version 0.12



Published objects are called resources.

All objects published to a journal are signature objects, with the payload requiring additional parameters. No additional data is allowed in the unsigned section of the object.

These resources may be referenced by a URI containing the publishers key fingerprint and the signature identifier.


Where the term "resource" is used, it is meant the container object which contains only a single entry in the schemas property, which is the URI to the signature schema.


The signature payload deserialized object must contain properties defined in the resource schema.

When an object is referred to as a resource, e.g. "an identity resource", the object referred to is the deserialized signature payload.

See the example at the bottom of this document for more details.

Revoked Resource

If a requested resource has been revoked, the resource should not be sent. Instead, the revocation resource should be sent.

Resource Identifier

The resource identifer is the identifier of the signed object.

Resource URI

All published resources should be referenced using a URI where only the scheme name, host, and path are allowed:

For example, a URI which looks like sdmp://<HOST>/<PATH>, e.g.


would have the following parts:

Note that the URI host references the user, and not the node who actually published the resource.

Interpreting URI References

References of the form sdmp://<HOST>/<PATH> should be interpreted to be a reference to the resource published by the user identified by <HOST> and having a resource identifier of <PATH>.

References of the form sdmp://<HOST> should be interpreted to be a reference to the published identity resource of the user identified by the <HOST> value.

References of the form sdmp://<HOST> are equivalent to a request of the form sdmp://<HOST>/<PATH> where <PATH> is the resource identifier of the identity resource.

E.g., if h6FWg...jgusYA references the published identity resource for the user GlvAre...U91A8Q, the following URIs would be equivalent:



Suppose a user publishes


The deserialized payload object contains information tying a resource to a user.

This deserialized payload object contains the following properties:

resource (object)

Holds the resource object properties.

This contains the following reserved properties:

resource.user (string, required)

The key fingerprint of the user the node is publishing for.

If the resource is being published by a user, it is the key fingerprint of the user publishing the resource. (string, optionally required)

If the resource is generated by a node, this field is required.

The resource identifier of the trust authorizing the node to publish resources on behalf of the user.


  "$schema": "",
  "type": "object",
  "properties": {
    "resource": {
      "type": "object",
      "properties": {
        "publisher": {
          "type": "string"
        "user": {
          "type": "string"
        "trust": {
          "type": "string"
      "required": [ "publisher" ]
  "required": [ "resource" ]