Resolver Conformance (myum.net)

This page defines the minimum conformance for a UMID resolver at:

The standards/spec/docs site is separate:

This page is written to be implementation-grade: adopters should be able to implement a conforming resolver using only what is published here.

Resolver conformance levels

To claim “resolver conformance”, an implementation MUST satisfy the requirements below.

GET /health

MUST:

GET /.well-known/myum-resolver.json

MUST:

return 200
include Cache-Control: no-store
describe how UMIDs are encoded in the path (including the b64u: escape hatch if supported)

GET /{UMID_PATH}

MUST support:

MUST return one of:

If your UMIDs might include / (e.g., DID URLs or HTTPS URLs), you MUST provide a forward-compatible escape hatch.

Recommended rule:

If the first path segment starts with b64u:, decode the remainder as base64url UTF‑8 UMID bytes.
Otherwise treat the segment as a URL-decoded UMID.

For successful resolutions (200 and 307), the resolver MUST include:

Access-Control-Allow-Origin (for browser tooling)
Cache-Control (short cache recommended; see below)
X-UM-Resolver-Contract (a string version so adopters can reason about changes)

If returning a payload (200), the resolver SHOULD include:

If redirecting (307), the resolver MUST include:

Resolvers SHOULD default to conservative HTTP caching (short TTL).

Important:

Consumers MUST enforce the manifest TTL (expiresAt) for “use”, regardless of HTTP caching.

Errors MUST be deterministic and machine-parseable.

Recommended shape:

{ "error": "not_found", "umid": "..." }

This conformance page does not require: