expfield ("expiry-overloading"), or add an explicit
“exp”stand for ”not before” and ”expires at” respectively. These are standard JWT fields. Taken together they represent the time bounds for a token.
“nbf“field is optional (though recommended). When omitted, it is assumed to be currently valid. Setting this field in the future allows the sender to delay ue of a UCAN. For example, you may want someone to only be able to post something over the weekend at a hackaton, but not before.
“exp“field is extremely important for a number of reasons. It is strongly encouraged to keep the time as short as possible for a use case. For instance, when sending commands to the server, keeping it to 30 seconds is very reasonable when sending over TLS.
nncis a randomly generated string, used to ensure the uniqueness of the UCAN. This helps prevent replay attacks, and ensures a unique CID per creation. Typically the expiry time will ensure that UCANs are unique, but adding the nonce ensures uniqueness.
“fct”is a field for arbitrary facts and proofs of knowledge. These can be things like providing hash preimages, signing a challenge string with the private key associated with the
“iss”, a Merkle proof, and so on.
“prf”section is reserved for UCAN proofs; the ”inputs” of the UCAN.
”iss”is the resource originator / owner for everything in the
”iss”DID. This scoping also includes time ranges, making the proof that starts latest and proof the end soonest the lower and upper time bounds.
“wnfs“for the WebNative File System,
“email”for email, and
“domain“for domain names.
*). This means ”any resource of this type”, even if not yet created, bounded by proofs. These are generally used for account linking. Wildcards are not required to delegate longer paths, as paths are generally taken as