Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 176 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A protocol is a defined set of rules and procedures that govern how data is transmitted, processed, or verified between systems or entities. In KERI/ACDC, protocols define the standardized mechanisms for key event processing, credential exchange, and cryptographic verification.
A protocol in the KERI/ACDC ecosystem refers to a formally specified set of rules, message formats, and procedures that enable interoperable communication and verification between decentralized identity components. Protocols define how AIDs are created, how key events are processed, how credentials are issued and presented, and how cryptographic verification occurs across the trust spanning layer.
The KERI ecosystem implements several foundational protocols:
KERI Protocol: The base protocol defining Key Event Logs, key rotation, pre-rotation, and duplicity detection. This protocol establishes how autonomic identifiers maintain verifiable control authority over time.
IPEX Protocol: The Issuance and Presentation Exchange protocol standardizes how ACDCs are issued from issuers to holders and presented from holders to verifiers. IPEX recognizes that both issuance and presentation are fundamentally disclosure operations, unifying them under a single protocol framework.
Specification Compliance: KERI protocols are defined through formal specifications maintained by the Trust over IP Foundation. Implementations should reference the canonical specifications at https://github.com/trustoverip/tswg-keri-specification.
Version Management: The vLEI Ecosystem Governance Framework establishes version upgrade policies requiring 18-month support for previous protocol versions and 12-month implementation periods for new versions, with backward compatibility maintained during transitions.
Interoperability: Protocol implementations must support multiple serialization formats (JSON, CBOR, MGPK) and both text and binary CESR encodings to ensure interoperability across different deployment contexts.
Security Properties: Protocol implementations must preserve KERI's core security properties including end-verifiability, duplicity detection, and cryptographic binding between identifiers and key states.
Transport Independence: KERI protocols are designed to be transport-agnostic, operating over HTTP, TCP, or other network protocols without requiring specific transport security properties (though transport security may be used for performance or privacy).
OOBI Protocol: Out-Of-Band Introduction protocol enables discovery of IP resources and service endpoints for KERI identifiers. OOBI provides the bootstrap mechanism that associates AIDs with network locations while maintaining KERI's zero-trust verification model.
CESR Protocol: Composable Event Streaming Representation defines how cryptographic primitives are encoded in both text and binary formats with full composability, enabling efficient streaming and processing of KERI messages.
KERI implements a spanning layer architecture analogous to the Internet's protocol stack. Just as IP serves as the spanning layer for network protocols, KERI protocols provide a trust spanning layer that enables secure attribution and verification across diverse applications and infrastructure.
Protocols in KERI are designed with minimally sufficient means—implementing only what is necessary for security and interoperability while avoiding unnecessary complexity. This principle ensures protocols remain implementable, auditable, and maintainable.
KERI protocols exhibit several critical properties:
End-verifiability: Protocols enable cryptographic verification by any party without requiring trust in intermediate infrastructure.
Duplicity evidence: Protocol designs make inconsistent behavior (duplicity) cryptographically detectable through mechanisms like witness receipts and watcher networks.
Portability: Protocols are infrastructure-agnostic, allowing identifiers and credentials to move between different systems while maintaining verifiable continuity.
Composability: Protocols like CESR ensure that cryptographic primitives can be concatenated and processed as groups without losing individual separability.
KERI: The foundational protocol for key event receipt infrastructure
ACDC: Protocol for authentic chained data containers (verifiable credentials)
IPEX: Protocol for credential issuance and presentation
CESR: Protocol for composable event streaming representation
OOBI: Protocol for out-of-band introduction and discovery