Serve byte-identical content with portable meaning anyone can replay
Intent.
Expose a resource without changing a single payload byte while attaching portable meaning and continuity that any receiver can verify independently.
Sender (server) behavior.
# choose disclosure (prefer label-first)
disclosure := "value+band" # value-only | value+band | full
# declare canonical subset (visible, ordered)
subset := ["value","band","manifest_id"]
# compute digest over declared bytes [+ body if declared]
HEAD := SHA256( serialize(subset) [+ raw_body_bytes_on_wire] )
# emit continuity stamp (single-link, append-only)
stamp := "SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256="+HEAD+"|prev=<HEX or NONE>"
# payload invariance
phi((m,a)) = m
Receiver checks.
# 1) integrity
HEAD_local := SHA256(serialize_declared_subset(e) [+ raw_body_bytes_on_wire_if_declared])
assert HEAD_local == parsed_head_from(e.stamp)
# 2) continuity
assert e.stamp.prev == local_HEAD or e.stamp.prev == "NONE"
local_HEAD := parsed_head_from(e.stamp)
# 3) policy replay (label-first)
M := fetch_manifest(e.manifest_id)
assert band_is_derivable(e.band, M) # align may remain private in label-first mode
Outcome.
- Bytes remain identical (
phi((m,a)) = m). - Any party can recompute integrity, walk the chain, and confirm band derivability from the manifest—no private trust channels.
Illustrative HTTP exchange (minimal).
GET /docs/guide.json
SSMNET-Manifest: NETWORK_POSTURE.DEMO
SSMNET-Disclosure: value+band
SSMNET-Canonical-Subset: ["value","band","manifest_id"]
SSMNET-Stamp: SSMCLOCK1|2025-11-10T12:05:00Z|n1|sha256=<H1>|prev=NONE
HTTP/1.1 200 OK
Content-Type: application/json
SSMNET-Manifest: NETWORK_POSTURE.DEMO
SSMNET-Band: A0
SSMNET-Canonical-Subset: ["value","band","manifest_id"]
SSMNET-Body-Hash: sha256=<B1>
SSMNET-Stamp: SSMCLOCK1|2025-11-10T12:05:01Z|n2|sha256=<H2>|prev=<H1>
{"value":{"status":"ok"}}
One-line takeaway.
Same bytes, now replayable—public GETs carry a manifest, a declared subset, and a one-line stamp so anyone can verify integrity and duty-of-care.
Navigation
Previous: SSM-NET — API-M, MESH-M & IoT-M (5C–5E)
Next: SSM-NET — Declared POST (6B)
SHUNYAYA 