SSM-NET — Federation Levels (10.0–10B)

Cooperate across boundaries without overexposure

10.0 General Introduction
Federation levels define how much a link discloses while keeping the same integrity guarantees everywhere. Independently governed systems can interoperate by declaring a maximum supported level and converging per link on the lowest common level. Across all levels: payload invariance holds (phi((m,a)) = m), continuity is append-only, and byte-stable verification remains possible.
Core reminder (copy-ready):

# collapse parity (payload invariance)
phi((m,a)) = m

# continuity stamp (scope-local, append-only)
SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEAD>|prev=<HEX or NONE>

10A. Purpose
Define a three-level disclosure contract so different organizations can link safely:

  • L1 — Label-first (minimum) for strongest privacy with verifiable posture.
  • L2 — Lanes reproducible when independent numeric parity checks are required.
  • L3 — Full evidence when third-party offline replay and audits are necessary.

10B. Levels (normative)
L1 — Label-first (minimum disclosure)

  • Public: value (bytes), band, manifest_id, stamp, canonical subset declaration.
  • Private: align kept in logs.
  • Receiver MUST: recompute sha256 over the declared subset, verify prev chain, fetch manifest_id, confirm band is derivable from manifest cutpoints.
  • Use when: privacy and simplicity dominate; numeric parity on the lane is not required.

L2 — Lanes reproducible

  • Public: everything in L1 plus align (or align_ascii).
  • Receiver SHOULD: recompute the lane via the deterministic kernel and confirm band mapping:
# deterministic lane kernel (normative shape)
a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
u   := atanh(a_c)
U  += w*u ; W += w
align := tanh( U / max(W, eps_w) )
# then: band := cutpoint_map(align, manifest_id)
  • Use when: independent math checks across vendors are desired.

L3 — Full evidence (offline replay)

  • Public: L2 plus downloadable evidence bundle (e.g., envelopes.jsonl, manifests.json, hashes.txt, checkpoint.txt, verify.sh).
  • Receiver MUST: be able to reproduce ALL CHECKS PASSED offline.
  • Use when: third-party audits, regulatory replay, or long-chain verification are required.

Notes

  • Level selection is per link and non-coercive: actual operation level = min(local_max, remote_max).
  • Higher levels never rewrite lower-level bytes; they only add verifiable disclosure.
  • Privacy posture: Prefer label-first unless policy explicitly requires public align.

Navigation
Previous: SSM-NET — Security, Privacy, and Ethics (9G–9I)
Next: Federation: Negotiation, Link Contents, Divergent Policy Handling (10C–10E)