Credentials

Each TAPIR Edge node has:

• a unique X.509 client certificate used for mTLS
• a unique keypair used for signing events

Algorithms

• NIST P-256/SHA-256 or Ed25519/Ed448

Events

Events are submitted as JSON via MQTTv5 over mTLS.

Events submitted by the TAPIR Minimiser are sent as JWS signed by the node's signing key.

Aggregates

Aggregates are submitted to the Aggregate Receiver via a RESTful API over HTTPS with mTLS.

HTTP Message Signatures (RFC 9421) are used to ensure content integrity. Signatures are created using the node's signing key.