DSNP implementations perform well-defined DSNP Operations and generate DSNP State Change Records.

Control Keys and Proofs

Each invocation of a DSNP Operation MUST have verifiable approval of the acting principal(s) via a Control Key Ownership Proof. The precise data type and representation of both the Control Key and the Control Key Ownership Proof MUST be defined by each DSNP implementation. For example, an implementation might use the public key of an asymmetric key pair as a control key, and provide a proof for each operation by producing a cryptographic signature of the user's DSNP Identifier and some nonce value.

Where operations are listed as using control keys or ownership proofs as input parameters, this indicates that these keys or proofs should be provided in addition to those needed for invocation authentication.

Transaction Identifiers

Each invocation of a DSNP Operation should be associated with a Transaction Identifier. Transaction Identifiers are used to associate Operation invocations with asynchronously emitted State Change Records. It MUST be possible to associate a DSNP State Change Record with a Transaction Identifier from a particular DSNP Operation invocation. Transaction Identifiers MUST be unique within an implementation. Transaction Identifiers MUST be serializable as a string.

Failure Handling

Compliant implementations may respond to error conditions either synchronously, as a response to the invocation request, or asynchronously, by emitting a Failure Record.

List of Operations

OperationOptional?Principal(s)InputsState Change Record or Output
Create IdentifiernoNoneControl Key, Control Key Ownership ProofIdentifier Creation Record
Retire IdentifiernoUserNoneIdentifier Retirement Record
Define DelegationnoUser AND DelegateUser's Identifier, Delegate's Identifier, Set of Allowed Announcement Types, Set of Allowed User Data TypesDelegation Definition Record
Revoke DelegationnoUser OR DelegateUser's Identifier, Delegate's IdentifierDelegation Revocation Record
Add Control KeyYESUserKey, Key Ownership ProofControl Key Addition Record
Remove Control KeyYESUserKeyControl Key Removal Record
Publish Announcementno*User OR DelegateAnnouncementAnnouncement Published Record
Publish Batchno*User OR DelegateAnnouncement Type, Batch Publication URL, Batch Publication Content HashBatch Published Record
Get User DatanoAnyUser's Identifier, Set of Requested User Data TypesMap of User Data Types to Data Chunks with optional Key Identifiers
Replace User DatanoUser OR DelegateUser's Identifier, Key Identifier, Map of User Data Types to Data ChunksUser Data Replaced Record

* For each Announcement Type, an implementation may support one or both of these operations. Implementations MUST document which of the operations is available for each Announcement Type.