Platform Portaling and Spatial Computing

Portaling means moving between platforms or environments with your identity, permissions, and context intact. When you cross a boundary, the receiving platform needs to know who you are and what you are authorized to do, without making you re-prove everything from scratch.

Today this is an unsolved problem. Every platform transition is a cold start: new account, new credentials, new consent flows. In spatial computing, the problem is worse. A person wearing AR glasses walking through a city might cross service boundaries every ten steps. A retail district, a transit hub, a concert venue, each operated by a different provider. If every crossing requires re-authentication and re-consenting, the spatial internet is unusable at walking speed.

How UM enables portaling

The manifest travels with you. Your spatial computing client caches your manifest once, at session start, signed and ready to present. At each portal boundary, the evaluation sequence runs: the new platform receives your manifest, verifies its cryptographic signature, applies selective disclosure (you control what each receiver sees), checks consent positions, and writes a receipt. The process is the same whether the boundary is between two social platforms, two spatial computing environments, or a physical location and a digital one.

What travels in the manifest depends on what the destination needs. A retail fabric gets your persona and your consent positions for location sharing and hand tracking. An age-restricted venue gets a zero-knowledge proof that you are old enough to enter, with no name, no birthdate, no government ID attached. An accessibility-aware fabric gets your input modality preferences, your captioning settings, and your sensory load limits, so it can configure itself before you arrive. Each receiver gets a scoped projection of your manifest. You do not hand over everything to everyone.

Connection to the spatial computing ecosystem

Spatial computing browser architectures describe a layered model where users connect to spatial fabrics (server-side environments that define 3D coordinate spaces) through a service protocol. The browser caches credentials locally and presents them to services automatically as the user moves through the world. The architecture calls for portable credentials, but it has not standardized the format those credentials should take.

Universal Manifest is designed to serve as that format. A signed JSON-LD envelope carrying identity, consents, and verifiable credentials fits directly into the credential slot that spatial computing browsers describe. When the browser encounters a new spatial fabric and needs to present the user’s identity, the manifest is what it presents.

Three specific problems in the spatial computing stack map to UM’s existing capabilities:

Identity at service boundaries. Spatial fabrics need to know who is entering, what entity type they are (human, AI agent, or NPC), and what their content rating is. The manifest’s persona facet carries all three, cryptographically signed by the identity service provider. A fabric verifies the signature, reads the entity type, and grants or denies presence. No account creation. No login form.

Sensor consent gating. AR and VR devices expose sensitive sensor data: eye tracking, hand tracking, room geometry, camera passthrough. The manifest carries consent positions for each sensor category. When a spatial fabric’s service requests access to eye tracking data and the manifest says “denied,” the fabric enforces it. The consent is structural, declared once in the manifest and applied at every service boundary, not a pop-up dialog repeated at every transition.

Avatar portability. A person’s avatar is time investment. Parametric avatar definitions (body shape, skeleton reference, accessories, content rating) can travel as a compact facet inside the manifest, under 2 KB. When the destination fabric receives the manifest, it reads the parametric data and renders the avatar locally. No re-upload. No format conversion. If the avatar’s content rating does not match the fabric’s policy, the fabric substitutes a default.

Beyond user-facing portaling, UM addresses infrastructure-level trust in the spatial computing stack. WASM modules that run in the browser’s sandbox can carry content trust manifests: a signed attestation linking the code’s hash to a verified publisher identity, with a revocation endpoint the browser checks before execution. Services that need to communicate across sandbox boundaries (a safety monitor signaling a navigation router to reroute pedestrians) can use inter-service authorization facets that declare which message types are permitted between which services, signed by the fabric operator.

The portal transport layer

Portaling between spatial fabrics requires a transport protocol that moves the user from one fabric to another. Standards like the Inter-World Portaling Standard (IWPS) are designed to handle the spatial mechanics of that transition: coordinate mapping, scene loading, connection handoff.

UM does not replace the portal transport. It sits alongside it. IWPS (or a similar protocol) handles where the user goes and how the visual transition renders. UM handles who the user is and what they have consented to. The transport layer moves the body. The manifest moves the identity.

This separation matters because identity and consent rules do not change based on which transport protocol carried you there. Whether the portal transition uses IWPS, a direct RMAP connection, or a future protocol that does not exist yet, the destination fabric still needs a signed credential envelope to verify against. The manifest is designed to be that envelope.

Try it in the sandbox

The UM sandbox includes two scenarios that walk through spatial computing portaling step by step:

• IL-03: Cross-World Identity shows how a manifest is presented, validated, and projected when a user portals into a destination world. Consent positions are checked per-feature, and the cross-world profile is extracted.
• IL-04: Spatial Fabric Anchoring shows how a fabric node validates spatial anchors, checks attachment freshness, and enforces session context safety.

Both scenarios run in the browser against real manifest fixtures.

See the full use cases for more scenarios where manifests cross boundaries. Read how the evaluation sequence works. See the standards UM composes with.