zone.stratos.actor.enrollment

lexicon.northsky.app

Schema Diff

+1 -1

From

CID
bafyreiejh64n6u3...
Indexed At
2026-03-21 15:01 UTC
View this version

To

CID
bafyreihjlzckoss...
Indexed At
2026-03-26 17:07 UTC
View this version

Compatibility Analysis

Backward Compatible

No changes detected.

1 1 
{
2 2 
  "id": "zone.stratos.actor.enrollment",
3 3 
  "defs": {
4 4 
    "main": {
5 5 
      "key": "any",
6 6 
      "type": "record",
7 7 
      "record": {
8 8 
        "type": "object",
9 9 
        "required": [
10 10 
          "service",
11 11 
          "signingKey",
12 12 
          "attestation",
13 13 
          "createdAt"
14 14 
        ],
15 15 
        "properties": {
16 16 
          "service": {
17 17 
            "type": "string",
18 18 
            "format": "uri",
19 19 
            "description": "The Stratos service endpoint URL where this user's private data is stored."
20 20 
          },
21 21 
          "createdAt": {
22 22 
            "type": "string",
23 23 
            "format": "datetime",
24 24 
            "description": "Timestamp when the enrollment was created."
25 25 
          },
26 26 
          "boundaries": {
27 27 
            "type": "array",
28 28 
            "items": {
29 29 
              "ref": "zone.stratos.boundary.defs#Domain",
30 30 
              "type": "ref"
31 31 
            },
32 32 
            "maxLength": 50,
33 - 
            "description": "List of boundaries the user has access to on this Stratos service."
33 + 
            "description": "Service-qualified boundaries the user has access to on this Stratos service, each in '{serviceDid}/{domainName}' format."
34 34 
          },
35 35 
          "signingKey": {
36 36 
            "type": "string",
37 37 
            "description": "The user's P-256 public key as a did:key string, generated by the Stratos service for user-level record signing."
38 38 
          },
39 39 
          "attestation": {
40 40 
            "ref": "#serviceAttestation",
41 41 
            "type": "ref",
42 42 
            "description": "Service attestation vouching for the user's enrollment, boundaries, and signing key."
43 43 
          }
44 44 
        }
45 45 
      },
46 46 
      "description": "A record indicating the user is enrolled in a Stratos service. Published to the user's PDS during OAuth enrollment for endpoint discovery by AppViews. Multiple enrollment records are supported — one per Stratos service."
47 47 
    },
48 48 
    "serviceAttestation": {
49 49 
      "type": "object",
50 50 
      "required": [
51 51 
        "sig",
52 52 
        "signingKey"
53 53 
      ],
54 54 
      "properties": {
55 55 
        "sig": {
56 56 
          "type": "bytes",
57 57 
          "description": "Raw signature bytes of the DAG-CBOR encoded attestation payload, signed by the service key."
58 58 
        },
59 59 
        "signingKey": {
60 60 
          "type": "string",
61 61 
          "description": "The Stratos service's public key as a did:key string, used to verify the attestation signature."
62 62 
        }
63 63 
      },
64 64 
      "description": "An attestation signed by the Stratos service key. The signed payload is DAG-CBOR encoded {boundaries, did, signingKey} with sorted keys."
65 65 
    }
66 66 
  },
67 67 
  "$type": "com.atproto.lexicon.schema",
68 68 
  "lexicon": 1
69 69 
}

Compare Other Versions

Lexicon Garden

@