aeoess/AMCS

SPEC · v0.1.0

AI Media
Credentialing Spec.

A signed credential attached to media that travels with the bytes. Subject, issuer, terms, attribution root, enforcement class. Verifiable at fetch time, cascade-revocable on misuse.

Read v0.1.0 →Reference fixtures

Envelope

One credential, one signature.

{
  "@context": "https://aeoess.com/amcs/v1",
  "subject":  "did:web:nytimes.com/article/2026-04-12-fed",
  "issuer":   "did:aps:pub:nytimes.com",
  "terms_block": {
    "behavioral_derivation": "summarize+attribute",
    "retention":             "session-only",
    "training":              "denied"
  },
  "attribution_root":  "sha256:9f2a…b71c",
  "enforcement_class": "enforcement",
  "expires":           "2026-10-12T00:00:00Z",
  "signature":         "ed25519:Aw3kH7…"
}

Fields

Seven required, all signed over.

subject

DID URI

The artifact under credential. Resolves to a content hash.

issuer

DID URI

The publisher attaching terms. Must be a registered passport.

terms_block

JSON

Behavioral derivation rights. What an agent may do with the bytes.

attribution_root

sha-256

Merkle root over D / P / G / C axes. Proof of provenance.

enforcement_class

enum

advisory · enforcement · structural. Tells the gateway what to do on violation.

expires

iso-8601

Terms TTL. Cascades on expiry.

signature

ed25519

Detached JWS over RFC 8785 canonical bytes.

AI MediaCredentialing Spec.

One credential, one signature.

Seven required, all signed over.

AI Media
Credentialing Spec.