--- title: "XION: XI Object Notation" description: " " url: https://instituteofprovenance.org/docs/xion-specification source: Institute of Provenance --- # XION: XI Object Notation XION (XI Object Notation) is the patent-pending content format that embeds a cryptographic trust block directly in a digital artifact. The trust block carries everything needed to verify the artifact: the content hash, the digital signature, the signer's public key identifier, and the full certificate chain back to the Institute of Provenance Root CA. ## Core Concept Traditional content authentication relies on external databases, sidecar files, or third-party verification services. XION inverts this model: the proof travels with the content. A XION artifact can be verified on an air-gapped machine with no network access. When content is signed with XION, a trust block is embedded directly in the document. Not a sidecar file. Not an external database. The proof is part of the artifact. ## Trust Block The trust block is a JSON structure embedded in the artifact that contains: | Field | Type | Description | |-------|------|-------------| | `v` | integer | Schema version (currently `1`) | | `sig_alg` | string | Signature algorithm identifier (`"ed25519"`) | | `hash_blake3_hex` | string | BLAKE3 hash of the canonicalized content, hex-encoded | | `sig_b64` | string | Ed25519 signature over the content hash, base64-encoded | | `key_id` | string | Identifier of the signing public key (first 8 bytes of SHA-256 of the public key, base64url-encoded) | | `x509_chain_pem` | string[] | Full X.509 certificate chain in PEM format, ordered leaf-first | | `created_at` | string | ISO 8601 timestamp of signing | See [Trust Block Schema](/docs/trust-block-schema) for the complete field specification and validation rules. ## Signing Process 1. **Canonicalize** the content using the XION canonicalization algorithm (see [Canonicalization](/docs/canonicalization)) 2. **Hash** the canonicalized content with BLAKE3, producing a 256-bit digest 3. **Sign** the hash with the signer's Ed25519 private key 4. **Assemble** the trust block with the hash, signature, key identifier, certificate chain, and timestamp 5. **Embed** the trust block in the artifact ## Content Types XION signing is format-agnostic. The canonicalization step normalizes content before hashing, so the same logical content produces the same hash regardless of serialization differences. Currently supported content types include: - **Text documents** — Markdown, plain text, structured documents - **Images** — JPEG, PNG, WebP, TIFF (binary content hashed directly) - **Structured data** — JSON, XML (canonicalized before hashing) ## Self-Verification A verifier needs only two things to validate a XION artifact: 1. The artifact itself (which contains the trust block) 2. The Institute of Provenance Root CA public key (a well-known constant) The verification process checks signature validity, certificate chain integrity, revocation status, and temporal validity. See [Verification Process](/docs/verification-process) for the complete procedure. ## Embedding Format For text-based formats, the trust block is embedded as a YAML front-matter block or a JSON section depending on the content type. For binary formats (images, video), the trust block is stored in metadata fields appropriate to the format (EXIF, XMP, or as an appended JSON block with a magic-byte delimiter). The embedding location is deterministic for each content type, ensuring that any compliant implementation can locate and extract the trust block without ambiguity.