This document describes a generic container file format suitable for authoring content collaboratively, both in real-time or with eventual merging. It is suitable for encapsulating an authoritative view of the resource, or managing multiple diverging versions. Confidentiality and authentication of content are both supported.

Authorization is often the last remaining centralized function in a distributed system. Advances in compute capabilities of miniaturized CPUs make alternative cryptographic approaches feasible that did not find such use when first envisioned. This document describes the elements of such cryptographically backed distributed authorization schemes as a reference for implementations.

[ CAPROCK ] is a distributed authorization scheme based on cryptographic capabilities ( [ I-D.draft-jfinkhaeuser-caps-for-distributed-auth ] ). This document describes a compact wire encoding for CAProck capabilities, suitable for 0-RTT transmission.

CAProck is a distributed authorization scheme based on cryptographic capabilities [ I-D.draft-jfinkhaeuser-caps-for-distributed-auth ] . This document describes the schemes additional constraints over the base document, and introduces a method for dealing with revocation of authorization. The result is a complete distributed authorization scheme.