Developers
Build against the standards
Everything below is normative: the shipped JSON Schemas and conformance vectors are the machine-readable truth, published at github.com/uuaid.
1Identifier profiles
IAASO-1001 defines two conformant identifier profiles. The discriminator is segment count: four segments is the compact form, five is the federated form.
| Profile | Grammar | Use |
|---|---|---|
| Profile AUUAID compact form | uuaid:<namespace>:<object-type>:<local-id> | The live production grammar (4 segments). Charset [a-z0-9-] allows hyphenated object types and UUID local-ids. Every Polygon-anchored identifier uses this form. |
| Profile BIAASO federated form | uuaid:<subject-class>:<jurisdiction>:<namespace>:<local-id> | Reserved for cross-registry federation (5 segments). subject-class must come from the registered enum. |
# Profile A — compact (live) uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72 # Profile B — federated (reserved) uuaid:agent:global:aaua:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72
2Cryptographic suites
Signed IAASO objects carry a proof array of UUAID SignatureEnvelopes with crypto-agile algorithm identifiers (IAASO-1601):
| Parameter | Value | Notes |
|---|---|---|
| Signature algorithm | ed25519 | v1 default. ml-dsa-65 reserved for the post-quantum hybrid transition. |
| Canonicalization | JCS-RFC8785 | RFC 8785 JSON Canonicalization Scheme, for all hashing and signing. |
| Hash | keccak256 | Anchor-chain compatible with the live Polygon ledger. |
| Envelope | {alg, keyId?, publicKey?, sig, created?} | The UUAID SignatureEnvelope, per ADR-002. |
3Status model
Certification and accreditation status is a ten-value enum (IAASO-1301). Verifiers must treat anything other than active or conditional as non-authoritative for trust decisions:
draftpendingactiveconditionalprobationarysuspendedrevokedexpiredarchivedsuperseded4API quickstart
The IAASO API is served from the UUAID registry under https://api.uuaid.org/iaaso/v1. All read endpoints are public and unauthenticated.
Resolve a subject
curl https://api.uuaid.org/iaaso/v1/resolve/uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72
Check status and history
curl https://api.uuaid.org/iaaso/v1/status/uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72 curl https://api.uuaid.org/iaaso/v1/status/uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72/history
Verify a credential
curl -X POST https://api.uuaid.org/iaaso/v1/verify/credential \
-H 'content-type: application/json' \
-d '{
"credential": {
"type": "AAUACredential",
"certification": "cert-saf-101",
"agent_handle": "example-agent",
"signature": "..."
}
}'The response is a VerificationResult whose checks[] covers signature validity, issuer accreditation, current status and expiry — a revoked but validly-signed credential verifies false.
Trust anchors and transparency
curl https://api.uuaid.org/iaaso/v1/trust/issuers
curl https://api.uuaid.org/iaaso/v1/trust/keys
curl https://api.uuaid.org/iaaso/v1/receipts/{event}
curl https://api.uuaid.org/iaaso/v1/crypto-inventory5Schemas and conformance
JSON Schemas ship in versioned pairs (v1 frozen, v1.1 current): the base object plus subject-document, trust-profile, status-object and accreditation. A conformance runner validates examples and signed test vectors against them. Where specification prose and schema disagree, the schema wins and the prose receives a published erratum.