It’s an extension for JSON Web Tokens which allows for offline first apps & distributed systems. It’s like decentralized OAuth. They are self-certifiable.
Separated into header/payload/signature.
Header
{
"alg": "EdDSA",
"typ": "JWT",
"ucv": "0.8.1"
}alg : encryption protocol
ucv : UCAN version
Payload
{
"iss": "did:key:z6Mkr5aefin1DzjG7MBJ3nsFCsnvHKEvTb2C4YAJwbxt1jFS",
"aud": "did:key:z6MkfQhLHBSFMuR7bQXTQeqe5kYUW51HpfZeaymgy1zkP2jM",
"nbf": 1529496683,
"exp": 9256939505,
"att": [
{
"with": "wnfs://demouser.fission.name/public/photos/",
"can": "wnfs/OVERWRITE"
},
{
"with": "wnfs://demouser.fission.name/public/notes/",
"can": "wnfs/OVERWRITE"
}
],
"prf": []
}iss : issuer (from)
aud : audience (to)
nbf : not before
exp : expiration
att : attenuation (what you get to do), now renamed to “cap” for capability.
prf : proof of delegation (array of how you’re authorized to delegate, which allows for delegating subsections of your delegated access)
fct : fact, it’s a map w/ arbitrary data.
Hashing / Signature
These chains can get large, so you can optionally hash the outermost one before sending it to a server. This acts as a “content address”, meaning that if the service hasn’t seen it before, it can separately request that token, but if it already has it in cache and doesn’t need to get it over the network. Since hashes are much smaller than their content, this can save a lot of bandwidth on repeated requests.