{ "tile_type": "spec.lifetime_substrate", "schema_version": "1.0", "id": "urn:flie:nnp:spec:lifetime-data-substrate:v0.1", "title": "Lifetime Data Substrate — Reference Spec (v0.1)", "author_did": null, "created_utc": "2026-02-01T06:00:00Z", "version": "0.1.0", "content": { "doctrine": { "purpose": "Continuity substrate for person-controlled, vendor-agnostic identity, data lineage, and survivability across decades.", "north_stars": [ "Identity before data", "Continuity over disruption", "Sovereign, portable, verifiable", "Triangulated trust: cryptography + personhood + law", "Continuity defines compliance" ] }, "layers": [ { "index": 1, "name": "Root of Identity (RoI)", "goals": [ "Stable person-controlled identity that outlives vendors and accounts" ], "spec": { "identifier": "DID (e.g., did:key or did:ion)", "keys": { "signing": "Ed25519", "recovery": "offline, separately held" }, "human_alias": "ContinuityID (CID), human-memorable string bound to DID", "recovery_bundle": "sealed packet for long-term custody" } }, { "index": 2, "name": "Attestation & State", "goals": [ "Prove control, bind devices/agents, express current state" ], "spec": { "attestation_triplet": [ "claim", "proof", "continuity_envelope" ], "agent_binding": "signed statement binding an engine instance to the RoI", "revocation": "revocation tiles for compromised agents/keys" } }, { "index": 3, "name": "Object Model (Tiles/Records)", "goals": [ "Deterministic, independently verifiable records" ], "spec": { "tile": { "id": "urn:flie::::", "schema_version": "1.0", "content": { "media_type": "text/plain; charset=utf-8", "hash": "sha256-", "cas_pointer": null }, "lineage": { "parent_hash": null, "history": [] }, "provenance": { "signature": { "alg": "Ed25519", "kid": null, "sig": null }, "attestations": [], "timestamp": { "claimed": "2026-02-01T06:00:00Z", "rfc3161_stamp": null } }, "access": { "acl": "ABAC/OPA policy references", "license": "All rights reserved" } } } }, { "index": 4, "name": "Storage & CAS", "goals": [ "Local-first durability and global verifiability" ], "spec": { "local_store": "snapshotting filesystem (e.g., ZFS or Btrfs)", "cas": "SHA-256 multihash for content addressing", "replicas": [ "S3-compatible bucket", "IPFS pinning", "enterprise object store" ], "retrieval": "hash-first addressing" } }, { "index": 5, "name": "Ingestion & Processing (Engine)", "goals": [ "No ingestion without identity and governance" ], "spec": { "activation": "CID + private key one-time validation", "activation_certificate": "device-bound certificate enabling ingest/export", "pipeline": [ "normalize", "hash", "tile", "sign", "timestamp", "index", "replicate" ] } }, { "index": 6, "name": "Legal Custody & Inheritance", "goals": [ "Human survivability beyond platforms and corporate boundaries" ], "spec": { "binding_event": "witnessed verification of person ↔ CID ↔ key control", "sealed_failsafe": "recovery bundle held under legal custody", "transfer": "dual-signed transfer tile with witness; rotate keys afterwards" } }, { "index": 7, "name": "Access & Governance", "goals": [ "Explainable control and accountable computation" ], "spec": { "policy": "ABAC/OPA policy tied to identity and tile metadata", "journaling": "append-only doctrine/action log", "compute": "privacy-by-context execution under user identity" } } ], "identifiers": { "person_did": "did:key (Ed25519)", "object_id": "urn:flie deterministic URN", "key_naming": "kid suffix pattern: #keys-YYYY-MM" }, "provenance_block": { "hash_alg": "sha256", "sig_alg": "Ed25519", "timestamp": "RFC-3161 optional timestamp token", "vc_refs": "optional verifiable credential references" }, "continuity_envelope": { "bundle": "tile + signature + timestamp + attestations", "extension": ".cenv", "indexing": "multihash catalog with reverse lookup" }, "replication": { "strategy": "3-2-1", "snapshots": "immutable periodic snapshots", "public_anchors": "optional redacted multihash", "annual_drill": "cold-start recovery test from custody bundle" }, "interop_migration": { "adapters": "import/export adapters preserving source_hash & lineage", "portability_contract": "systems of record must export stable IDs, timestamps, checksums" }, "security": { "keys": "HSM/secure enclave storage; dual-control for recovery; rotate periodically", "agents": "signed binaries; transparency log; measured boot", "policy_defaults": "default-deny for ingest/export; allowlists per schema", "threats_considered": [ "model drift", "API deprecation", "cloud lock-in", "ransomware", "legal seizure without due process", "link rot", "founder exit" ] }, "governance_playbooks": { "inception": [ "Binding Event", "seal custody packet", "register hashed CID + timestamp" ], "quarterly": [ "rotate signing key", "verify replicas", "reconcile lineage", "publish integrity proofs" ], "annual": [ "continuity drill", "solicitor re-attestation" ], "transfer": [ "dual-signed transfer tile", "witness signature", "rotate keys" ] }, "operational_outcomes": { "findability_sla_seconds": 5, "verify_sla_seconds": 2, "narrate_lineage": "human-readable chain of custody", "survivability": "identity and lineage persist beyond vendor/platform failure" }, "implementation_starter": { "crypto": { "sign": "Ed25519", "hash": "SHA-256", "timestamp": "RFC-3161", "envelope": "DSSE or COSE" }, "data": { "serialization": "JSON or DAG-CBOR", "index": "SQLite", "history": "Merkle structure" }, "engine": { "model": "local-first daemon", "pipeline": "declarative ingest pipeline" }, "schemas_min": [ "document", "event", "identity-claim", "asset", "conversation" ], "ux": [ "Explain my chain of custody", "Verify object integrity", "Show access control" ] } }, "lineage": { "parent_hash": null, "history": [] }, "provenance": { "signature": { "alg": "Ed25519", "kid": null, "sig": null }, "attestations": [], "timestamp": { "claimed": "2026-02-01T06:00:00Z", "rfc3161_stamp": null } }, "license": "All rights reserved.", "notes": "Version 0.1. Replace nulls when binding DID, signing, and timestamping." }