JSON Schema

Draft-07 schema for validating MIR claims. All required fields, type patterns, and format constraints.

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://mirprotocol.net/schemas/mir-claim.schema.json",
  "title": "MIR Claim",
  "description": "A cryptographically signed participation claim submitted by a registered partner organization, anchored to time.",
  "type": "object",
  "required": ["mir", "type", "domain", "subject", "timestamp", "keyFingerprint", "sig"],
  "additionalProperties": false,
  "properties": {
    "mir": {
      "type": "integer",
      "const": 1,
      "description": "Protocol version."
    },
    "type": {
      "type": "string",
      "description": "Claim type. Core types use mir.{category}.{action}. Extension types use {domain}:{category}.{action}.",
      "pattern": "^(mir\\.[a-z][a-z0-9]*\\.[a-z][a-z0-9_]*|([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}:[a-z][a-z0-9]*\\.[a-z][a-z0-9_]*)$"
    },
    "domain": {
      "type": "string",
      "description": "DNS domain of the issuing organization.",
      "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$"
    },
    "subject": {
      "type": "string",
      "description": "SHA-256 or HMAC-SHA256 hash of the participant identifier (hex-encoded, lowercase).",
      "pattern": "^[a-f0-9]{64}$"
    },
    "timestamp": {
      "type": "string",
      "description": "ISO 8601 datetime of when the event occurred.",
      "format": "date-time"
    },
    "metadata": {
      "type": "object",
      "description": "Type-specific structured context. Maximum 4 KB serialized. Must not contain PII. SHOULD use integer values and string representations for decimals to avoid float ambiguity.",
      "additionalProperties": true
    },
    "keyFingerprint": {
      "type": "string",
      "description": "SHA-256 hash of the 32-byte Ed25519 public key that signed this claim.",
      "pattern": "^[a-f0-9]{64}$"
    },
    "sig": {
      "type": "string",
      "description": "Base64url-encoded (no padding) Ed25519 signature over the canonical form of the claim (all fields except sig).",
      "pattern": "^[A-Za-z0-9_-]{86}$"
    }
  }
}

Validated Fields

Field Constraint
mir Integer, must equal 1
type Core (mir.{category}.{action}) or extension ({domain}:{category}.{action})
domain Valid DNS hostname. No wildcards, no IPs.
subject 64-character lowercase hex string
timestamp ISO 8601 with timezone
keyFingerprint 64-character lowercase hex (SHA-256 of public key)
sig 86 characters, base64url without padding (64 bytes decoded)
metadata Optional object, max 4 KB serialized, no PII