zone.stratos.actor.enrollment

lexicon.northsky.app

Schema Diff

+32 -3

From

CID
bafyreihlbxsmhea...
Indexed At
2026-03-03 21:28 UTC
View this version

To

CID
bafyreihjlzckoss...
Indexed At
2026-03-26 17:07 UTC
View this version

Compatibility Analysis

Backward Compatible

Backward compatible. 9 non-breaking changes.

Non-Breaking Changes (9)
  • AddedVertex AddedVertex { vertex_id: "zone.stratos.actor.enrollment#serviceAttestation" }
  • AddedVertex AddedVertex { vertex_id: "zone.stratos.actor.enrollment#serviceAttestation.sig" }
  • AddedVertex AddedVertex { vertex_id: "zone.stratos.actor.enrollment#serviceAttestation.signingKey" }
  • AddedVertex AddedVertex { vertex_id: "zone.stratos.actor.enrollment:body.attestation" }
  • AddedVertex AddedVertex { vertex_id: "zone.stratos.actor.enrollment:body.signingKey" }
  • AddedEdge AddedEdge { src: "zone.stratos.actor.enrollment#serviceAttestation", tgt: "zone.stratos.actor.enrollment#serviceAttestation.sig", kind: "prop", name: Some("sig") }
  • AddedEdge AddedEdge { src: "zone.stratos.actor.enrollment#serviceAttestation", tgt: "zone.stratos.actor.enrollment#serviceAttestation.signingKey", kind: "prop", name: Some("signingKey") }
  • AddedEdge AddedEdge { src: "zone.stratos.actor.enrollment:body", tgt: "zone.stratos.actor.enrollment:body.attestation", kind: "prop", name: Some("attestation") }
  • AddedEdge AddedEdge { src: "zone.stratos.actor.enrollment:body", tgt: "zone.stratos.actor.enrollment:body.signingKey", kind: "prop", name: Some("signingKey") }

Migration Guidance

Added Elements

  • AddedVertex { vertex_id: "zone.stratos.actor.enrollment#serviceAttestation" }
  • AddedVertex { vertex_id: "zone.stratos.actor.enrollment#serviceAttestation.sig" }
  • AddedVertex { vertex_id: "zone.stratos.actor.enrollment#serviceAttestation.signingKey" }
  • AddedVertex { vertex_id: "zone.stratos.actor.enrollment:body.attestation" }
  • AddedVertex { vertex_id: "zone.stratos.actor.enrollment:body.signingKey" }

Additional Notes

  • Non-breaking: AddedEdge { src: "zone.stratos.actor.enrollment#serviceAttestation", tgt: "zone.stratos.actor.enrollment#serviceAttestation.sig", kind: "prop", name: Some("sig") }
  • Non-breaking: AddedEdge { src: "zone.stratos.actor.enrollment#serviceAttestation", tgt: "zone.stratos.actor.enrollment#serviceAttestation.signingKey", kind: "prop", name: Some("signingKey") }
  • Non-breaking: AddedEdge { src: "zone.stratos.actor.enrollment:body", tgt: "zone.stratos.actor.enrollment:body.attestation", kind: "prop", name: Some("attestation") }
  • Non-breaking: AddedEdge { src: "zone.stratos.actor.enrollment:body", tgt: "zone.stratos.actor.enrollment:body.signingKey", kind: "prop", name: Some("signingKey") }
1 1 
{
2 2 
  "id": "zone.stratos.actor.enrollment",
3 3 
  "defs": {
4 4 
    "main": {
5 - 
      "key": "literal:self",
5 + 
      "key": "any",
6 6 
      "type": "record",
7 7 
      "record": {
8 8 
        "type": "object",
9 9 
        "required": [
10 10 
          "service",
11 + 
          "signingKey",
12 + 
          "attestation",
11 13 
          "createdAt"
12 14 
        ],
13 15 
        "properties": {
14 16 
          "service": {
15 17 
            "type": "string",
16 18 
            "format": "uri",
17 19 
            "description": "The Stratos service endpoint URL where this user's private data is stored."
18 20 
          },
19 21 
          "createdAt": {
20 22 
            "type": "string",
21 23 
            "format": "datetime",
22 24 
            "description": "Timestamp when the enrollment was created."
23 25 
          },
24 26 
          "boundaries": {
25 27 
            "type": "array",
26 28 
            "items": {
27 29 
              "ref": "zone.stratos.boundary.defs#Domain",
28 30 
              "type": "ref"
29 31 
            },
30 32 
            "maxLength": 50,
31 - 
            "description": "List of boundaries the user has access to on this Stratos service."
33 + 
            "description": "Service-qualified boundaries the user has access to on this Stratos service, each in '{serviceDid}/{domainName}' format."
34 + 
          },
35 + 
          "signingKey": {
36 + 
            "type": "string",
37 + 
            "description": "The user's P-256 public key as a did:key string, generated by the Stratos service for user-level record signing."
38 + 
          },
39 + 
          "attestation": {
40 + 
            "ref": "#serviceAttestation",
41 + 
            "type": "ref",
42 + 
            "description": "Service attestation vouching for the user's enrollment, boundaries, and signing key."
32 43 
          }
33 44 
        }
34 45 
      },
35 - 
      "description": "A profile record indicating the user is enrolled in a Stratos service. Published to the user's PDS during OAuth enrollment for endpoint discovery by AppViews."
46 + 
      "description": "A record indicating the user is enrolled in a Stratos service. Published to the user's PDS during OAuth enrollment for endpoint discovery by AppViews. Multiple enrollment records are supported — one per Stratos service."
47 + 
    },
48 + 
    "serviceAttestation": {
49 + 
      "type": "object",
50 + 
      "required": [
51 + 
        "sig",
52 + 
        "signingKey"
53 + 
      ],
54 + 
      "properties": {
55 + 
        "sig": {
56 + 
          "type": "bytes",
57 + 
          "description": "Raw signature bytes of the DAG-CBOR encoded attestation payload, signed by the service key."
58 + 
        },
59 + 
        "signingKey": {
60 + 
          "type": "string",
61 + 
          "description": "The Stratos service's public key as a did:key string, used to verify the attestation signature."
62 + 
        }
63 + 
      },
64 + 
      "description": "An attestation signed by the Stratos service key. The signed payload is DAG-CBOR encoded {boundaries, did, signingKey} with sorted keys."
36 65 
    }
37 66 
  },
38 67 
  "$type": "com.atproto.lexicon.schema",
39 68 
  "lexicon": 1
40 69 
}

Compare Other Versions

Lexicon Garden

@