- From: Amir Hameed <amsaalegal@gmail.com>
- Date: Tue, 28 Apr 2026 19:44:46 +0530
- To: "public-vsc@w3.org" <public-vsc@w3.org>
- Message-ID: <CANGYBsy7SOZ9D0WEmL-TwZXcPgM9JTaYrChAToZVS25EHcCPGA@mail.gmail.com>
Dear Verifiable Supply Chain Community Group, I have submitted a pull request (PR #5) against the main branch of our repository to introduce the initial specification and reference implementation for the Universal Object & Resource Attestation (UORA) Core Protocol v1.0. Pull Request: https://github.com/w3c-cg/vsc/pull/5 Summary of Contributions: This PR adds two new files in a new uora/ directory, as a starting point for group discussion and development: uora/spec/core-v1.0.md : A formal specification defining a vendor-neutral framework for decentralized identity, state verification, and lifecycle tracking of physical assets. It details a four-layer architecture covering: Universal Object Addressing & Discovery (DID binding, UORA-Query-API). Core Attestation Schemas (Origin, Transfer, Transformation, Disposition) with deterministic conflict resolution and linear chain enforcement. Governance & Authorization via decoupled CertificationCredentials and Trust Frameworks. A seven-phase validation pipeline, a 22-test conformance suite, and a canonical JSON-LD context. uora/uora-resolver-v2.1.py : An a reference implementation that provides a fully functional HTTP resolver compliant with the specification. It includes a CLI for serving the API, running the conformance test suite, and validating attestations. This contribution is made with the intent of providing a concrete and testable foundation to facilitate the group's work on standardizing verifiable supply chain events. In accordance with W3C CG process, I am bringing this to the group’s attention and seeking review, feedback, and discussion. I look forward to your comments on the mailing list or directly on the pull request. Sincerely, Amir Hameed Mir
Received on Tuesday, 28 April 2026 14:15:05 UTC