Conformance v0.2 (draft)
This page defines what it means to claim Universal Manifest v0.2 conformance.
If you are validating an external implementation, start with the language-neutral Standalone Conformance Suite workflow.
v0.2 adds an interoperable integrity profile on top of v0.1:
- canonicalization: JCS (RFC 8785)
- signature: Ed25519
- encoding: base64url
Conformance targets
Section titled “Conformance targets”Consumer (Verifier)
Section titled “Consumer (Verifier)”A consumer claiming v0.2 support MUST:
- Validate required fields and
@typeincludesum:Manifest. - Enforce TTL: MUST NOT use if
now > expiresAt. - Verify signature per the v0.2 profile:
signature.algorithm === "Ed25519"signature.canonicalization === "JCS-RFC8785"- remove
signature, canonicalize using JCS, verify Ed25519 signature
- Ignore unknown fields safely (same forward-compat rule as v0.1).
If verification fails, the manifest MUST be rejected for use (it may be retained for debugging).
Issuer (Signer)
Section titled “Issuer (Signer)”An issuer claiming v0.2 support MUST:
- Produce a v0.2 manifest (
manifestVersion: "0.2") with required fields. - Remove
signaturefrom the signing input. - Canonicalize using JCS (RFC 8785) and sign with Ed25519.
- Embed the signature fields as defined by v0.2.
Fixtures (conformance tests)
Section titled “Fixtures (conformance tests)”To claim v0.2 conformance, an implementation MUST:
- Accept all valid fixtures
- Reject all invalid fixtures
Valid fixtures (v0.2)
Section titled “Valid fixtures (v0.2)”Invalid fixtures (v0.2)
Section titled “Invalid fixtures (v0.2)”Quick visual check
Section titled “Quick visual check”- Harness interactive loader (load the v0.2 fixture and use “Verify signature”)
- Run the implementation-neutral suite flow: Standalone Conformance Suite
- v0.2 signature profile overview: Specification v0.2
- Runtime resolver obligations: Resolver Conformance