Universal Manifest

What this is

Your phone and a hotel door handshake silently. The door learns you are a guest. It never sees your passport, your home address, or your credit card number. You walk in.

That handshake already happened with your bank this morning. It got enough to approve a loan. The bouncer last night got that you are over 21. The new clinic downtown got your allergies and your insurance, not your full medical record. Each one got a different version of you, because each relationship is different. You set the rules once. The rules travel with you.

Universal Manifest is an open specification for that handshake. A portable, signed envelope of context that any compatible system can read, verify, and act on. The web has TCP/IP for packets, HTTPS for encrypted traffic, DNS for names. It never had a layer for permissions between things that meet. This is that layer.

What a manifest contains

  • Subject. Who or what the manifest is about (a person, device, organization, or agent).
  • Facets. The claims, credentials, and context the subject carries. Each evaluator sees only the facets the issuer selected for that interaction (selective disclosure).
  • Consent records. Per-facet rules governing scope, purpose, and expiry. Consent travels with the data.
  • Sealed entries. Encrypted facets that travel with the manifest but remain unreadable to evaluators without the decryption key. They are never silently dropped.
  • Proof. A cryptographic signature binding everything together. An evaluator can verify that the manifest is authentic, current, and unrevoked.

Each evaluator runs the same six-stage evaluation sequence on the manifest it receives, and every exchange produces a structured receipt of what actually happened. See how it works.

Use cases Spec

Where it matters

Eighteen scenarios. One protocol.

Autonomous robots and vehicles exchanging credentials in a modern logistics hub.

Spatial Computing

You are wearing AR glasses walking through a city. Every ten steps you encounter a different spatial experience: a retail storefront, a transit hub, a concert venue, each operated by a different provider on a different spatial fabric. Your manifest sets your rules once. At each transition, the destination fabric receives your manifest, verifies your credentials, applies your consent rules, and grants presence. Seven scenarios show how identity, consent, and context travel with you through the spatial internet.

Read the scenario
Smart-glasses POV: silent consent on the street.

Smart Glasses & Wearable Social Consent

Someone with smart glasses passes you on the street. Their glasses are recording. A silent handshake happens: your manifest tells their device you do not consent to facial recognition, do not consent to social-media-bound video, and do not share your name with strangers. The recording continues without your face. You never had to know it happened.

Read the scenario
A new device joining a household network.

Smart Home

You unbox a new smart speaker, plug it in, and the house greets it. The speaker reads your household's manifest, inherits the privacy rules, learns the automation preferences, and registers itself. No app. No vendor account. No twenty-minute setup wizard. When guests arrive, they get guest-level access and nothing more.

Read the scenario
EMT reading the manifest of someone unconscious.

Healthcare & Emergency Handoff

You collapse on the street. The EMT's phone reads the manifest on yours: allergies, medications, emergency contact, advance consent for first responders. By the time you reach the ER, the hospital already knows what is safe to give you. No clipboard. No next-of-kin questions while seconds matter.

Read the scenario
A receipt of what was checked, accepted, refused.

Auditable Handshakes

Every handshake leaves a structured receipt: what was checked, what was not, what was accepted, refused, or treated as opaque. Trust stops being faith-based.

Read the scenario
A door opening as you approach. No badge, no app.

Permissions and Handshaking

Set your rules once, in language that means something to you. When you cross paths with anyone or anything, your manifest and theirs trade permissions silently. No forms, no twentieth "accept all."

Read the scenario
A diploma, a license, and certifications fanning out across borders, each signed at the source.

Education/Career Credentials

Your degree, your certifications, the courses you took on your own, all verified at the source, in seconds. The hiring loop compresses from weeks to minutes, and the online class you took finally counts.

Read the scenario
One person, three profile cards: the professional, the artist, the parent.

Social Identity Portability

Your profile, your posts, your audience, your decade of work on a platform. Today the platform owns all of it. When it changes its rules or shuts down, you start from zero. With a manifest, each surface gets a different projection of the same underlying you. When a platform disappears, your audience does not.

Read the scenario
A driver, a seller, a host carrying signed star ratings between platforms.

Reputation Portability

Your five-star rating, your decade as a top seller, your verified-reviewer status. They travel with you when you switch platforms. Your livelihood stops being held hostage by a single app's algorithm.

Read the scenario
Two assistants meeting at a quiet seam, each carrying a signed delegation card.

Agent-to-Agent Transactions

Your AI agent needs to book a flight, negotiate a refund, transact with a stranger's agent. Today it is locked into one provider or has to learn each counterparty's API by hand. With a manifest, both agents handshake first: who they represent, what authority they carry, what consent applies, what the dispute path is. Then they transact.

Read the scenario
An agent flashing its provenance chain before it speaks for you.

Agent Provenance

An agent shows up in your inbox claiming to act for your bank. Another DMs you saying it's the airline's support bot. The chain has to verify back to a real, accountable party, or you don't take its word for it.

Read the scenario
Two phones agreeing on context before a payment crosses any rail.

Peer-to-Peer Payments

You owe your friend forty dollars for dinner. They're on a different app, a different bank, a different country. Paying a person becomes paying a person again. The rail underneath fades back to a detail.

Read the scenario
Proof of being one real person, without a name attached.

Proof of Personhood

One real person, anonymously verifiable. The open internet survives the bot apocalypse without anyone learning your name or your face.

Read the scenario
A bouncer reading exactly the answer to one question. Nothing else.

Verifying Someone

You're the one checking. The wallet hands you the answer to your one question (over 21? insured? cleared?) and nothing you didn't ask for.

Read the scenario
Apps that stop pretending they are each other's strangers.

Cross-Platform Interop

No more "we don't support that." No more re-entering the same details. The next service reads what's relevant, only what's relevant, and goes.

Read the scenario
A character, loadout and friends list crossing into a new world.

Platform Portaling

You spent a year building a character. Leveled up, earned the gear, built a reputation across communities. The next title drops and today you start over. Same name if you are lucky. New friends list. New loadout you have to repurchase. Your avatar (the one you spent months customizing or bought from your preferred provider) does not exist in the new world. Your payment method is locked to the old publisher. Your consent choices reset to whatever the new platform defaults to. The version of you that one experience sees is not the version another experience should see, but today that distinction does not exist: every platform gets everything or nothing. In spatial computing, every transition between experiences is a portal. Your manifest arrives first.

Read the scenario
Use cases

How it works

Two manifests meet. Both decide.

When two things meet, their manifests evaluate each other independently and in parallel. Each side decides what it accepts, what it rejects, and what falls outside its scope. The handshake is two-way. Asymmetric outcomes are normal. And every exchange produces a structured receipt of what actually happened, so trust is verifiable, not faith-based.

For builders

An open spec, not a platform.

Universal Manifest is an open spec, not a platform. It composes with existing standards rather than replacing them. If you already work with verifiable credentials, decentralized identifiers, or privacy-preserving encryption, UM carries and references that work inside a portable envelope with a defined evaluation contract.

The spec is the technical reference for implementers. The Standards Registry shows how UM composes with DID, VC, OID4VP, HPKE, and mDL.

AppsEverything you useBrowsers, wallets, agents, devices
PermissionsUniversal ManifestPortable, signed self ยท two-way handshake
NamesDNSResolves who is who
TrafficHTTPS / TLSSecures the conversation
PacketsTCP / IPMoves the bytes

What comes next

Universal Manifest has a roadmap from early adoption through production-candidate to standards-body publication.

Roadmap

Two doors from here.

The first walks you through sixteen everyday rooms where the silent handshake is already showing up. The second hands the spec to anyone who would rather read the specification than the brochure.

Use cases Spec