ZcapLd.Core
0.2.0
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet add package ZcapLd.Core --version 0.2.0
NuGet\Install-Package ZcapLd.Core -Version 0.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="ZcapLd.Core" Version="0.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="ZcapLd.Core" Version="0.2.0" />
<PackageReference Include="ZcapLd.Core" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add ZcapLd.Core --version 0.2.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: ZcapLd.Core, 0.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package ZcapLd.Core@0.2.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=ZcapLd.Core&version=0.2.0
#tool nuget:?package=ZcapLd.Core&version=0.2.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
ZcapLd.Core
ZcapLd.Core is a .NET implementation of the W3C ZCAP-LD model for capability-based authorization.
Install
dotnet add package ZcapLd.Core
What It Provides
- Root capability creation (
urn:zcap:root:*) - Delegated capability creation with attenuation
- Invocation signing and verification
- Delegation chain verification
- Caveat support (expiration and usage count)
- Revocation service abstractions with pluggable storage (
IRevocationStore) - Pluggable crypto suites (Ed25519 and P-256 included, additional curves extensible)
- Dynamic JSON-LD context URLs per crypto suite
- Multibase signature encoding
Quick Example
using ZcapLd.Core.Cryptography;
using ZcapLd.Core.Models;
using ZcapLd.Core.Services;
// Wire up services — in production, replace InMemoryDidProvider with your
// IDidSigner (HSM/Key Vault) and IDidResolver implementations.
var didProvider = new InMemoryDidProvider(); // test helper: IDidSigner + IDidResolver
var signingService = new SigningService(didProvider, didProvider);
var capabilityService = new CapabilityService(signingService);
var caveatProcessor = new CaveatProcessor();
var verificationService = new VerificationService(didProvider, caveatProcessor);
var rootDid = "did:key:z6MkRoot";
var leafDid = "did:key:z6MkLeaf";
didProvider.GenerateAndRegisterKeyPair(rootDid);
didProvider.GenerateAndRegisterKeyPair(leafDid);
// Root capabilities only define root authority metadata.
var root = await capabilityService.CreateRootCapabilityAsync(
rootDid,
"https://api.example.com/documents",
new[] { "read", "write" });
// Restrictions (actions, caveats, expiry) are enforced on delegated capabilities.
var delegated = await capabilityService.DelegateCapabilityAsync(
root,
leafDid,
new[] { "read" },
DateTime.UtcNow.AddDays(7),
new Caveat[]
{
new ExpirationCaveat { Expires = DateTime.UtcNow.AddDays(3) }
});
var invocation = new Invocation
{
Capability = delegated.Id,
CapabilityAction = "read",
InvocationTarget = "https://api.example.com/documents/abc"
};
invocation.Proof = await signingService.SignInvocationAsync(invocation, leafDid);
var isValid = await verificationService.VerifyInvocationAsync(invocation, delegated);
Revocation Backend Plug-In
ZcapLd.Core provides:
IRevocationStorefor storage providersIRevocationServicefor revocation workflow orchestrationInMemoryRevocationStoreas the default implementation
Exposing Revocation Without ASP.NET
ZcapLd.Core is transport-agnostic. You can expose revocation through:
- gRPC APIs
- message consumers
- worker services
- CLI/admin operations
In all cases, call IRevocationService from your transport/application layer.
Persistence Strategies
Use IRevocationStore to plug in your persistence model:
- In-memory (
InMemoryRevocationStore) for local development - SQL/NoSQL-backed custom stores
- Smart-contract/oracle-backed stores
- Hybrid cache + durable stores
Notes
- This package is designed for in-process usage.
- No default
IDidSignerships in the core package — consumers must provide their own (HSM/KMS/Key Vault). - The
ICryptoSuiteabstraction supports pluggable algorithms; Ed25519 and P-256 are registered by default. - Data integrity processing currently uses deterministic JSON canonicalization rather than full RDF Dataset Canonicalization.
Documentation
- Repository: https://github.com/moisesja/zcap-dotnet
- Architecture:
architecture.md - Revocation Guide:
docs/REVOCATION-INTEGRATION.md - Contributing:
CONTRIBUTING.md
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net10.0
- NSec.Cryptography (>= 25.4.0)
- SimpleBase (>= 4.0.0)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on ZcapLd.Core:
| Package | Downloads |
|---|---|
|
ZcapLd.AspNetCore
ASP.NET Core endpoint adapter for ZCAP-LD revocation workflows with pluggable revocation storage backends. |
GitHub repositories
This package is not used by any popular GitHub repositories.