The OMI spec is under heavy development, and every piece of it is subject to change. We are documenting the core primitives for sovereign application lifecycles. Join us in defining the v1.0 draft.
Documentation
The OMI Lifecycle & Orchestration Protocol
Registry Migration (The Sovereignty Exit)

Registry Migration (The Sovereignty Exit)

Objective

Migrating application’s identity, public keys, and service bindings from one App Registry to another, ensuring zero vendor lock-in and total data sovereignty.

Prerequisites

  • Access to the Master Private Key (to authorize the transfer).
  • A backup or export of current Service Bindings from the source Registry.
  • A target (new) App Registry URL.

The Protocol Workflow

  1. State Export: The developer retrieves the current state of their AppID from the source Registry. This includes the list of active Domain Services, their endpoints, and public keys.
  2. Target Initialization: The developer initiates a “Migration Import” on the new App Registry.
  3. The Migration Payload: The developer sends a signed payload to the new Registry. This payload acts as a “Proof of Continuity,” carrying the old state into the new environment.
    provisional payload
    {
  "version": "1.0",
  "data": {
    "app_id": "org.omiappreg.alice.business_app.7f8a9d",
    "previous_registry": "omiappreg.org",
    "migration_timestamp": 1705412600,
    "nonce": "m9n2b5v4",
    "context": "registry_migration",
    "active_bindings": [
      {
        "service_id": "cms-article-instance-77",
        "service_type": "CMS",
        "public_key": "PUB_KEY_SERVICE_ABC...",
        "endpoint_url": "https://article.cms.io/api/v1"
      }
    ],
    "master_public_key": "m2bi0ja8bgkq9ki...",
    "guardian_public_keys": ["g9v2n8x3p1l0q..."]
  },
  "signature": "e5f6a7b8c9d0..." 
}
  4. Identity Verification: The new App Registry verifies the signature. Since the developer’s identity is tied to the Master Public Key and not the Registry’s database, the new provider can cryptographically prove that the person migrating the app is the rightful owner.
  5. DNS/Namespace Update: The developer updates their namespace resolution (if applicable) or notifies their Domain Services of the new “Source of Truth” URL.

The “Redirection” Phase

Once the new Registry is active, existing Domain Services must be updated to look at the new Registry for Operational Discovery.

ComponentAction
Domain ServicesUpdate the registry_url in their configuration or environment variable update.
Auth ProviderRe-verify its binding with the new Registry to ensure user tokens remain valid.
Old Registry(Optional) The developer sends a delete request to the old Registry to purge the stale data.
Sovereignty Note: Because the OMI protocol uses cryptographic identity, the Registry is merely a “bulletin board.” Moving your app is as simple as taking your keys and your list of services to a new board.
Identity Recovery & Guardian KeysGlobal Configuration Updates (Backbone Re-wiring)