SSM-NET — HTTP-M & WS-M (5A–5B)

Same bytes on the wire; add manifest, subset, and stamp as headers/metadata.

5A. HTTP-M (web profile: SSM-NET over HTTP/HTTPS)
Carry SSM-NET semantics as HTTP headers while keeping bodies byte-identical.

Request (client → server) headers.

SSMNET-Manifest: <manifest_id>
SSMNET-Disclosure: value-only | value+band | full
SSMNET-Canonical-Subset: ["value","band","manifest_id"(,"align_ascii"?)]
SSMNET-Body-Hash: sha256=<HEX>           # over raw body bytes on wire, if present
SSMNET-Stamp: SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEX>|prev=<HEX or NONE>

Response (server → client) headers.

SSMNET-Manifest: <manifest_id>
SSMNET-Band: <BandLabel>                  # optional (label-first)
SSMNET-Align-Ascii: <+0.000000>           # optional; canonical signed decimal when align is public
SSMNET-Canonical-Subset: ["value","band","manifest_id"(,"align_ascii"?)]
SSMNET-Body-Hash: sha256=<HEX>
SSMNET-Stamp: SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEX>|prev=<HEX>
SSMNET-Checkpoint: HEAD=<HEX>             # optional (per scope)

Norms (MUST / SHOULD).

- MUST keep payload bytes unchanged: phi((m,a)) = m
- MUST compute sha256 over exact on-wire body when SSMNET-Body-Hash is present
- MUST make the canonical subset declaration visible on the wire
- SHOULD default to label-first (value+band); expose align/align_ascii only when declared public
- MAY publish well-known endpoints for audits and catch-up

Minimal example (illustrative).

GET /resource
SSMNET-Manifest: NETWORK_POSTURE.DEMO
SSMNET-Disclosure: value+band
SSMNET-Canonical-Subset: ["value","band","manifest_id"]
SSMNET-Stamp: SSMCLOCK1|2025-11-09T12:05:00Z|n1|sha256=<H1>|prev=NONE

HTTP/1.1 200 OK
Content-Type: application/json
SSMNET-Manifest: NETWORK_POSTURE.DEMO
SSMNET-Band: A0
SSMNET-Canonical-Subset: ["value","band","manifest_id"]
SSMNET-Body-Hash: sha256=<B1>
SSMNET-Stamp: SSMCLOCK1|2025-11-09T12:05:01Z|n2|sha256=<H2>|prev=<H1>

{"value":{"status":"ok"}}

5B. WS-M (bidirectional streams)
Put envelopes and stamps in message metadata for duplex streams (WebSocket or equivalent).

Binding.

- Each message MUST include: value, band, manifest_id, stamp
- Stream scope defines continuity; first message uses prev = "NONE"
- Intermediaries MAY append their own stamped observation without altering prior frames

Disclosure.

- Default label-first (value+band)
- When align is public, receivers SHOULD recompute locally to confirm band:
  a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
  u   := atanh(a_c)
  U  += w*u ; W += w
  align := tanh( U / max(W, eps_w) )
  assert band == cutpoint_map(align, manifest_id)

Frame sketch (illustrative).

# outbound frame metadata
ssmnet = {
  "manifest_id": "NETWORK_POSTURE.DEMO",
  "subset": ["value","band","manifest_id"],
  "stamp": "SSMCLOCK1|2025-11-09T12:10:00Z|n3|sha256=<H3>|prev=<H2>"
}
payload = {"value":{"tick":42}}  # bytes unchanged (phi((m,a)) = m)

Why this matters (human terms).
Whether it’s an HTTP response or a live stream, receivers can recompute integrity, walk continuity, and replay policy—without changing a single payload byte.

Navigation
Previous: SSM-NET — Branching & Chain IDs (4D.1)
Next: SSM-NET — API-M, MESH-M, and IoT-M (5C–5E)