Policy guidance · Relying-party gate
ECZ-ID MCP Policy™
Allow / warn / require policy-gate guidance for relying parties. £1,499/mo. SKU ECZ-BUNDLE-MCP-POLICY. Local policy decides. ECZ-ID does not make the decision for the relying party.
When MCP Policy fits
- You are a platform, marketplace, or enterprise that lets agents call MCP servers.
- You want a documented policy that maps ResultStates and ReasonCodes to allow, warn, or require outcomes.
- You want machine-readable guidance you can wire into your own verifier — not an autonomous decision-maker.
Policy modes
| Mode | Behavior |
|---|---|
| OPEN | No posture required. Verifier observes only. Local policy decides. |
| PREFER | Resolver-verifiable posture is preferred. Missing or partial proof is a warn, not a block. |
| REQUIRE | Resolver-verifiable posture is required. Missing or partial proof blocks the call. Local policy still decides what counts as required. |
Example policy mapping
Illustrative — every relying party tunes its own thresholds. ECZ-ID does not make the decision for you.
policy example
{
"policy_mode": "PREFER",
"on_resolver_verifiable": "allow",
"on_partial_public_proof_found": "warn",
"on_no_public_resolver_proof_found": "warn",
"on_setup_required": "warn",
"on_mismatch": "require",
"on_revoked": "require",
"on_expired": "warn",
"on_suspended": "warn",
"recheck_before_reliance": true,
"local_policy_decides": true,
"no_safety_or_approval_inference": true
}Canonical product reference
- Name: ECZ-ID MCP Policy™
- Price: £1,499/mo
- SKU: ECZ-BUNDLE-MCP-POLICY
- Role: allow / warn / require policy-gate guidance for relying parties.
No overclaim posture
- No public resolver proof found yet does not mean unsafe.
- Re-check before reliance.
- Local policy decides.
- The verifier does not create or change verification state.
ECZ-ID separates setup, verification state, and public proof so operators can prepare evidence and relying parties can re-check before they act. TrustOps handles setup. Resolver remains the public proof surface. The verifier does not create or change verification state. Start setup in TrustOps when you operate the target. Share resolver guidance when you do not. Local policy decides. Re-check before reliance.