DiME, the open and trust-based data format building secure Application-based Public-Key Infrastructures (APKIs) in a breeze.

The DiME tag item is specifically used to linking external items for the use of proving different application-specific aspects. These aspects may be proof of verification or processing.

Since much of the time DiME envelopes and items are signed and thus protected from modification it is problematic to simply prove processing of those items. This is what the Tag item is used for.

An entity may create a Tag, add links to other items and sign the Tag item. Then it would be possible to add the Tag item to an unsigned envelope containing those other integrity protected items.

The following is an example of a DiME tag item:


The header of a DiME tag item is always 'TAG' as seen in the above example following the colon (':') after the envelope header ('Di').


A DiME tag item consists of several components. Each component is separated by a dot (‘.’), which is referred to as a component separator.

The following components make up a data item:

  • Header - always 'TAG'

  • Claims - required

  • Signature - required


Claims are information or data related to the tag item. For tag items the linked items ('lnk') is specifically used, and required.

Example of a decoded claims component:

    "iss": "ef4d5bf0-f9ed-43e9-ba7d-00cd410c2f2c",
    "lnk": "MSG.a316c267-db51-4271-9ca4-6827030c9dfa.3996ea599990be606a900be814d8af886328500e4edaa27fd3856b67283d5a54:KEY.a09c33d9-cba9-40a7-810f-06f93a1baa3a.2e2c03b2bfa28db637f151b2e3d585ac15d53d0d3fabca30c8353939f0504b2e:ID.cfd81ef9-2117-44a2-b01a-d52951dec7e1.27b49df5146fe107befde57ff678820dec76ad42a1718fb583823e06102768f2",
    "uid": "e7ce1005-a897-4cb1-9557-59865cca0aa0"

As any other DiME items, Tag may use many different claims. For general information about claims refer to Claims.

Linked items

The linked items ('lnk') claim is used to hold links to other DiME items. These links are used to direclty associate this item with those items, where it is later possible to verify the integrity. This makes it possible to prove the handling of those linked items.

For format and encoding information refer to Item links.


The final component in a tag item is always the signature. Any tag item that is missing a signature component must always be discarded. The tag item must also be discarded if the signature verification fails.

For additional details around the format of signature see Signature encoding.

Last updated