunk of data or similar, and the overhead to support it. It is borrowed from transportation, where it refers to the part of the load that 'pays': for example, a tanker truck may carry 20 tons of oil, but the fully loaded vehicle weighs much more than that - there's the vehicle itself, the driver, fuel, the tank, etc. It costs money to move all these, but the customer only cares about (and pays for) the oil, hence, 'pay-load'. Source.
+ +
+
+- peer to peer #wot +
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer network of nodes
+More on source Wikipedia
+ +
+
+- percolated information discovery #wot +
Invasion percolation is a specific variant of percolation theory that models the infiltration of a fluid into a porous medium. It is used to study how a fluid, such as a gas or liquid, spreads through a random network of interconnected sites or pores.
+The invasion process follows the principle of least resistance, where the fluid seeks the path of least resistance through the porous medium. As the invasion progresses, the fluid selectively infiltrates the sites with lower resistance, forming a connected cluster of invaded sites. The invaded cluster grows by adding new invaded sites through the neighboring dry sites with the lowest resistance.
+ +
+
+- persistent data structure #wot +
An append only verifiable data structure. What we sign may not change.
+ +
+
+- persistent identifier #wot +
- + + + +
- PGP #wot +
- + + + +
- PID #wot +
- + + + +
- pii #wot +
personally identifiable information
+ +
+
+- pipelining #wot +
In computing, a pipeline, also known as a data pipeline, is a set of data processing elements connected in series, where the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion. Some amount of buffer storage is often inserted between elements.
+ +
+More on source Wikipedia-page
+
+- PKI #wot +
- + + + +
- post pad #wot +
the action and / or result of extending a string with trailing pad characters to align to a certain length in bits or bytes.
+ +
+
+- post quantum #wot +
In cryptography, post-quantum cryptography (PQC) (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer.
+ +
+More on source Wikipedia
+
+- pre pad #wot +
the action and / or result of prepending a string with leading pad characters to align to a certain length in bits or bytes.
+ +
+
+- pre rotation #wot +
Cryptographic commitment to next rotated key set in previous rotation or inception event.
+ +
+
+- prefix #wot +
A prefix that is composed of a basic Base-64 (URL safe) derivation code pre-pended to Base-64 encoding of a basic public digital signing key.
+
+Including the derivation code in the prefix binds the derivation process along with the public key to the resultant identifier.+
+An example of the prefix with a one character derivation code and a 32 byte public key encoded into a 44 character Based-64 string follows: +
+BDKrJxkcR9m5u1xs33F5pxRJP6T7hJEbhpHrUtlDdhh0
+
+
+- presentation exchange #wot +
An exchange that provides disclosure of one or more ACDCs between a Discloser and a Disclosee.
+A presentation exchange is the process by which authenticatable information may be exchanged between two parties, namely, the Discloser and Disclosee.
+ +
+
+- pretty good privacy #wot +
Is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
+ +
+More on wikipedia
+So also the often confusing GPG term.
+
+- primary root of trust #wot +
In KERI a root-of-trust that is cryptographically verifiable all the way to its current controlling key pair in a PKI.
+The characteristic primary is one-on-one related to the entropy used for the creation of (the seed of) the private keys.
+ +
+
+- primitive #wot +
In general in computing a 'primitive' is the simplest type of programming language item. It may also refer to the smallest processing unit accessible by a programmer.
+ +
+Source
+
+- privacy #wot +
Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.
+The domain of privacy partially overlaps with security, which can include the concepts of appropriate use and protection of information. Privacy may also take the form of bodily integrity.
+ +
+More on source Wikipedia
+
+- privacy washing #wot +
De-identification so that it provides a personal data safe harbour and could be legally acceptable forwarded.
+ +
+
+- PRNG #wot +
means "Pseudorandom Number Generator" which means that a sequence of numbers (bits, bytes...) is produced from an algorithm which looks random, but is in fact deterministic (the sequence is generated from some unknown internal state), hence pseudorandom.
+Such pseudorandomness can be cryptographically secure, or not. It is cryptographically secure if nobody can reliably distinguish the output from true randomness, even if the PRNG algorithm is perfectly known (but not its internal state). A non-cryptographically secure PRNG would fool basic statistical tests but can be distinguished from true randomness by an intelligent attacker.
+ +
+(Source: https://crypto.stackexchange.com/questions/12436/what-is-the-difference-between-csprng-and-prng)
+
+- promiscuous mode #wot +
It is the mode a watcher runs in. A watcher uses the same code as a witness. However a watcher does so "lacking standards of selection; acting without careful judgment; indiscriminate". Or "Showing little forethought or critical judgment; casual."
+ +
+Source
+
+
+Proof that somebody or something has certain rights or permissions. It's about data. Whereas proof of authorship is about data and its original creator.
+ +
+A proof-of-authority provides verifiable authorizations or permissions or rights or credentials.
+
+
+Proof that somebody or something has originally created certain content. It's about data's inception. Whereas proof-of-authority is about rights attached to this data.
+For example, a signature constitutes direct proof of authorship; less directly, handwriting analysis may be submitted as proof of authorship of a document.[21] Privileged information in a document can serve as proof that the document's author had access to that information; such access might in turn establish the location of the author at certain time, which might then provide the author with an alibi.
+ +
+Source
+
+- protocol #wot +
Generic term to describe a code of correct conduct. Also called "etiquette": a code of personal behavior.
+ +
+
+- provenanced #wot +
The act of verifying authenticity or quality of documented history or origin of something
+ +
+
+- pseudo random number #wot +
A (set of) value(s) or element(s) that is statistically random, but it is derived from a known starting point and is typically repeated over and over. Pseudo-random numbers provide necessary values for processes that require randomness, such as creating test signals or for synchronizing sending and receiving devices in a spread spectrum transmission.
+It is called "pseudo" random, because the algorithm can repeat the sequence, and the numbers are thus not entirely random.
+ +
+Source
+
+- PTEL #wot +
- + + + +
- public key infrastructure #wot +
Is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
+
+More on Wikipedia
+ +
+
+- public transaction event log #wot +
The KEL is used to establish control authority over the keys used to commit to the events of the TEL and sign the VC. The events of the TEL are used to establish the issuance or revocation state of the VCs issued by the controller of the identifier represented by the KEL.
+ + +
+
+- public verifiable credential registry #wot +
is a form of a Verifiable Data Registry that tracks the issuance/revocation state of credentials issued by the controller of the KEL.
+Two types of TELs will be used for this purpose. The first type of TEL is the management TEL and will signal the creation of the Registry and track the list of Registrars that will act as Backers for the individual TELs for each VC. The second type of TEL is the VC TEL which will track the issued or revoked state of each VC and will contain a reference to it's corresponding management TEL.
+ +
+
+- Q
+
- QAR #wot
+ - + + + +
- qry #wot +
qry = query
+ +
+
+- qualified #wot +
When qualified, a cryptographic primitive includes a prepended derivation code (as a proem) that indicates the cryptographic algorithm or suite used for that derivation. This simplifies and compactifies the essential information needed to use that cryptographic primitive. All cryptographic primitives expressed in either text or binary CESR are qualified by definition [CESR-ID]. Qualification is an essential property of CESR [CESR-ID].¶
+ +
+Sam Smith, IETF-keri
+
+- qualified vlei issuer #wot +
The contracting party to the vLEI Issuer Qualification Agreement that has been qualified by GLEIF as a Qualified vLEI Issuer.
+ +
+Source: Draft vLEI Ecosystem Governance Framework Glossary.
+
+- qualified vlei issuer vlei credential governance framework #wot +
A document that details the requirements to enable this Credential to be issued by GLEIF to Qualified vLEI Issuers which allows the Qualified vLEI Issuers to issue, verify and revoke Legal Entity vLEI Credentials, Legal Entity Official Organizational Role vLEI Credentials, and Legal Entity Engagement Context Role vLEI Credentials.
+ +
+
+- QVI #wot +
- + + + +
- R
+
- race condition #wot
+ A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of the possible behaviors is undesirable.
+ +
+Source.
+
+- rainbow table attack #wot +
A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes. After the user enters their password to login, it is converted to hashes, and the result is compared with the stored hashes on the server to look for a match. If they match, the user is authenticated and able to log
+ +
+More on source
+
+- rct #wot +
rct = receipt
+ +
+
+- read update nullify #wot +
Read, update, nullify are a set of actions you (or a server) can take on data. "Read" means to view it, "update" means to change it, and "nullify" means to invalidate it, but not "Delete" it. Mind you, there's also no "Create".
+ +
+
+- receipt #wot +
event message or reference with one or more witness signatures.
+See Also:
+ +
+key event receipt
+
+- receipt log #wot +
ordered record of all key event receipts for a given set of witnesses
+ +
+
+- redundant credential #wot +
Multiple credentials issued by the same issuer (e.g. a QVI). They do not have anything to do with each other. They are independently valid.
+ +
+
+- registrar #wot +
identifiers that serve as backers for each transaction event log (TEL) under its provenance. This list of Registrars can be rotated with events specific to a certain type of TEL. In this way, a Registrar is analogous to a Backer in KERI KELs and Registrar lists are analogous to Backer lists in KERI KELs.
+ +
+
+- registry #wot +
In our digital mental model it's an official digital record book. When people refer to a registry, they usually mean a specific instance, within a multi-tenant registry. E.g. Docker Hub is a multi-tenant registry, where there’s a set of official / public images.
+ +
+
+- replay attack #wot +
A replay attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants. The added danger of replay attacks is that a hacker doesn't even need advanced skills to decrypt a message after capturing it from the network. The attack could be successful simply by resending the whole thing.
+ +
+More on how it works and stopping replay attacks at source
+
+- repo #wot +
Software is our line of work. In this, 'repo' is the short hand for 'Repository', mostly referring to a software repo(sitory) on Github.com, Gitlab (https://gitlab.com) or other software repository hosting services.
+ +
+
+- reputation #wot +
Consistent behaviour over time on the basis of which anyone else makes near-future decisions.
+ +
+Source: Samuel Smith at IIW37.
+
+- reputational trust #wot +
Established by a trusted party offering Identity Assurance.
+ +
+
+- reserve rotation #wot +
One important use case for partial rotation is to enable pre-rotated key pairs designated in one establishment event to be held in reserve and not exposed at the next (immediately subsequent) establishment event.
+ +
+Source IETF-KERI draft 2022 by Samual Smith.
+
+- rev #wot +
rev = vc revoke, verifiable credential revocation
+ +
+
+- revocation #wot +
Revocation is the act of recall or annulment. It is the cancelling of an act, the recalling of a grant or privilege, or the making void of some deed previously existing.
+ +
+More on source Wikipedia
+
+- revocation event #wot +
- + + +
- ricardian contract #wot +
The Ricardian contract, as invented by Ian Grigg in 1996, is a method of recording a document as a contract at law, and linking it securely to other systems, such as accounting, for the contract as an issuance of value.
+ +
+It is robust through use of identification by cryptographic hash function, transparent through use of readable text for legal prose and efficient through markup language to extract essential information.
+More at source Wikipedia
+
+- RID #wot +
- + + + +
- root autonomic identifier #wot +
An entity may provide the root-of-trust for some ecosystem (with delegation )via its root AID. Let’s call this the RID for "root AID". The RID must be protected using the highest level of security in its key management. Although through the use of a multi-valent key management infrastructure, the entity can employ extreme protection of the RID while still enabling more performant key management infrastructure for its operations.
+ +
+Source Universal Identifier Theory by Samuel Smith
+
+- root of trust #wot +
Replace human basis-of-trust with cryptographic root-of-trust. With verifiable digital signatures from asymmetric key cryptography we may not trust in “what” was said, but we may trust in “who” said it.
+
+The root-of-trust is consistent attribution via verifiable integral non-repudiable statements.A root of trust is a foundational component or process in the identity system that is relied on by other components of the system and whose failure would compromise the integrity of the bindings. A root of trust might be primary or secondary depending on whether or not it is replaceable. Primary roots of trust are irreplaceable. Together, the roots of trust form the trust basis for the system.
+ +
+
+- rot #wot +
JSON field name (attribute) for Rotation Event; its content (value) contains a hash pointer. All TEL events are anchored in a KEL in either ixn (interaction) or rot (rotation events). This is the foundation enabling a verifiable credential protocol to be built on top of KERI.
+ +
+Source Kent Bull 2023
+
+- rotation #wot +
The operation of revoking and replacing the set of authoritative key pairs for an AID. This operation is made verifiable and duplicity evident upon acceptance as a rotation event that is appended to the AID's KEL.
+ +
+Source Sam Smith
+
+
+The (exclusive) right to rotate the authoritative key pair and establish changed control authority.
+ +
+
+- rotation event #wot +
An establishment event representing a transfer of root control authority of an identifier from the current set of controlling keys to new set committed to in the prior establishment event (inception or rotation) as the pre-rotated key pair set.
+
+Source KERI Whitepaper Section 7.21 page 46This event provides the information needed to change the key-state including a change to the set of authoritative keypairs for an AID.
+ +
+Source Sam Smith
+
+- rpy #wot +
rpy = reply
+ +
+
+- RUN #wot +
The acronym for the new peer-to-peer end-verifiable monotonic update policy is RUN (Read, Update, Nullify).
+RUN as opposed to CRUD which is the traditional client-server database update policy.
+ +
+
+- run off the crud #wot +
RUN off the CRUD
+RUN stands for Read , Update, Nullify. Why is it preferred ('run off') over the CRUD (Create, Update, Delete)?
+Consider the need to protect 'authentic data' in a decentralized environment.
+In a decentralized control model, the data always originates from a controller (aka client). The data created (sourced) by the controller follows the principle of 'Non-Interactive Replay Monotonicity' to be able to protect the data from a replay (events are changed) or a deletion (some events are deleted) attacks. That is to say, the data (or events comprising it) is never deleted, it's rather always added to via updates. Each update, therefore, forms a verifiable, continuous log ( e.g. by providing growing sequence number, date timestamp, etc for each update). To enable invalidation of data, a special update, called Nullify, is used.
+The client, therefore, updates the server (it's peer or peers), which just maintains the log following certain rules (see BADA - Best Available Data Acceptance).
+To summarise, the server can only Read the log, add Updates to it, including Nullifying ones. So no Create or Delete.
+ +
+
+- S
+
- SAD #wot
+ - + + + +
- SAID #wot +
- + + + +
- sally #wot +
is an implementation of a verification service and acting as a reporting server. It is purpose-built software for the vLEI ecosystem to allow participants in the vLEI ecosystem present credentials, so the GLEIF Reporting API can show what vLEIs are; issued to Legal Entities.
+ +
+
+- salt #wot +
- + + + +
- salter #wot +
A primitive that represents a seed. It has the ability to generate new Signers.
+ +
+Source by Jason Colburne
+
+- salty nonce blinding factor #wot +
For ease of sharing a secret and hiding information with this secret of Blindable State TELs we use a Salty Nonce Blinding Factor. You’d like to hide the state of certain credentials to some verifiers in the future, while keeping the state verifiable for others.
+ +
+
+- SATP #wot +
- + + + +
- schema namespace registry #wot +
a centrally managed schema registry where corporations or individuals reserve schemas within a specific namespace in order to have an interoperable schema that is labeled with a corporation-specific or individual-specific namespace.
+ +
+
+- schema registry #wot +
Central registry for credential schemas based on namespaces.
+ +
+
+- SCID #wot +
- + + + +
- seal #wot +
A cryptographic commitment in the form of a cryptographic digest or hash tree root (Merkle root) that anchors arbitrary data or a tree of hashes of arbitrary data to a particular event in the key event sequence.
+
+Source KERI Whitepaper section 7.23 page 47A seal is a cryptographic proof in a secondary root-of-trust (e.g. TEL) that is anchored in a primary-root-of-trust (e.g.KEL).
+ +
+Source Same Smith
+
+- secondary root of trust #wot +
In KERI its a root-of-trust that, for its secure attribution, depends on another verifiable data structure (VDS) which MUST be a primary root-of-trust.
+ +
+By its nature and cryptographic anchoring via seals to a primary root-of-trust, a secondary root-of-trust still has a high level of trustability and can be automatically verified.
+
+- secure #wot +
- + + + +
- secure asset transfer protocol #wot +
KERI has portable identifiers per definition. KERI identifier are not locked into silos like distributed ledgers. KERI IDs have their own native hash-chained data structures (KEL, KERL and TEL).
+ +
+
+- secure attribution #wot +
In short: secure attribution is "whodunit?!" in cyberspace.
+Secure attribution is strongly related to making and proving statements. A controller makes statements to the a validator or verifier, who in turn validates the statements issued. A controller "owns" the statement: content and attribution via digital signatures.
+ +
+Secure attribution of a statement is a way of proving that the statement is an authentic statement of thecontroller.
+
+- secure private authentic confidentiality #wot +
ToIP Trust Spanning Layer Group realized we do have a secure authentication layer (KERI) but we don't have a secure confidentiality and privacy mechanism. Sam Smith proposes SPAC paper to define this. +Related: +https://www.usenix.org/system/files/sec22-cohen.pdf
+ +
+
+- security #wot +
'secure' is free from or not exposed to danger or harm; safe. For identifiers security typically means secure from exploit or compromise. More specifically an identifier is secure with respect to an entity if there is a mechanism by which that entity may prove it has control over the identifier.
+ +
+
+- security cost performance architecture trade off #wot +
The degree of protection offered by a key management infrastructure usually forces a trade-off between security, cost, and performance.
+ +
+Typically, key generation happens relatively infrequently compared to event signing. But highly secure key generation may not support highly performant signing. This creates an architecture trade-off problem.
+Paraphrased from source Universal Identifier Theory by Samuel Smith
+
+- security overlay properties trillema #wot +
An identifier system has some degree of any combination of the three properties authenticity, privacy and confidentiality, but not all three completely.
+ +
+
+- seed #wot +
In cryptography a 'seed' is a pseudorandomly generated number, often expressed in representation of a series of words.
+ +
+Paraphrased from wikipedia
+
+- selective disclosure #wot +
Selective disclosure is a from partial disclosure that has a different cryptographic fundament: a sort of cryptographic aggregator (not an accumulator).
+Selective disclosure is a list of field maps. You can choose to blind and publish every single field map, but you have to disclosure all the field maps, either blinded or published.
+It is an aggregator because you have to disclosure all the blinded fields when you do the selective disclosure.
+ +
+
+- self addressing data #wot +
While all KERI event messages are self-addressing data (SAD), there is a broad class of SADs that are not KERI events but that require signature attachments. ACDC Verifiable credentials fit into this class of SADs. With more complex data structures represented as SADs, such as verifiable credentials, there is a need to provide signature attachments on nested subsets of SADs.
+ +
+(Philip Feairheller, ietf-cesr-proof)
+
+- self addressing identifier #wot +
A terse way to describe a SAID and its data is to write an expression that consists of the token
+ +SAIDfollowed by a token with field names in canonical order, where the field containing the SAID itsef is marked by the suffix=said. For example, the saidification of a simpleContactInfodata structure might be given asSAID(name, address, phone, email, id=said).
+
+- self certifying identifier #wot +
A Self-Certifying Identifier (SCID) cryptographically binds an identifier to a public and private key pair. It is an identifier that can be proven to be the one and only identifier tied to a public key using cryptography alone.
+ +
+
+- self framing #wot +
a textual encoding that includes type, size, and value is self-framing.
+ +
+Source Samual M Smith
+
+- self sovereign identity #wot +
Self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transactions with one another.
+ +
+Paraphrased by @henkvancann, sources eSSIF-lab and ToIP.
+
+- self sovereignty #wot +
Self sovereignty in Trust over IP wiki.
+ +
+
+- server sent event #wot +
Mailbox notifications; a streaming service for the agent U/I, to get notifications from the KERI system itself.
+ +
+
+- service endpoint #wot +
In our context we consider a web service endpoint which is a URL at which clients of specific service can get access to the service.
+ +
+
+- signed digest #wot +
commitment to content, by digitally signing a digest of this content.
+ +
+
+- signer #wot +
A primitive that represents a private key. It has the ability to create Sigers and Cigars (signatures).
+ +
+Source by Jason Colburne
+
+- signify #wot +
Signify is a web client (key) event signing - and key pair creation app that minimizes the use of KERI on the client.
+The main reason is that we want to minimize what needs to be put in the client or the cloud. Most proofs should be cryptographically verifiable and it should not be able to be repudiated (successful pointing fingers should be prevented), and this happens when the signatures come straight from the controller.
+ +
+
+- signify keria request authentication protocol #wot +
SKRAP is a client to the KERIA server. Mobile clients will be using SKRAP to connect to KERI AIDs via agents in the new, multi-tenant Mark II Agent server, KERIA. +Also, browser extensions will use SKRAP in order to use a wallet similar to MetaMask, except it will be KERIMask, and it will be a browser extension. +KERIMask will connect to KERIA servers in order for a person to control AIDs from their browser extension.
+SKRAP is also usable from HSMs and hardware wallets because the keys from the hardware wallet, along with some app code, connect through SKRAP to agents running in a KERIA server.
+Signify signs things at the edge. This includes ACDCs. KERIA will be used to send communications between agents. The things KERIA sends are signed by Signify.
+Source: Kent Bull in KERI Slack May 2023
+ +
+
+
+The authority to sign on behalf of the controller of the authoritative key pair. Often in situation where delegation has taken place, e.g. a custodial agent. These are limited rights because rotation authority is not included.
+ +
+
+- signing threshold #wot +
Is the minimum number of valid signatures to satisfy the requirement for successful verification in a Threshold Signature Scheme.
+ +
+
+- simple keri for web auth #wot +
A KERI implementation that sacrifices performance or other non-security feature for usability. In general a narrow application of KERI may not require all the features of KERI but those features that it does support must still be secure.
+ +
+More on source Github Repo SKWA.
+
+- single signature identifier #wot +
or single sig identifier; is an identifier controlled by a one-of-one signing keypair
+ +
+
+- SKRAP #wot +
- + + + +
- SKWA #wot +
- + + + +
- sniffer #wot +
The sniffer is part of Parside and detects if the CESR stream contains CESR binary, CESR Text, JSON, CBOR, MGPK.
+ +
+
+- solicited issuance #wot +
The issuance of a Legal Entity vLEI Credentials, OOR vLEI Credentials and ECR vLEI Credentials upon receipt by the QAR of a Fully Signed issuance request from the AVR(s) of the Legal Entity.
+ +
+Source: Draft vLEI Ecosystem Governance Framework Glossary.
+
+- source of truth #wot +
The source of truth is a trusted data source that gives a complete picture of the data object as a whole.
+ +
+Source: LinkedIN.
+
+- SPAC #wot +
- + + + +
- spanning layer #wot +
An all encompassing layer horizontal layer in a software architecture. Each trust layer only spans platform specific applications. It bifurcates the internet trust map into domain silos (e.g. twitter.com), because there is no spanning trust layer.
+
+ +
+
+- spurn #wot +
Reject. The verb 'spurn' is originated in IPEX specification.
+{TBW}
+ +
+
+- SSI #wot +
- + + + +
- ssi system #wot +
The SSI Infrastructure consists of the technological components that are deployed all over the world for the purpose of providing, requesting and obtaining data for the purpose of negotiating and/or executing electronic transactions. +Paraphrased by @henkvancann based on source eSSIF-lab
+ +
+
+- stale event #wot +
A stale key event is an outdated or irrelevant (key) event involving an expired encryption key that may compromise security.
+ +
+
+- stale key #wot +
A stale key is an outdated or expired encryption key that should no longer be used for securing data
+ +
+
+- strip parameter #wot +
tells us what part of the CESR stream will be parsed by which code.
+ +
+
+- sub shell #wot +
A subshell is basically a new shell just to run a desired program. A subshell can access the global variables set by the 'parent shell' but not the local variables. Any changes made by a subshell to a global variable is not passed to the parent shell.
+ +
+Source
+
+- supermajority #wot +
Sufficient majority that is labeled immune from certain kinds of attacks or faults.
+ +
+
+- T
+
- TCP #wot
+ - + + + +
- tcp endpoint #wot +
This is a service endpoint of the web transmission control protocol
+ +
+
+- TEE #wot +
- + + + +
- TEL #wot +
- + + + +
- text binary concatenation composability #wot +
An encoding has composability when any set of self-framing concatenated primitives expressed in either the text domain or binary domain may be converted as a group to the other domain and back again without loss.
+ +
+
+- tholder #wot +
t-holder object that supports fractionally-weighted thresholds
+ +
+
+- threshold of accountable duplicity #wot +
The threshold of accountable duplicity (TOAD) is a threshold number
+Mthat the controller declares to accept accountability for an event when any subsetMof theNwitnesses confirm that event. The thresholdMindicates the minimum number of confirming witnesses the controller deems sufficient given some numberFof potentially faulty witnesses, given thatM >= N - F. This enables a controller to provide itself with any degree of protection it deems necessary given this accountability.Note that what may be sufficient for a controller may not be sufficient for a validator. To clarify, let
+ +MCdenote the threshold size of a sufficient agreement from the perspective of a controller and letMVdenote the threshold size of a sufficient agreement from the perspective of a validator. Typically,MV >= MC.
+
+- threshold signature scheme #wot +
or TSS; is a type of digital signature protocol used by Mutli-party Computation (MPC) wallets to authorize transactions or key state changes.
+ +
+Source Cryptoapis
+
+- threshold structure security #wot +
Threshold structures may be employed in a complementary manner to trusted execution environments (TEE) for security. The two types of security are complementary.
+ +
+
+- TOAD #wot +
- + + + +
- top level section #wot +
The fields of an ACDC in compact variant. The value of a top level section field is either the SAD or the SAID of the SAD of the associated section. +An Issuer commitment via a signature to any variant of ACDC (compact, full, etc) makes a cryptographic commitment to the top-level section fields shared by all variants of that ACDC.
+ +
+Paraphrased by @henkvancann based on source.
+
+- TPM #wot +
- + + + +
- trans contextual value #wot +
Value that is transferrable between contexts
+ +
+
+- transaction event log #wot +
An externally anchored transactions log via cryptographic commitments in a KEL.
+
+ +
+
+- transfer off ledger #wot +
The act of transferring control authority over an identifier from a ledger (or blockchain) to the native verifiable KERI data structure Key Event Log.
+ +
+
+- transferable #wot +
Capable of being transferred or conveyed from one place or person to another. Place can be its and bits. +The adjective transferable also means 'Negotiable', as a note, bill of exchange, or other evidence of property, that may be conveyed from one person to another by indorsement or other writing; capable of being transferred with no loss of value. As opposed to non-transferable.
+ +
+Source
+
+- transferable identifier #wot +
Control over the identifier can be transferred by rotating keys.
+
+A synonym is 'persistent identifier'.{TBW prio 1}
+ +
+
+- transmission control protocol #wot +
One of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP).
+ +
+More on source Wikipedia.
+
+- trust domain #wot +
A trust domain is the ecosystem of interactions that rely on a trust basis. A trust basis binds controllers, identifiers, and key-pairs. For example the Facebook ecosystem of social interactions is a trust domain that relies on Facebook’s identity system of usernames and passwords as its trust basis.
+ +
+(Source whitepaper)
+
+- trust spanning protocol #wot +
Protocol using VIDs that signs every single message on the internet and makes them verifiable.
+ +
+
+- trusted execution environment #wot +
SGX, TrustZone, an HSM, a TPM, or other similarly protected hardware/software/firmware environment
+ +
+
+- trusted platform module #wot +
A device that enhances the security and privacy (of identity systems) by providing hardware-based cryptographic functions.
+ +
+
+- ts node #wot +
npm package that lets you run typescript from a shell
+ +
+
+- TSP #wot +
- + + + +
- U
+
- UI #wot
+ - + + + +
- uniform resource locator #wot +
A Uniform Resource Locator (URL), colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.
+ +
+
+- univalent #wot +
In identifier systems, univalent means having a unique and non-ambiguous identifier for each entity or resource. This means that there is a one-to-one correspondence between the identifiers and the entities, and that no two different entities share the same identifier. +Source: Bing chat, Sept 2023
+ +
+
+- unsolicited issuance #wot +
Issuance of a Legal Entity vLEI Credential upon notice by a QAR to the AVR(s) of the Legal Entity that a Legal Entity vLEI Credential has been solicited on the Legal Entity’s behalf.
+ +
+Source: Draft vLEI Ecosystem Governance Framework Glossary.
+
+- URL #wot +
- + + + +
- user interface #wot +
A user interface (UI or U/I) is the space where interactions between humans and machines occur.
+ +
+
+- V
+
- validate #wot
+ ESSIF-lab definition of validate. Although this definition is very general, in the KERI/ACDC vocabulary 'validate' currently has extra diverse meanings extending the one of eSSIF-lab, such as
+-
+
- evaluate +
- verify +
In contrast, validator and verifier have been clearly outlined in the WebofTrust vocabulary.
+ +
+
+- validator #wot +
determines current authoritative key set for identifier from at least one key event (receipt) log. Types:
+-
+
- Validator of any verifiable data structure +
- Validator as a node in distributed consensus or participant +
Validator and verifier are close to synonyms for our purposes.
+A
+ +validatorin KERI and ACDC is anybody that wants to establish control-authority over an identifier, created by the controller of the identifier. Validators verify the log, they apply duplicity detection or they leverage somebody else's duplicity detection or apply any other logic so they can say "Yes, these are events I can trust".
+
+- VC #wot +
- + + + +
- VC TEL #wot +
- + + + +
- vcp #wot +
vcp = vdr incept, verifiable data registry inception
+ +
+
+- vdr #wot +
- + + + +
- VDS #wot +
- + + + +
- veracity #wot +
The quality of being true; contrast authenticity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).
+ +
+
+- verfer #wot +
A primitive that represents a public key. It has the ability to verify signatures on data.
+ +
+Source by Jason Colburne
+
+- verifiable #wot +
able to cryptographically verify a certain data structure on its consistency and its authenticity
+ +
+
+- verifiable credential #wot +
- + + + +
- verifiable data registry #wot +
a Verifiable Data Structure that has actual content.
+ +
+It contains either a log of signed statements or a cryptographic commitment (digest) to those statements (via a Merkle tree or hash chained data structure).
+
+- verifiable data structure #wot +
A verifiable data structure is a data structure that incorporates cryptographic techniques to ensure the integrity and authenticity of its contents. It allows users to verify the correctness of the data stored within the structure without relying on a trusted third party. +Source ChatGPT
+ +
+
+- verifiable identifier #wot +
Cryptographically verifiable authentic decentralized identifier (verfiable DID)
+ +
+
+- verifiable legal entity identifier #wot +
Here at Rapidlei.
+ +
+
+- verified integrity #wot +
A mechanism that can unambiguously assess whether the information is/continues to be whole, sound and unimpaired
+ +
+
+- verifier #wot +
the entity that (cryptographically) verifies data received from peers (check structure, signatures, dates). More narrowly defined for the KERI suite: cryptographically verifies signature(s) on an event message.
+Notice the subtile difference between validator and verifier.
+ +
+
+- verify #wot +
Verify in eSSIF-lab glossary
+ +
+
+- verify signature #wot +
Applying an algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity.
+
+
+
+
+- version code #wot +
tells you which set of tables to load, it tells the table state. It's a unique code. what version of the table is going to load.
+ +
+
+- version string #wot +
The Version String in JSON, CBOR and MGPK is a workaround to make those self-framing.
+ +
+
+- VID #wot +
- + + + +
- virtual credential transaction event log #wot +
will track the issued or revoked state of each virtual credential (VC) and will contain a reference to its corresponding management transaction event log (management TEL).
+ +
+
+- vLEI #wot +
- + + + +
- vlei credential #wot +
Credential concerning a verifiable Legal Entity Identifier, residing in the GLEIS and compliant with one or more of the GLEIF Governance Frameworks
+ +
+
+- vlei ecosystem governance framework #wot +
The Verifiable LEI (vLEI) Ecosystem Governance Framework Information Trust Policies. It's a document that defines the information security, privacy, availability, confidentiality and processing integrity policies that apply to all vLEI Ecosystem Members.
+ +
+Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.
+
+- vlei role credential #wot +
A vLEI credential that attests a role.
+{TBW prio 3}
+ +
+
+- vrt #wot +
vrt = vdr rotate, verifiable data registry rotation
+ +
+
+- W
+
- wallet #wot
+ A crypto wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions and digital identifiers.
+ +
+Paraphrased by @henkvancann from source Wikipedia
+
+- watcher #wot +
KERI alternative to total global ordering and consensus protocols is a mechanism called duplicity detection. In the verification and validation watchers are all that matter; they guarantee that logs are immutable by one very simple rule: "first seen wins".
+ +
+
+- web of trust #wot +
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other
+OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner.
+Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). As with computer networks, there are many independent webs of trust, and any user (through their identity certificate) can be a part of, and a link between, multiple webs. The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP.
+More on Wikipedia
+ +
+
+- well known witnesses #wot +
Don't use the creation of well-known witnesses in a production environment, but for running tests it's suitable.
+ +
+
+- witness #wot +
In KERI and ACDC context, a witness is an entity or component designated (trusted) by the controller of an identifier. The primary role of a witness is to verify, sign, and keep events associated with an identifier. A witness is the controller of its own self-referential identifier which may or may not be the same as the identifier to which it is a witness.
+An identifier witness therefore is part of its trust basis and may be controlled (but not necessarily so) by its controller. The purpose of a pool of witnesses is to protect the controller from external exploit of its identifier.
+ +
+The term Backer and Witness are closely related in KERI but not synonyms or interchangeable.
+
+- X
+
- XBRL #wot
+ - + + + +
- Z
+
- zero trust #wot
+ a Zero Trust approach trusts no one.
+ +
+
+- zero trust computing #wot +
Best practices for implementation of an autonomic identifier system should follow zero trust computing principles. These principles are described at more length elsewhere but may be summarized as follows:
+-
+
- Network Hostility. The network is always hostile, internally & externally; Locality is not trustworthy. Solutions must provide means to mitigate network layer security vulnerabilities (man-in-the-middle, DNS hijacking, BGP attacks). +
- E2E Security. Inter-host communication must be end-to-end signed/encrypted and data must be stored signed/encrypted. Data is signed/encrypted in motion and at rest. +
- E2E Provenance. Data flow transformations must be end-to-end provenanced using verifiable data items (verifiable data chains or VCs). Every change shall be provenanced. +
- Verify every-time for every-thing. Every network interaction or data flow must be authenticated and authorized using best practice cryptography. +
- Authorization is behavioral. Policies for authentication and authorization must be dynamically modified based on behavior (reputation). +
- No single point of trust. Policies for authentication and authorization must be governed by end-verified diffuse-trust distributed consensus. Policy is protected by diffuse trust. +
- Hosts locked down. Hosts or host components executing any of the logic mentioned above must be locked down. Any changes to the host execution logic or behavior must be fully security tested and validated over the respective possible combinations of hardware and software platform. This means locking down key management and cryptographic operations on the devices. This includes key generation and storage, as well as signature generation and signature verification. These may benefit from the use of some form of trusted execution environment (TEE) either generally or specially as in a trusted platform module (TPM) or a hardware security module (HSM). In addition to key management and cryptographic operations, special security measures must be implemented regarding secure execution of the application logic (e.g. code injection, insecure object references, cross-site/service request forgery, cross-service scripting, etc.). +
Source: Universal Identity Theory by Samuel Smith
+ +
+