The "⚮" URI Scheme for Biometric-First Communication

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶

This Internet-Draft will expire on 20 December 2026.¶

Copyright Notice

Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶

Table of Contents

1. Introduction

The Biometric-First Communication Protocol (BCCCOP) is a privacy-first, zero-trust protocol for peer-to-peer data exchange. It operates across three physical rails: a personal application rail (BPa), an ambient sensor rail (BPb), and a cross-device projection rail (BPc).¶

All resources in BCCCOP are addressed through "closed atoms" — identifiers delimited by the Unicode character U+26AE (⚮). These atoms form the basis of a novel URI scheme that this document registers per the procedures defined in [RFC7595].¶

The scheme character U+26AE (⚮) was selected for its visual distinctiveness, its availability in the Unicode Basic Multilingual Plane, and its conceptual resonance with the protocol's separation-of-concerns architecture: each ⚮-delimited atom represents a sovereign, independently addressable resource.¶

2. URI Scheme Syntax

The ⚮ URI scheme supports two formats, both of which normalize to a common canonical Abstract Syntax Tree (AST).¶

⚮atom⚮;key=val;key=val#fragment
⚮://secure.trusted/note/BPa.03.01.01/meeting-notes#section-3

⚮:@authority!operation(arg)(arg)?key=val#fragment
⚮:@alice!stream(content=hello)?security=crypto

; BCCCOP URI — Unified Grammar
; Supports Format A (hierarchical) and Format B (command)

BCCOP-URI     = format-a / format-b

format-a      = "⚮" atom-id "⚮" [ ";" param *( ";" param ) ] [ "#" fragment ]
format-b      = "⚮" [":" authority] "!" operation [ "(" arg *( ")" "(" arg ) ")" ]
                 [ "?" query ] [ "#" fragment ]

atom-id       = 1*( ALPHA / DIGIT / "#" / "-" / "_" / "." )
authority     = "@" 1*( ALPHA / DIGIT / "-" / "_" )
operation     = ALPHA *( ALPHA / DIGIT / "-" / "_" )
arg           = *( ALPHA / DIGIT / "-" / "_" / "=" / "." )
param         = key "=" value
key           = ALPHA *( ALPHA / DIGIT / "-" / "_" )
value         = *( ALPHA / DIGIT / "-" / "_" / "." / ":" )
query         = param *( "&" / ";" param )
fragment      = *( ALPHA / DIGIT / "-" / "_" / "." )

3. Scheme Semantics

The ⚮ URI scheme operates within the BCCCOP protocol stack. URIs resolve to one of 261 Atomic Type Inventory (ATI) elements across 38 families, classified into three tiers:¶

TIER_0 (System-only):

Biometric, Trojan, Gibber-Link, Break-Glass, Consent, Witness. These atoms cannot be authored from the no-code user interface. Emission requires biometric re-authentication and generates an audit frame.¶

TIER_1 (User flows):

Action, Resource, Sharing, Topology. These atoms form the standard user-facing command surface.¶

TIER_2 (Shell):

Tag, Hash, Unit, Country, Language. Top-level navigation and internationalization atoms.¶

The canonical ATI catalog (261 atoms, 38 families) is published at https://github.com/DrmedPatrickSchur/bubblepress/blob/main/assets/0%20ATI_canonical.csv and carries a BLAKE3 content hash pinned in the screen manifest.¶

4. Encoding and Transport

BCCCOP URIs are transmitted over three physical carriers, selected by the atom's tier classification:¶

• Ultrasonic (Gibber-Link™): 4-FSK modulation at 18.0/19.0/20.0/21.0 kHz, 100 symbols/s, 200 bps. Used for zero-trust device pairing and TIER_0 pre-verification handshakes.¶
• Bluetooth Low Energy (BLE 5.3): GATT service with BCCCOP-specific characteristics. Used for TIER_0 data exchange with hardware attestation.¶
• Wi-Fi Direct / QUIC: Sustained projection streams for TIER_1 and TIER_2 content delivery.¶

TIER_0 atoms are restricted to BLE and Wi-Fi Direct carriers; they MUST NOT be transmitted over ultrasonic (to prevent eavesdropping on biometric data). All other tiers may use any available carrier.¶

5. Operations

The Trojan Window lifecycle drives Format B command execution through a 9-state finite state machine:¶

Idle → Discovered → PreVerified → Authorized → CoAuth → Live
                                                          ↕
                                          Suspended ← Live → Revoked → Wiped

Each state transition requires one or more of: biometric re-authentication (Face + Voice cascade per [RFC9106]), stewardness accordance check, Gibber-Link X25519 3-party key exchange, or memory-wipe attestation (BLAKE3 proof).¶

6. IANA Considerations

This document requests the registration of the "⚮" URI scheme in the "Uniform Resource Identifier (URI) Schemes" registry, per the procedures of [RFC7595].¶

7. Security Considerations

The ⚮ URI scheme is designed for biometric-first, zero-trust environments. The following security properties apply:¶

1. Biometric Anchoring: All TIER_0 atom emission requires a fused biometric cascade (Face + Voice + optional Fingerprint). The cascade produces a BLAKE3 hash that anchors iBubbleTag identifiers. Fresh biometric re-authentication is required for every TIER_0 operation per [RFC9106].¶
2. Consent Vault: Cross-device operations (Format B) require a consent record in the Argon2id-encrypted consent vault. Consent is per-purpose, per-recipient, and instantly revocable.¶
3. Transport Security: TIER_0 data is encrypted with AES-256-GCM (12-byte randomized nonce, 16-byte authentication tag) per [RFC5116]. Transport-layer encryption uses QUIC ([RFC9000]) with TLS 1.3 ([RFC8446]).¶
4. Carrier Restriction: TIER_0 atoms are restricted to BLE and Wi-Fi Direct carriers. The ultrasonic Gibber-Link channel (4-FSK, 18-21 kHz) is used only for non-sensitive pre-verification handshakes, never for biometric or consent data.¶
5. Memory Wipe Attestation: The terminal Wiped state of the Trojan Window FSM produces a BLAKE3 attestation proof that the session memory was zero-filled. No sensitive data persists beyond session teardown.¶
6. Audit Trail: Every TIER_0 operation emits a cryptographically signed SES (Screen Element Streaming) audit frame anchored to the Hedera Hashgraph consensus service.¶

Implementors SHOULD consult the BCCCOP RFC Conformance Audit (0RFC/OUTPUTclaude/BCCCOP_RFC_CONFORMANCE_AUDIT.md) for a detailed analysis of compliance with referenced IETF standards.¶

8. Interoperability Considerations

The ⚮ URI scheme is consumed by a 41-crate Rust implementation (BCCCOP PoC BUILD, v0.1.0-lockin, 4759 passing tests). The canonical ATI catalog of 261 atoms is published as a CSV file with a BLAKE3 content hash pinned in the screen manifest, enabling independent implementations to validate their atom registry against the reference implementation.¶

Implementations MUST support the complete ABNF grammar defined in Section 2.3. Format B parsers MUST correctly handle the ⚮:@authority!operation(arg) pattern with URI query and fragment components.¶

Author's Address