Conformance v0.2 (draft)

This page defines what it means to claim Universal Manifest v0.2 conformance.

v0.2 adds an interoperable integrity profile on top of v0.1:

• canonicalization: JCS (RFC 8785)
• signature: Ed25519
• encoding: base64url

Conformance targets

Consumer (Verifier)

A consumer claiming v0.2 support MUST:

1. Validate required fields and @type includes lan:Manifest.
2. Enforce TTL: MUST NOT use if now > expiresAt.
3. Verify signature per the v0.2 profile:
   • signature.algorithm === "Ed25519"
   • signature.canonicalization === "JCS-RFC8785"
   • remove signature, canonicalize using JCS, verify Ed25519 signature
4. Ignore unknown fields safely (same forward-compat rule as v0.1).

If verification fails, the manifest MUST be rejected for use (it may be retained for debugging).

Issuer (Signer)

An issuer claiming v0.2 support MUST:

1. Produce a v0.2 manifest (manifestVersion: "0.2") with required fields.
2. Remove signature from the signing input.
3. Canonicalize using JCS (RFC 8785) and sign with Ed25519.
4. Embed the signature envelope fields as defined by v0.2.

Fixtures (conformance tests)

To claim v0.2 conformance, an implementation MUST:

1. Accept all valid fixtures
2. Reject all invalid fixtures

Valid fixtures (v0.2)

• /harness/fixtures/v0.2/minimal-signed-manifest.jsonld

Invalid fixtures (v0.2)

• /harness/fixtures/v0.2/invalid/missing-signature.jsonld
• /harness/fixtures/v0.2/invalid/invalid-signature.jsonld

Quick visual check

• /harness/index.html (load the v0.2 fixture and use “Verify signature”)

Next

• v0.2 signature profile overview: Specification → v0.2
• Runtime resolver obligations: Conformance → Resolver