zone.stratos.actor.enrollment

lexicon.store View official

Documentation

A record indicating the user is enrolled in a Stratos service. Published to the user's PDS during OAuth enrollment for endpoint discovery by AppViews. Multiple enrollment records are supported — one per Stratos service.

main record

A record indicating the user is enrolled in a Stratos service. Published to the user's PDS during OAuth enrollment for endpoint discovery by AppViews. Multiple enrollment records are supported — one per Stratos service.

Record Key any Any valid record key

Properties

attestation ref #serviceAttestation Required

Service attestation vouching for the user's enrollment, boundaries, and signing key.

createdAt string datetime Required

Timestamp when the enrollment was created.

service string uri Required

The Stratos service endpoint URL where this user's private data is stored.

signingKey string Required

The user's P-256 public key as a did:key string, generated by the Stratos service for user-level record signing.

View raw schema 
{
  "key": "any",
  "type": "record",
  "record": {
    "type": "object",
    "required": [
      "service",
      "signingKey",
      "attestation",
      "createdAt"
    ],
    "properties": {
      "service": {
        "type": "string",
        "format": "uri",
        "description": "The Stratos service endpoint URL where this user's private data is stored."
      },
      "createdAt": {
        "type": "string",
        "format": "datetime",
        "description": "Timestamp when the enrollment was created."
      },
      "boundaries": {
        "type": "array",
        "items": {
          "ref": "zone.stratos.boundary.defs#Domain",
          "type": "ref"
        },
        "maxLength": 50,
        "description": "List of boundaries the user has access to on this Stratos service."
      },
      "signingKey": {
        "type": "string",
        "description": "The user's P-256 public key as a did:key string, generated by the Stratos service for user-level record signing."
      },
      "attestation": {
        "ref": "#serviceAttestation",
        "type": "ref",
        "description": "Service attestation vouching for the user's enrollment, boundaries, and signing key."
      }
    }
  },
  "description": "A record indicating the user is enrolled in a Stratos service. Published to the user's PDS during OAuth enrollment for endpoint discovery by AppViews. Multiple enrollment records are supported — one per Stratos service."
}
serviceAttestation object

An attestation signed by the Stratos service key. The signed payload is DAG-CBOR encoded {boundaries, did, signingKey} with sorted keys.

Properties

sig bytes Required

Raw signature bytes of the DAG-CBOR encoded attestation payload, signed by the service key.

signingKey string Required

The Stratos service's public key as a did:key string, used to verify the attestation signature.

View raw schema 
{
  "type": "object",
  "required": [
    "sig",
    "signingKey"
  ],
  "properties": {
    "sig": {
      "type": "bytes",
      "description": "Raw signature bytes of the DAG-CBOR encoded attestation payload, signed by the service key."
    },
    "signingKey": {
      "type": "string",
      "description": "The Stratos service's public key as a did:key string, used to verify the attestation signature."
    }
  },
  "description": "An attestation signed by the Stratos service key. The signed payload is DAG-CBOR encoded {boundaries, did, signingKey} with sorted keys."
}

Lexicon Garden

@