KERI & vLEI Concepts

Text-binary concatenation composability is the property of an encoding scheme where any set of self-framing concatenated primitives can be converted as a group between text and binary domains and back again without loss, while maintaining the separability of individual primitives.

Privacy-washing is the practice of applying de-identification techniques to personal data to create a legal 'safe harbor' that ostensibly makes data forwarding legally acceptable, while ignoring the fundamental principle that once personal data has been observed, it cannot be truly 'unseen' and re-identification remains possible through various attack vectors.

A CESR primitive class for encoding variable-length text strings containing only Base64 URL-safe characters, providing more compact qb64 encoding than raw bytes while preserving round-trip transposability between text and binary domains.

A control parameter in CESR stream parsing that specifies which portion of a CESR stream will be processed by which parsing code component, enabling modular and efficient stream processing.

A valid credential within a 90-day grace period before its revocation transaction is recorded to the revocation registry, maintaining technical validity while awaiting formal revocation processing.

Multiple independently valid credentials issued by the same issuer (e.g., a QVI) that have no inherent relationship to each other. While technically possible, issuing redundant credentials and selectively revoking only some instances represents a governance violation in the vLEI ecosystem.

A bespoke credential is a custom-created [ACDC](/concept/acdc) issued on-the-fly for specific disclosure scenarios, functioning as a self-referencing contract between a discloser (acting as issuer) and disclosee (acting as issuee) that attaches consent terms and usage restrictions to the presentation of other ACDCs.

An [AID](/concept/aid) (Autonomic Identifier) becomes abandoned when either its [inception event](/concept/inception-event) or a subsequent [rotation event](/concept/rotation-event) sets the next key digest list (`ndigers`) to empty (zero) with a next threshold of 0, permanently terminating the identifier's transferability and preventing acceptance of any subsequent events.

Value that maintains its utility and can be transferred between different contexts or domains, enabling interoperability and cooperation across non-competing value systems without loss of authenticity or control.

A listed identifier is a list of authorized `did:webs` identifiers and their associated methods contained within an ACDC's metadata section, providing an authorization mechanism for specifying which decentralized identifiers are permitted within a given credential context.

A centrally managed schema registry where corporations or individuals reserve schemas within specific namespaces to enable interoperable schemas labeled with organization-specific or individual-specific identifiers. In ACDC architecture, this traditional centralized model has been superseded by directed acyclic graphs that provide decentralized interoperability by design.

A privacy-preserving mechanism where the current state of a [transaction event log](/concept/transaction-event-log) (TEL) is cryptographically hidden such that only the controller of a designated [AID](/concept/aid) can disclose the revocation state at presentation time, preventing ambient observation by verifiers.

Multi-OOBI (moobi) is a proposed KERI protocol extension that would enable simultaneous distribution of multiple Out-Of-Band Introduction endpoints from a single store, but faces significant authorization and multi-signature collaboration challenges that currently prevent practical implementation.

The most compact form of an ACDC (Authentic Chained Data Container) for a given disclosure level, containing SAIDs (Self-Addressing Identifiers) for undisclosed sections and expanded content for disclosed sections, optimizing the balance between data compression and selective revelation.

drt (deltate, delegated rotation) is a KERI event type that performs key rotation for a delegated Autonomic Identifier (AID), requiring both the delegate's signature and cryptographic anchoring by the delegator in their Key Event Log (KEL).

A stream property in CESR where data begins with a group code or field map, enabling parsers to immediately identify and process the stream format without prior context, solving the cold start problem in stream parsing.

A specialized KERIA class that pushes events occurring inside the cloud agent to external backend processes and web services, serving as an event distribution mechanism distinct from the general-purpose notifier class.

rct is an abbreviation for 'receipt' in KERI protocol terminology, specifically referring to cryptographic receipt messages that provide third-party validation of key events by witnesses or other validators.

A cryptographic rejection operation in KERI/IPEX protocols that formally rejects invalid events, messages, or exchange requests with cryptographic proof of the rejection decision.

A standardized media type identifier that defines the foundational format for verifiable credentials, establishing `credential+ld+json` as the canonical base type with mandatory transformation requirements for alternative formats like `credential+acdc+json`.

A 3-bit encoding unit used in CESR (Composable Event Streaming Representation) for performant resynchronization with unique start bits, enabling efficient stream parsing and cold-start recovery in cryptographic primitive streams.

The state of having verifiable authenticity and documented history/origin through cryptographic proof-of-authorship chains, enabling end-to-end verification of data provenance without relying on trusted intermediaries.

In KERI/ACDC/CESR documentation, non-normative content describes possibilities, provides examples, or explains concepts without establishing mandatory requirements or implementation constraints that must be followed for protocol compliance.

Hierarchical Deterministic Keys (HDK) are cryptographic key derivation systems that generate child keys from parent keys using deterministic algorithms and chain codes, enabling the creation of unlimited key pairs from a single seed while maintaining cryptographic relationships invisible to parties without the seed.