/source/ · YAML registry · Apache-2.0

badges

v1.0.0

The badge-claimants registry. One YAML per claimant with the producer's published JWKS URL, conformance run digest, and a signed sample receipt. Pull requests drive the public listing.

ratified March 2026commit 8af4c92d14 files · 28 KB

About this artefact

The badges artefact is the public registry of every implementation that has self-attested v1 compatibility. Each claimant submits one YAML file under claimants/<slug>.yaml containing the implementation's name, vendor, source URL, the producer's published JWKS URL, the conformance run digest from conformance, and a base64-encoded sample receipt.

A weekly working-group review verifies the JWKS reachability, replays the conformance digest, and validates the sample receipt against the claimed JWKS. Accepted entries appear on the public /implementations/ table. Submissions go via signed email patches to open-source@cloakapi.io until the working group's patch tracker comes online.

Manifest

Tar.gz tarball download is published at the spec ratification cadence. Below is the current public manifest (SHA-256 fingerprints, file count, ratification commit).
PathSizeSHA-256
README.md1.8 KBb52b737c1527afc46ff1180a9a2d97144945faad7cd721a9651c0ab268d23542
schema/claimant.schema.json3.4 KBf3df5b45519996efec76e9773d1d8cc2cd4ce108d6822199df082d2a52a31793
claimants/cloakapi-gateway.yaml0.9 KBaa2d001ac12346728ffad8be1db5a635703878acdecdbf6afc3bc56422681761
claimants/cloakapi-desktop.yaml0.9 KB817f6d0a1148f994d2e94f9ec984bb7d1078b6a74149032b0e6d2eff8c6cccf7
claimants/cloakapi-extension.yaml0.8 KBe4cc57a0e4862f28fb61cd1870face9e77b566994af05c7914a0fa8f0b0b90fa
14 files · 28 KB · ratification commit 8af4c92d · signed by working-group key wg-2026-03

Quick start

claimants/your-impl.yaml
name: ExampleGW
vendor: Example, Inc
source: https://example.com/signedreceipts
jwks_url: https://api.example.com/.well-known/jwks.json
conformance_digest: sha256:8af4c92d...
sample_receipt: base64:eyJ2IjoiMS4w...
contact: security@example.com
shell
# Validate your YAML before submitting
signedreceipt jwks fetch https://api.example.com/.well-known/jwks.json
signedreceipt verify --jwks ./jwks.json sample-receipt.json

# Mail the patch to the working group
git format-patch -1 --stdout | mail -s '[badge] ExampleGW v1' open-source@cloakapi.io

Issues / questions

Bug reports, patches, and security advisories all go to the working-group inbox.

open-source@cloakapi.io

Back to /source/ · related: spec · conformance · implementations