{
  "spec": "dominion-attestation-v1",
  "version": "1.0",
  "summary": "Dominion Observatory attestations are Ed25519 (EdDSA) JWS-compact tokens. Any party can verify one statelessly against the published JWKS public key — no call to Dominion required.",
  "signature": {
    "alg": "EdDSA",
    "curve": "Ed25519",
    "format": "JWS compact (header.payload.signature)",
    "key_id": "dominion-observatory-2026",
    "jwks": "https://dominionobservatory.com/.well-known/jwks.json",
    "issuer": "did:web:dominionobservatory.com"
  },
  "verification_algorithm": [
    "1. Split the JWS on '.' into headerB64, payloadB64, sigB64 (all base64url).",
    "2. Fetch the Ed25519 public key from the JWKS (kid dominion-observatory-2026, the 'x' value is the 32-byte raw public key, base64url).",
    "3. Verify the EdDSA signature (sigB64) over the ASCII bytes of `${headerB64}.${payloadB64}`.",
    "4. If valid, base64url-decode payloadB64 as JSON — that is the attested claim.",
    "5. Reject if the signature fails, or the payload 'iss' is not did:web:dominionobservatory.com."
  ],
  "attestation_types": {
    "dominion-preflight-diligence-v1": "Pre-invocation due-diligence check. Fields: iss, type, target, verdict (PASS|UNCERTAIN|FAIL|UNRATED), score, iat.",
    "mcp-verified-badge-v1": "Paid MCP Verified badge. Fields: iss, sub, type, token, verified, iat, exp.",
    "dominion-mica-attestation-v1.0": "EU AI Act Art.12-style behavioral audit. Fields: iss, sub, type, score, grade, risk, iat.",
    "agt-gamma-trust-verdict-v1": "Paid x402 trust verdict receipt. Fields: iss, sub, type, rid, verdict, score, iat.",
    "dominion-liveness": "Liveness/uptime receipt over verdict + checks."
  },
  "reference_vector": {
    "note": "Verify this example against the JWKS to confirm your implementation. It is a live signature from the production key; it will pass /v1/verify.",
    "payload": {
      "iss": "did:web:dominionobservatory.com",
      "type": "dominion-preflight-diligence-v1",
      "target": "https://example-mcp-server.com/mcp",
      "verdict": "PASS",
      "score": 88,
      "iat": 1751500000
    },
    "jws": "eyJhbGciOiJFZERTQSIsImtpZCI6ImRvbWluaW9uLW9ic2VydmF0b3J5LTIwMjYiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJkaWQ6d2ViOmRvbWluaW9ub2JzZXJ2YXRvcnkuY29tIiwidHlwZSI6ImRvbWluaW9uLXByZWZsaWdodC1kaWxpZ2VuY2UtdjEiLCJ0YXJnZXQiOiJodHRwczovL2V4YW1wbGUtbWNwLXNlcnZlci5jb20vbWNwIiwidmVyZGljdCI6IlBBU1MiLCJzY29yZSI6ODgsImlhdCI6MTc1MTUwMDAwMH0.WioX_BjHdkSZf1sTDiYkO--6H-iWoMhJrWDIv2EOcrMh3fRa9HEkJK12wm3qC0erlLwY-v9qwEQb__0v87IJDw",
    "verify_url": "https://dominionobservatory.com/v1/verify?jws=eyJhbGciOiJFZERTQSIsImtpZCI6ImRvbWluaW9uLW9ic2VydmF0b3J5LTIwMjYiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJkaWQ6d2ViOmRvbWluaW9ub2JzZXJ2YXRvcnkuY29tIiwidHlwZSI6ImRvbWluaW9uLXByZWZsaWdodC1kaWxpZ2VuY2UtdjEiLCJ0YXJnZXQiOiJodHRwczovL2V4YW1wbGUtbWNwLXNlcnZlci5jb20vbWNwIiwidmVyZGljdCI6IlBBU1MiLCJzY29yZSI6ODgsImlhdCI6MTc1MTUwMDAwMH0.WioX_BjHdkSZf1sTDiYkO--6H-iWoMhJrWDIv2EOcrMh3fRa9HEkJK12wm3qC0erlLwY-v9qwEQb__0v87IJDw",
    "expected": {
      "valid": true,
      "issuer": "did:web:dominionobservatory.com",
      "key_id": "dominion-observatory-2026"
    }
  },
  "endpoints": {
    "verify": "https://dominionobservatory.com/v1/verify?jws={jws}",
    "preflight": "https://dominionobservatory.com/v1/preflight?target={server}",
    "jwks": "https://dominionobservatory.com/.well-known/jwks.json"
  },
  "license": "Open reference — implement freely; cite dominion-attestation-v1."
}