Specification / Conformance

Conformance Levels

Three progressive layers of identity maturity. Each builds on the previous, like geological strata -- deeper foundations support stronger guarantees.

L0Minimum viable identity

Basic Identity

The foundation layer. An entity has a valid DID document with at least one verification method. Sufficient for self-signed assertions and basic discoverability. No lineage chain required -- the identity is self-contained but cannot prove its origin.

Requirements
01
Valid did:oas URI

The DID must conform to the ABNF grammar with valid namespace, kind, and identifier.

02
Ed25519 verification method

At least one Ed25519VerificationKey2020 must be present in the DID document.

03
DID document resolves

The document must be retrievable and its signature must validate.

04
Correct entity kind

The kind field must be one of the 11 defined entity types.

Capabilities Unlocked
Self-signed assertions
Basic discoverability
Offline verification
Namespace registration
builds upon
L1Full accountability chain

Verifiable Lineage

Builds on L0 by requiring a cryptographic lineage proof linking the entity to a human root. AgentLineageProof2025 uses HKDF-SHA256 to derive child keys from parent keys, creating an immutable chain of accountability.

Requirements
01
All L0 requirements

L1 is a strict superset of L0.

02
AgentLineageProof2025

A signed proof binding the entity's key to its parent's key via HKDF-SHA256.

03
HKDF-SHA256 key derivation

Child keys must be cryptographically derived from parent keys.

04
Lineage chain resolves

Every link must resolve and verify up to the human root.

05
Parent DID exists

The creator DID in the lineage proof must be resolvable and non-deactivated.

Capabilities Unlocked
Human accountability
Trust scoring by depth
Cross-org verification
Delegation proofs
Revocation cascading
builds upon
L2Enterprise-grade identity

Full Attestation

The highest conformance level. Adds W3C Verifiable Credentials and trust attestations from OATS. Entities carry third-party attestations about capabilities, compliance, and behavioral history. Machine-readable trust decisions.

Requirements
01
All L1 requirements

L2 is a strict superset of L1.

02
W3C Verifiable Credential

At least one VC issued by a recognized issuer.

03
Trust score (OATS)

A computed trust score based on behavioral history and attestations.

04
Service endpoint declarations

DID document must declare service endpoints.

05
Capability attestation

Formal capability declaration signed by an authoritative issuer.

06
Compliance metadata

Machine-readable compliance markers (GDPR, SOC 2, etc.).

Capabilities Unlocked
Third-party attestations
Machine-readable compliance
Automated trust decisions
Enterprise federation
Insurance frameworks
Regulatory proof

At a Glance

PropertyL0L1L2
DID DocumentRequiredRequiredRequired
Ed25519 KeyRequiredRequiredRequired
Lineage ProofRequiredRequired
W3C VCRequired
Trust ScoreRequired
Service EndpointsOptionalOptionalRequired
Offline VerifyYesYesYes