Standards

Universal Manifest is an open specification for a portable, signed envelope of context that any compatible system can read, verify, and act on. This page explains how it composes with existing standards rather than replacing them. For the full picture, start with the homepage.

UM is a composition layer. It does not replace identity, credential, encryption, or wallet standards. It carries, references, or sits beside material produced by those standards, and defines what happens when an evaluator processes the result. For precise definitions of terms like evaluator, selective disclosure, and sealed entry, see the terms.

Current integrations

Current UM standards integrations.

Each section names the standard, says what it does, shows what a UM manifest carries or references from it, and draws the line at what UM leaves alone.

00 / trust

OmaTrust (OMA3 Trust and Attestation).

Trust attestation and verification for the open ecosystem.

OmaTrust OMA3

What it does

OmaTrust is a decentralized trust and reputation protocol developed by OMA3 that provides machine-verifiable attestations about internet-native services. It defines support attestations (Linked Identifier, Key Binding, Controller Witness) that establish identity relationships, and reputation attestations (User Review, Endorsement, Certification, Security Assessment) that carry trust signals. Each attestation follows a proof-based path, where the evaluator verifies cryptographic proofs, or a trusted-attester path, where the evaluator accepts attestations from allowlisted attesters under local policy. The semantic layer uses JSON Schema Draft 2020-12 and DID-based identifiers. The transport layer uses Ethereum Attestation Service (EAS) on OMAChain.

What UM carries

A manifest can carry OmaTrust attestation signals through claims, facets, and pointers. Claims declare the trust mode, proof type, and attestation status summaries. The omaTrustReputation facet carries a trust posture snapshot including attester list and threshold policy that evaluators compute locally. The omaTrustLifecycle facet records lifecycle state, event history, and freshness policy. Pointers reference on-chain attestation records, the trusted attester directory, and revocation logs. An evaluator can assess trust posture from the manifest alone, then follow pointers for direct cryptographic verification through OmaTrust infrastructure.

What UM leaves alone

Attestation issuance, on-chain storage, cryptographic proof generation and verification, OmaTrust verification protocols, identity registry management, trust scoring and ranking, key lifecycle management, schema governance, and OMA3 governance decisions. UM carries OmaTrust attestations as projections inside the manifest envelope. OmaTrust defines what those attestations mean and how they are verified.

01 / who

DID (Decentralized Identifiers).

Stable, decentralized identifiers that resolve to a DID Document without relying on a central registry.

DID W3C

What it does

DIDs give subjects stable, decentralized identifiers that resolve to a DID Document without relying on a central registry. W3C Recommendation since 2022.

What UM carries

A manifest's subject field can hold a DID (did:key, did:web, did:plc, or any method). The DID identifies who the manifest is about. UM also supports pairwise DIDs in the subject field so the same person can present a different identifier to each evaluator, preventing cross-context tracking.

What UM leaves alone

DID method definitions, resolution protocols, DID Document structure, and key management. UM consumes a DID as an identifier. It does not issue, rotate, or revoke DIDs.

02 / claims

Verifiable Credentials (W3C VC).

Signed claims issued by one party about another, verifiable by any third party.

VC W3C

What it does

VCs are signed claims issued by one party about another, verifiable by any third party. W3C Recommendation, v2.0 published 2025.

What UM carries

A manifest facet can contain a Verifiable Credential or a reference to one. The VC sits inside the manifest as a claim alongside other data (consents, device registrations, pointers). When the evaluator processes the manifest, the UM spec tells it which facets are in scope, which to verify, and what result to record.

What UM leaves alone

Credential issuance, issuer governance, VC signature suites, and the trust frameworks that decide which issuers to accept. UM is the envelope; VCs are one type of payload.

03 / present

OID4VP (OpenID for Verifiable Presentations).

How a verifier requests a credential presentation from a wallet and receives one back, using OAuth 2.0 mechanics.

OID4VP

What it does

OID4VP defines how a verifier requests a credential presentation from a wallet and receives one back, using OAuth 2.0 mechanics. An OpenID Foundation specification.

What UM composes with

UM can define the manifest context that wraps an OID4VP exchange. The manifest declares what the subject is willing to present, under what consent terms, and to what audience. When a wallet responds to an OID4VP request, the manifest's projection rules determine which facets are included in the presentation. The result object records what the evaluator asked for, what it received, and what it verified.

What UM leaves alone

The OID4VP request/response protocol, wallet-to-verifier transport, and OAuth 2.0 mechanics. UM operates at the content and policy layer; OID4VP operates at the presentation transport layer.

04 / encrypt

HPKE (Hybrid Public Key Encryption).

Encrypts a payload to a recipient's public key using a hybrid scheme. IETF RFC 9180.

HPKE RFC 9180

What it does

HPKE encrypts a payload to a recipient's public key using a hybrid scheme (key encapsulation plus symmetric encryption). IETF RFC 9180, published 2022.

What UM uses it for

UM supports encrypted inline facets as an optional privacy path. A manifest can contain facets where the payload is encrypted so that only designated evaluators can read it. The facet name stays visible (so any evaluator knows the facet exists), but the content is opaque ciphertext -- a sealed entry. An evaluator that cannot decrypt the facet records it as "present but unreadable" in the structured receipt. HPKE is one candidate encryption scheme for this path; JWE (JSON Web Encryption) is another.

What UM leaves alone

Key encapsulation algorithms, encryption primitives, key distribution, and key rotation. UM identifies which facets are encrypted and specifies evaluator behavior when a facet cannot be decrypted. The cryptographic operations themselves belong to HPKE (or whichever encryption scheme the deployment profile selects).

05 / cards

ISO mDL (Mobile Driver's Licence).

How a mobile driver's licence is structured, signed, and presented from a device. ISO/IEC 18013-5.

ISO mDL ISO/IEC 18013-5

What it does

ISO 18013-5 defines how a mobile driver's licence is structured, signed, and presented from a device. An ISO/IEC standard.

What UM carries

A manifest facet can hold or reference mDL-derived proof material. The manifest does not replace the mDL; it carries a reference or extracted attestation alongside other context the mDL does not cover (consents, device state, additional claims from other issuers). The evaluator uses the mDL material for the question in scope (age, address, licence class) while the rest of the manifest follows UM projection and result behavior.

What UM leaves alone

Licence issuance, trust lists, mDL presentation protocols, and the ISO certification process. The issuing authority and mDL ecosystem own the credential. UM provides the portable context around it.

06 / proof

W3C Data Integrity.

Attaches cryptographic proofs to structured data at the RDF graph level, using linked-data canonicalization.

W3C-DI

What it does

Data Integrity attaches cryptographic proofs to structured data at the RDF graph level, using linked-data canonicalization. A W3C specification.

What UM supports

UM's signature architecture is designed for multiple coexisting proof profiles. The current v0.2 profile uses JCS (JSON-level canonicalization) plus Ed25519 as the pragmatic first profile. A Data Integrity profile (RDF canonicalization plus linked-data proofs) is a planned additive profile. Deployments that need both can carry UM-native proof material and Data Integrity proof material in the same manifest. Evaluators verify the profiles they support and skip unknown ones safely.

What UM leaves alone

RDF canonicalization (URDNA2015), JSON-LD processing, proof suite definitions, and Data Integrity governance. UM's multi-profile architecture means Data Integrity is additive, not a replacement for the base profile.

08 / spatial

RP1 Spatial Fabric protocols.

Place anchoring, cross-world portability, and proximity-based discovery for the spatial internet.

RP1 Spatial Fabric

What it does

RP1 defines the runtime, discovery, and routing protocols for spatial computing environments. The Spatial Fabric provides place anchoring, cross-world portability, and proximity-based discovery between adjacent spatial experiences.

What UM carries

A manifest facet can carry spatial anchor data, place membership, and session context for an RP1 fabric node. The manifest's consent rules gate cross-world linking and location sharing. When a user transitions between spatial fabrics via IWPS (Inter-World Portaling Standard), the manifest travels through the portal and the destination fabric evaluates credentials, projects consent for the new experience type, and writes a transition receipt.

What UM leaves alone

Spatial fabric routing, WASM service module execution, scene graph rendering, physics, and spatial anchor coordinate systems. UM provides the identity and consent envelope. RP1 defines the spatial runtime.

07 / no

GPC (Global Privacy Control).

A browser-level signal refusing the sale or sharing of personal data, with legal force in some jurisdictions.

GPC

What it does

GPC lets a user send a browser-level signal (via Sec-GPC header or navigator.globalPrivacyControl) refusing the sale or sharing of their personal data, in jurisdictions where the law gives that signal legal force.

What UM composes with

GPC is a binary signal: on or off. UM consent records are granular: per-facet, per-purpose, with scope, expiry, and withdrawal semantics. An evaluator can honor the GPC signal at the request level and still use UM consent records for interaction-specific permissions within the manifest. UM can also carry evidence of a GPC signal as a consent pointer, creating a portable record that the subject's privacy preference was active at the time of the exchange.

What UM leaves alone

The GPC signal mechanism, browser implementation, and the legal regimes that give it force. UM does not replicate or override GPC. It adds a more granular consent layer that can coexist with the binary signal.

UM does not compete with standards. It composes with them. The composition boundary is the same every time: the standard produces the credential, the identifier, the proof, or the transport mechanism. UM carries it, references it, or sits beside it inside a portable envelope. UM defines what happens when an evaluator processes the result: selective disclosure, consent, sealed entries, receipts. The standard's own rules govern everything inside its boundary. This is why the registry can grow to hundreds of entries without UM's spec growing at the same rate. Each new integration adds a composition profile. The core evaluation contract stays the same.

Tier 1 registry additions

Immediate standards ready for registry population.

WO-0285 identified these mature composition targets as ready to list now. Status tags match the source registry index; candidate and mentioned-only entries stay outside the implemented lane until profiles and conformance fixtures are complete.

09 / auth

FIDO2 / WebAuthn / Passkeys.

Hardware-bound and synced credential authentication for stronger subject binding.

Candidate FIDO W3C

What it does

FIDO2, WebAuthn, CTAP, and passkeys let a subject authenticate with public-key credentials rather than reusable passwords. Authenticators can be hardware-bound or platform-synced, and verifier policy decides which attestation signals matter.

What UM carries

A manifest can carry an authentication claim that records the ceremony, authenticator class, attestation result, and freshness. The proof material belongs in claimProof, while the evaluator uses the result as one input to the evaluation contract.

What UM leaves alone

Authenticator protocols, relying-party registration, credential sync, attestation formats, user verification semantics, and passkey platform behavior. UM carries the attested result; FIDO and WebAuthn define the authentication ceremony.

10 / issue

OID4VCI (OpenID for Verifiable Credential Issuance).

Issuer-to-wallet credential issuance that complements OID4VP presentation.

Candidate OpenID

What it does

OID4VCI defines how an issuer offers and delivers verifiable credentials to a wallet using OpenID and OAuth mechanics. It is the issuance-side complement to OID4VP's verifier-to-wallet presentation flow.

What UM carries

Credentials issued through OID4VCI can become UM claims, facets, or pointers. The manifest can preserve issuance context, credential identifiers, scope, and consent posture so an evaluator sees the credential inside a broader portable envelope.

What UM leaves alone

Issuer metadata, credential offer flows, token exchange, wallet credential storage, and issuance authorization. OID4VCI gets the credential into the wallet; UM defines how that credential is composed into an evaluation sequence.

11 / disclose

SD-JWT VC.

Verifiable credentials represented as selectively disclosable JWT credentials.

Candidate IETF VC

What it does

SD-JWT VC profiles verifiable credentials as SD-JWT credentials so holders can disclose selected claims while keeping other claims hidden. It aligns with UM's selective disclosure vocabulary without replacing UM projection rules.

What UM carries

A manifest can carry an SD-JWT VC or a pointer to one in a claim-bearing facet. The corresponding claimProof can reference the disclosure presentation, while UM records which projected claims the evaluator requested and received.

What UM leaves alone

JWT claim construction, issuer signatures, holder binding, disclosure digests, and SD-JWT validation rules. UM uses the credential as proof material and keeps the evaluation contract around it.

12 / learn

Open Badges v3.

Education and achievement badges expressed using verifiable credential patterns.

Candidate 1EdTech Education

What it does

Open Badges v3 defines portable achievement credentials for education, training, and professional recognition. The v3 model aligns badges with verifiable credential exchange and verification patterns.

What UM carries

UM can carry an education facet with badge credentials, issuer references, achievement metadata, and disclosure policy. A subject can present only the badges relevant to an evaluator's purpose and receive a receipt for that evaluation.

What UM leaves alone

Badge criteria, education issuer governance, endorsement semantics, badge image conventions, and platform-specific badge backpacks. Open Badges defines the achievement credential; UM composes it with consent and context.

13 / health

SMART Health Cards.

Clinical credentials that bind health data to verifiable issuer signatures.

Candidate HL7 Health

What it does

SMART Health Cards package selected clinical facts as signed health credentials, commonly using FHIR-derived payloads. They are designed for portable presentation of health status, vaccination, test, and other clinical records.

What UM carries

A healthcare facet can carry a SMART Health Card, a pointer to one, or a summarized claim derived from one. UM adds consent scope, evaluator purpose, expiry, sealed-entry handling, and a receipt around the health credential.

What UM leaves alone

FHIR resource semantics, clinical coding, health issuer trust lists, medical interpretation, and healthcare compliance obligations. UM keeps health-card material inside its own boundary and records how it was evaluated.

14 / status

W3C Bitstring Status List.

Privacy-preserving credential status and revocation checks for verifiable credentials.

Mentioned-only W3C Revocation

What it does

Bitstring Status List gives verifiable credentials a compact status mechanism for revocation, suspension, or other credential states. Verifiers use the credential's status pointer to check current state without learning more than the status position requires.

What UM carries

UM can carry credential status pointers and evaluator results for revocation-aware checks. A receipt can record whether status was checked, whether it passed, and whether the evaluator skipped the check under local policy.

What UM leaves alone

Status list publication, list indexing, issuer update cadence, revocation semantics, and verifier cache policy. UM composes with the status check; it does not become the status-list authority.

15 / trust

OpenID Federation.

JWT-based trust chains for issuers, wallets, verifiers, and federation authorities.

Candidate OpenID Trust

What it does

OpenID Federation defines how participants publish entity statements and build trust chains across authorities. Evaluators can use those chains to decide whether an issuer, wallet, verifier, or attester belongs to an accepted federation.

What UM carries

A manifest can reference federation metadata, issuer trust-chain evidence, or the evaluator policy that accepted a federation. UM can record the trust decision in the evaluation result without hardcoding one global trust root.

What UM leaves alone

Entity statement syntax, trust-chain resolution, federation governance, metadata policy, and authority operations. OpenID Federation supplies the trust fabric; UM records how that trust fabric informed a specific evaluation.

16 / online

ISO 18013-7 (online mDL presentation).

Online presentation for mobile driver's licence credentials.

Candidate ISO mDL

What it does

ISO 18013-7 extends the mDL ecosystem toward online presentation, complementing ISO 18013-5 proximity presentation. It supports remote verifier interactions where a credential is requested and presented over networked flows.

What UM carries

UM can carry an online mDL presentation reference, extracted claim, or proof result alongside other context the licence does not cover. The manifest can bind age, address, or licence-class evidence to consent, purpose, and receipt semantics.

What UM leaves alone

mDL document structure, issuer authority, online transfer protocol, reader authentication, and jurisdictional trust lists. ISO defines the credential and presentation; UM composes the credential with the rest of the exchange.

17 / zkp

BBS Data Integrity Cryptosuites.

Selective disclosure and unlinkable proof options for Data Integrity credentials.

Candidate W3C BBS

What it does

BBS Data Integrity cryptosuites define proof formats for selective disclosure over Data Integrity credentials. They let a holder reveal only selected statements while still proving the credential came from the issuer.

What UM carries

UM can treat BBS proof material as a future Data Integrity profile inside claimProof. Projection rules decide which facets or claims are disclosed, and the evaluator records the proof profile it verified in the receipt.

What UM leaves alone

BBS signature schemes, proof generation, cryptosuite identifiers, RDF canonicalization, unlinkability guarantees, and verifier cryptographic validation. UM supplies the envelope and evaluation behavior around the proof.

18 / pqc

NIST PQC: ML-KEM and ML-DSA.

Post-quantum key encapsulation and signature standards for future cryptographic profiles.

Candidate NIST PQC

What it does

NIST's post-quantum cryptography standards define new primitives for key encapsulation and digital signatures. ML-KEM is relevant to encrypted facet key agreement; ML-DSA is relevant to future manifest signature profiles.

What UM carries

UM can add future cryptographic profiles that identify post-quantum key wrapping or signature material for sealed entries and manifest proofs. Evaluators can verify profiles they support and safely skip unknown profiles.

What UM leaves alone

Algorithm standardization, FIPS validation, parameter selection, cryptographic libraries, migration schedules, and hybrid transition policy. UM stays profile-based so post-quantum algorithms can be introduced without replacing the core manifest model.

What is coming next

Standards under active evaluation or in early integration work.

eIDAS 2.0 / EU Digital Identity Wallet. EU regulatory framework for digital identity wallets and qualified electronic attestations of attributes
SD-JWT (Selective Disclosure JWT). IETF draft for selectively disclosable JSON Web Tokens, relevant to UM's selective disclosure model
AnonCreds. Privacy-preserving credential format with zero-knowledge proofs, maintained by Hyperledger
SCITT (Supply Chain Integrity, Transparency, and Trust). IETF working group on supply-chain attestation, relevant to device and software manifests
CBOR / COSE. Compact binary serialization and signing, relevant for constrained-device deployment profiles
ActivityPub. W3C protocol for federated social networking, relevant to the social-identity integration lane
DIDComm. Decentralized communication protocol for DID-based messaging, relevant to push/pull exchange patterns
ISO 23220 (mID). Broader mobile identity framework beyond driver's licences
glTF / VRM. Khronos Group (glTF) and VRM Consortium standards for 3D asset and avatar interchange, relevant to the portaling lane's avatar-portability requirements
OpenXR. Khronos Group standard for XR runtime interfaces, relevant to cross-device manifest presentation on VR/MR/AR hardware
IWPS (Inter-World Portaling Standard). MSF-originated protocol for cross-world portaling. UM is the identity and consent envelope that travels through IWPS portal transitions
IEEE P2874 (Spatial Web). IEEE standard for spatial web architecture, relevant to location-anchored manifest exchanges and XR environment interoperability
RMAP (Routing Model for Applications and Places). RP1's service driver model for spatial data routing and permission-aware discovery within spatial fabrics
SOM (Spatial Object Model). RP1's object model for spatial entities, supporting manifest-attached spatial anchors and place membership
ANARI. Khronos Group analytic rendering interface, relevant to constrained-device spatial computing deployment profiles

Implementer pathways and the full integration catalog live in the registry.

Three roles (issuer, evaluator, subject runtime), each with a concrete starting point. The registry tracks every standard UM composes with.

Registry

Registry, resources, and next steps.

The registry tracks every standard UM composes with: registration criteria, conformance targets, and the full integration catalog. If your standard is not listed, request an integration there.

Registry Integration lanes