SSM-NET — Scope & Non-Goals (1A–1E)

Overlay semantics that travel anywhere, verify everywhere

1A. Scope (what this standard covers)
SSM-NET defines a manifest-first overlay for network exchanges that adds portable meaning and verifiable continuity without altering transports.

What’s in scope (high-level):

  • Headers/metadata overlay. How to carry manifest_id, disclosure intent, a canonical subset declaration, a body hash, and a continuity stamp.
# continuity stamp (one-line)
SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEX>|prev=<HEX or NONE>
  • Deterministic lane math. A bounded dial beside bytes.
# align construction (bounded, replayable, order-invariant)
a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
u   := atanh(a_c)
U  += w*u ; W += w
align := tanh( U / max(W, eps_w) )
  • Human bands from rulebooks.
band := cutpoint_map(align, manifest_id)   # boundary inclusivity defined in the manifest
  • Canonical subset commitment.
subset := ["value","band","manifest_id"]   # optionally include "align_ascii" if declared
HEAD   := SHA256(JOIN_WITH_NEWLINES(subset_values))
  • Verification behavior. Receiver checks continuity (prev chain), subset integrity, and band consistency under the manifest; optionally recomputes lane for parity.
  • Evidence publication. Well-known discovery for manifests, checkpoints, and evidence bundles; optional fetch of manifests and checkpoints by URL.
  • Federation levels. Interop across differing policies via progressive disclosure levels (label-first → lanes reproducible → full evidence).
  • Profiles (bindings). Naming and requirements for concrete surfaces (e.g., a web profile), plus guidance for APIs, streams, peer/mesh, and devices.

1B. Non-Goals (what this standard does not do)

  • No transport replacement. Does not alter routing, congestion control, handshakes, or encryption of transport protocols.
  • No identity or PII mandate. Bands describe content posture, not people.
  • No payload mutation. Collapse parity ensures original bytes remain untouched.
phi((m,a)) = m
  • No content moderation or policy creation. Manifests freeze your thresholds and obligations; SSM-NET does not author them.
  • No consensus ledger. Continuity is linear and append-only per scope; global consensus is out of scope.
  • No encryption redesign. Works over existing secure or insecure channels; cryptographic algorithms and key management are not specified.
  • No schema imposition. Commits to a declared subset; does not dictate business fields or domain schemas.
  • No availability SLA. Uptime and failover are deployment concerns, not protocol guarantees.

1C. Interoperability and forward-compatibility

  • Overlay-safe by default. Unknown SSM-NET headers/fields may be ignored by legacy stacks without breaking payload delivery.
  • Independent replay. Any conforming receiver can recompute sha256 over the canonical subset and inspect prev continuity without trusting the sender.
  • Manifest rotation, not edits. Policy changes mint a new manifest_id; past outcomes stand.
  • Additive evolution. New headers/fields may be added without invalidating older exchanges if the canonical subset contract is honored.
  • Text normalization for hashing. Canonical subset strings MUST be UTF-8 NFC before hashing; numeric comparisons MUST apply defined tolerances at band boundaries.

1D. Conformance roles (high-level obligations)

  • Senders (MUST):
    • Publish or reference a manifest_id.
    • Declare a canonical subset and emit a continuity stamp.
    • Ensure collapse parity (phi((m,a)) = m) — no payload mutation.
    • Normalize canonical subset fields to UTF-8 NFC before hashing; include the declared order and exact byte representation in the commitment.
# sender: make the commitment
subset_order := ["value","band","manifest_id"]
bytes        := JOIN_WITH_NEWLINES([value, band, manifest_id])
HEAD         := SHA256(bytes)
stamp        := "SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256="+HEAD+"|prev=<HEAD or NONE>"
  • Receivers (MUST):
    • Verify stamp continuity and subset integrity; detect mismatches deterministically.
    • Map align to band under the referenced manifest (or recompute align locally if disclosed) using clamp → atanh → accumulate → tanh.
# receiver: parity & policy
assert SHA256(join_subset(msg)) == msg.HEAD
assert chain_prev_ok(msg.prev, prior.HEAD)
band := cutpoint_map(align_from(msg or local), manifest_id)
  • Intermediaries (SHOULD):
    • Preserve bytes and any Body-Hash header.
    • If adding their own observations, append a new stamp; never rewrite history.
  • Publishers (SHOULD):
    • Expose well-known endpoints for manifests, checkpoints, and evidence packs.
    • Provide boundary-inclusivity text and escalation promises inside manifests.

1E. Deployment surfaces (illustrative)

  • Web requests/responses (profiled headers). Add overlay headers while keeping bodies byte-identical.
  • Programmatic APIs. REST/GraphQL responses carry the same overlay fields.
  • Streaming & messaging. Frames/messages include envelopes with canonical subset binding.
  • Peer/mesh links. Nodes exchange stamped envelopes with local policy replay.
  • Devices & gateways. Lightweight headers or side-band metadata report bands and stamps alongside sensor bytes.

One-line takeaway for Section 1
“Overlay semantics only: carry rulebooks, lanes, and stamps beside unchanged bytes — verifiable by anyone, on any transport.”

Navigation
Previous: SSM-NET — Introduction
Next: SSM-NET — Alignment lane (2A)