{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://schemas.mpai.community/PTF/V1.0/data/InstanceCredential.json", "title": "Instance Credential V1.0", "description": "Credential binding a Logical Instance Identity to a Cryptographic Instance Identity.", "type": "object", "required": ["Version", "Subject", "CII", "Issuer", "Validity", "Signature"], "additionalProperties": false, "properties": { "Header": { "type": "string", "pattern": "^PTF-ICR-V[0-9]{1,2}[.][0-9]{1,2}$" }, "InstanceCredentialID": { "type": "string" }, "InstanceCredentialTime": { "$ref": "https://schemas.mpai.community/OSD/V1.5/data/Time.json", "description": "Time of credential creation." }, "Subject": { "type": "object", "required": ["InstanceType", "InstanceID"], "additionalProperties": false, "properties": { "InstanceType": { "type": "string", "enum": ["AIMInstance", "ProcessInstance"] }, "InstanceID": { "type": "string", "description": "Identifier of the logical instance (AIM or Process)." }, "Specification": { "type": "string", "description": "URI or identifier of the AIM or Process specification." } } }, "CII": { "type": "object", "description": "Reference to the Cryptographic Instance Identity.", "required": ["Hash", "HashAlgorithm"], "additionalProperties": false, "properties": { "HashAlgorithm": { "$ref": "https://schemas.mpai.community/PTF/V1.0/data/SecurityAlgorithmTaxonomy.json#/properties/Hash", "description": "Hash algorithm identifier from the Security Algorithm Taxonomy." }, "Hash": { "type": "string", "description": "Hash of the referenced CII object (hex or base64url)." } } }, "Issuer": { "type": "object", "required": ["Name", "KeyID"], "additionalProperties": false, "properties": { "Name": { "type": "string", "description": "Human-readable or URI identifier of the issuing authority." }, "KeyID": { "type": "string", "description": "Identifier of the issuer's signing key." } } }, "Validity": { "type": "object", "required": ["NotBefore", "NotAfter"], "additionalProperties": false, "properties": { "NotBefore": { "type": "string", "format": "date-time" }, "NotAfter": { "type": "string", "format": "date-time" }, "Scope": { "type": "string", "description": "Optional scope or usage constraint for the credential." } } }, "Evidence": { "type": "array", "description": "Attestation evidence classified using the Security Evidence Taxonomy.", "items": { "type": "object", "required": ["Type", "Value"], "additionalProperties": false, "properties": { "Type": { "type": "string", "description": "Evidence type from the Security Evidence Taxonomy." }, "Value": { "type": "string", "description": "Opaque evidence payload encoded as base64url." } } } }, "Signature": { "type": "object", "description": "Digital signature over the credential using a Signature algo. from Security Algo. Taxonomy.", "required": ["Algorithm", "Value"], "additionalProperties": false, "properties": { "Algorithm": { "$ref": "https://schemas.mpai.community/PTF/V1.0/data/SecurityAlgorithmTaxonomy.json#/properties/Signature", "description": "Signature algorithm identifier from the Security Algorithm Taxonomy." }, "Value": { "type": "string", "description": "Digital signature value encoded as base64url." } } }, "DataXMData": { "$ref": "https://schemas.mpai.community/PTF/V1.0/data/DataExchangeMetadata.json" }, "DescrMetadata": { "type": "string", "maxLength": 2048 } } }