Glossary

Accountable Party (AP)

Loosely, "the enterprise". In the context of a SIP call, this is the party that holds the right to use the originating phone number, according to the regulator, and the party whose brand will be conveyed by branded calling. They must assemble evidence (a dossier) to prove their identity, reputation, and intentions. The accountable party may delegate signing duties to their UCaaS, and may delegate actual call mechanics to a call center. However, they retain ultimate accountability for calls that correctly cite their evidence — and they should repudiate any calls that don't.

ACDC

Authentic Chained Data Containers: a format for verifiable digital data like credentials and affidavits. X509 certificates are generation-1 PKI credentials. W3C Verifiable Credentials are generation-2 credentials. ACDCs are generation-3. They are more permanent than an X509 certificate, because they do not require reissuance when keys rotate. They also eliminate the need for centrally managed certificate authorities. They are more flexible than a W3C VC, because they can model scientific and financial data, not just credentials. Unlike either of their predecessor technologies, they can be verified with respect to arbitrary points in time, not just "now", and they support arbitrarily rich chaining with verifiable hyperlinks. ACDCs are the most expressive, highest-security, most permanent way to represent credentials in our project. They are stored in CESR format, but can be down-converted to older forms of evidence for interoperability. ACDCs are used by GLEIF vLEIs in the financial industry and became a standard when ISO 17442:3 was published. A sample ACDC is shown in Credential Structure.

CESR

Composable Event Streaming Representation: a serialization format used by KERI and ACDCs that can freely mix or convert between a JSON-like text form, and a CBOR-like binary form. CESR is terser than JSON as text, and terser than CBOR as binary — and unlike either of these other formats, signed CESR data can be transformed back and forth between text and binary, and between compressed and expanded forms, without invalidating a signature. CESR supports binary attachments and recognizes cryptographic primitives natively, making clunky constructions like JWK (a complex JSON data structure for describing public keys) unnecessary. The sample ACDC shown in Credential Structure is in CESR format; it begins with a text JSON block, and ends with a binary attachment.

Dossier

See comments about dossiers in Credential Types.

Integration Agent

A lightweight web service (distributed as a Docker container) that bridges between ACDC technology and the infrastructure of an issuer of credentials. The agent exposes APIs to issue, revoke, and enumerate credentials, and also a simple UI to configure such actions. It is designed to run on the issuer's internal network, under the issuer's control.

Originating Party (OP)

The party that operates the SBC that creates the first SIP INVITE for an outbound call. This is often a service provider for the AP. The OP must sign the VVP passport (the Identity header) that makes the call verifiable (see Guide for Signers), and they must do so with keys that have been authorized by the AP.

Reason Code

An unsigned integer bitmask that explains why a voice call could be judged worthy of routing, by detailing the characteristics of all the associated evidence (which credentials exist, whether they are expired or revoked, whether a passport matches the observed metadata for the call, whether the signature on the passport is valid, etc.). Reason codes should be saved in a CDR; in conjunction with the Identity header that they explain, they constitute a receipt that supports forensic analysis. Verifiers define business rules that determine how a reason code turns into a routing decision (e.g., "If all of the following conditions are true, accept the call; otherwise, reject it.")