{
  "production": {
    "symmetric": {
      "aes": {
        "key-length": [
          {
            /* client can interpret as: We show a green tick if user chooses "AES 192", yellow question mark if "AES 128", red cross otherwise */
            /* anything less will score "unacceptable" */
            "predicate": "min",
            "levels": [
              {
                "level": 2,
                "value": 128
              },
              {
                "level": 3,
                "value": 192
              }
            ]
          }
        ]
      },

      /* client can interpret as: We don't generate anything with SM4 */
      "sm4": 0
    },

    "asymmetric": {
      "rsa": {
        /* different filtering parameters available to algorithms */
        "keysize": [
          {
            /* client can interpret as: We don't provide options to generate RSA keys with < 1024 bits, and we show a green tick if >= 2048 bits */
            "predicate": "min",
            "levels": [
              {
                "value": 1024,
                "level": 1
              },
              {
                "value": 2048,
                "level": 3
              }
            ]
          }
        ]
      }
    },

    "hash": {
      /* specifying a level as an attribute */
      /* client can interpret as: Anything with md5 is a yellow question mark */
      "md5": {
        "level": 2,
      }

      /* client can interpret as: Anything with ripemd-160 is a green tick */
      "ripemd-160": 3,

      "sha-1": {
        "valid": [
          {
          /* sha-1 is considered level 2 until 20220101 */
          /* TODO: expand on the date time value --- take into account timezones? local time? */
            "predicate": "until",
            "levels": [
              {
                "level": 2,
                "value": "20220101"
              }
            ]
          },
          /* sha-1 is considered level 1 (e.g. insecure) since 20220101 */
          {
            "predicate": "from",
            "levels": [
              {
                "level": 1,
                "value": "20220101"
              }
            ]
          }
        ]
      }
    }
  },
  "consumption": {
    "symmetric": {
      "aes": {
        "key-length": [
          {
            /* anything less will score "unacceptable" */
            "predicate": "min",
            "levels": [
              {
                "level": 2,
                "value": 128
              },
              {
                "level": 3,
                "value": 192
              }
            ]
          }
        ]
      },

      "sm4": 0
    },

    "asymmetric": {
      "rsa": {
        "keysize": [
          {
            "predicate": "min",
            "levels": [
              {
                "value": 1024,
                "level": 1
              },
              {
                "value": 2048,
                "level": 3
              }
            ]
          }
        ]
      }
    },

    "hash": {
      "md5": {
        "level": 2,
      }

      "ripemd-160": 3,

      "sha-1": {
        "valid": [
          {
          /* client can interpret as: The signature, if made with sha-1 on or before (or just before? TODO) 20220101, is considered level 2 */
            "predicate": "until",
            "levels": [
              {
                "level": 2,
                "value": "20220101"
              }
            ]
          },
          /* client can interpret as: The signature, if made with sha-1 on or after (or just after? TODO) 20220101, is considered level 1, or "insecure", or "red cross", etc. */
          {
            "predicate": "from",
            "levels": [
              {
                "level": 1,
                "value": "20220101"
              }
            ]
          }
        ]
      }
    }
  }
}