Binding Registry · Public docs

ECZ-ID Binding Registry™

Bind ECZ-ID passports and packages to real domains, agents, APIs, assets, documents, accounts, and counterparties — then prove only what Backend/Core has actually observed and Resolver can safely project.

Start in TrustOps ↗Open Resolver ↗

What a binding is

A binding is a backend-controlled proof relationship between an ECZ-ID capability and a real-world or system target. Customer-provided records, manifests, API specs, or documents are setup artifacts. They are not proof until Backend/Core observes them, validates them, and Resolver projects the BOUND state.

Why bindings matter

They turn an ECZ-ID from a string into machine-checkable proof tied to a specific real-world target.
They give counterparties, agents, and platforms a single posture to verify before action.
They make tamper-evident hashing and exact-ID Resolver checks possible at runtime.
They let the relying party fail closed when state is unsafe, instead of guessing from screenshots.

Fast path

Choose the binding type that matches the target (domain, agent, API, MCP, SBOM).
Open TrustOps and start the setup pack for that binding.
Publish the required setup artifact (DNS record, manifest, OpenAPI extension, SBOM reference).
Backend/Core observes the evidence from its own infrastructure.
Resolver projects BOUND once verification completes.
Share the Resolver URL — never a screenshot — with the relying party.

Which binding do I need?

Use case	Binding type
Prove control of a domain	Domain binding
Verify a logical agent before it acts	Agent binding
Verify an authorised API surface and spec hash	API binding
Gate high-risk MCP tool calls	MCP binding
Tie an SBOM to a release for procurement / DORA	SBOM binding
Ask a counterparty to obtain or prove a binding	Request-to-Resolve

How the model works

Resolver is the public proof surface

No customer-supplied document, manifest, or upload becomes proof on Developer Gateway. Current state is confirmed in Resolver.

TrustOps owns acquisition and lifecycle

Acquisition, payment, setup packs, suspension, and lifecycle live in TrustOps. Developer Gateway routes there.

Resolver is public read-only proof

Current state for an exact ECZ-ID is checked in Resolver. There is no search, no directory, no setup, no checkout in Resolver.

Developer Gateway documents and routes

No checkout. No setup form that mutates verification state. No Resolver clone. No directory of ECZ-IDs.

Binding Registry documentation

Public reference for each binding type, the Request-to-Resolve workflow, the Resolver projection model, and the forbidden-claims governance.

Binding type · Domain

Domain binding

Bind an ECZ-ID to a domain you control. TrustOps issues the challenge. Backend/Core observes it. Resolver projects BOUND only after backend verification.

Binding type · Agent

Agent binding

Bind an ECZ-ID Agent Credential to one logical agent. The manifest is a discovery artifact. Backend/Core writes the binding. Resolver projects current state.

Binding type · API

API binding

Bind an ECZ-ID API Passport to one authorised API surface. Regional aliases live as sub-bindings of the same surface.

Binding type · MCP

MCP binding

Bind an MCP server identity, declare its tool inventory, and route high-risk tool calls through a fail-closed Resolver check.

Binding type · SBOM

SBOM / software supply chain binding

Bind a release reference to its SBOM, container digest, and optional Assured posture. Resolver does not publish raw vulnerability findings.

Workflow · Request-to-Resolve

Request-to-Resolve

Ask a counterparty to obtain or prove an ECZ-ID parent tier, passport, package, or binding. Proof appears only when Backend/Core verifies and Resolver projects.

Proof · Resolver projection

Resolver projection

Resolver is public read-only proof for an exact ECZ-ID. No search, no directory, no setup, no checkout, no mutation.

Governance · Forbidden claims

Forbidden claims & allowed framing

ECZ-ID is identity, authority, custody, and evidence-state proof. It is not a certification, safety guarantee, regulatory approval, compliance guarantee, insurance policy, or endorsement.

Documentation only — no live projection

OpenAPI x-ecz-id reference

Canonical OpenAPI 3.1 extension fields that bind an API spec to a parent ECZ-ID, an API Passport, and an optional Agent Credential, and instruct relying parties to re-check before reliance.

What ECZ-ID does not claim

ECZ-ID is identity, authority, custody, and evidence-state proof. It is not the following terms, and Developer Gateway must not describe it that way:

certifiedapprovedsafeguaranteedinsuredfully compliantregulator approvedAI safety certified

Read the forbidden claims policy →

Formal governance and specifications for issuance, revocation, authority, and binding semantics are published at ecocitizenz.org.

Live public binding projection for this documentation surface has not yet been independently proven. These docs describe the code-proven and test-proven model only. They are not a claim of live-ready, production-hard, launch-ready, or marketplace-ready proof.