Without specification,
software is incomplete.

The hardest part of the software task is arriving at a complete and consistent specification, and much of the essence of building a program is in fact the debugging of the specification.
— Fred Brooks

Draft Specifications & Working Copies

We aim to provide interoperability, which implies working to open standards. Of course, that may mean creating new standards.

We publish all versions of our specifications here, including expired documents, and those yet to be published elsewhere. The latest version is typically the current working copy.

Vessel Container Format

This document describes a generic container file format suitable for authoring content collaboratively, both in real-time or with eventual merging. It is suitable for encapsulating an authoritative view of the resource, or managing multiple diverging versions. Confidentiality and authentication of content are both supported.

Versions:
00
Capabilities for Distributed Authorization

Authorization is often the last remaining centralized function in a distributed system. Advances in compute capabilities of miniaturized CPUs make alternative cryptographic approaches feasible that did not find such use when first envisioned. This document describes the elements of such cryptographically backed distributed authorization schemes as a reference for implementations.

Versions:
00
01
02
CAProck Compact Wire Encoding

[ CAPROCK ] is a distributed authorization scheme based on cryptographic capabilities ( [ I-D.draft-jfinkhaeuser-caps-for-distributed-auth ] ). This document describes a compact wire encoding for CAProck capabilities, suitable for 0-RTT transmission.

Versions:
00
CAProck Distributed Authorization Scheme

CAProck is a distributed authorization scheme based on cryptographic capabilities [ I-D.draft-jfinkhaeuser-caps-for-distributed-auth ] . This document describes the schemes additional constraints over the base document, and introduces a method for dealing with revocation of authorization. The result is a complete distributed authorization scheme.

Versions:
00