Verification

Verification Model

ECZ-ID verification is not a one-time check. It’s a continuous, evidence-backed process that ensures every entity maintains its resolver-verifiable state throughout its lifecycle.

Core Model

How Verification Works

The ECZ-ID verification model has three layers: identity provisioning, real-time verification, and ongoing evidence-state updates.

Identity Provisioning

Every entity starts with identity provisioning through TrustOps. The entity receives a unique ECZ-ID, capability evidence records, operational boundaries, and initial resolver-verifiable state. This is the foundation upon which all verification builds.

Real-Time Verification

Any party can verify an entity's identity through Resolver in real time. Resolver returns the entity's current identity status, active evidence records, and operational validity as resolver state. This is the runtime trust layer.

Evidence-State Updates

Verification doesn't stop after initial provisioning. ECZ-ID updates evidence records based on entity behaviour, evidence-state status, and external signals. Resolver state evolves. Evidence records are refreshed. Anomalies trigger review.

Verification Flow

A typical verification interaction between two entities.

Entity A Presents Identity

Entity A includes its ECZ-ID credentials in the interaction request.

Entity B Queries Resolver

Entity B sends the ECZ-ID to Resolver for real-time verification.

Resolver Returns State

Resolver returns current identity status, resolver state, capabilities, and active evidence records.

Entity B Makes Trust Decision

Based on Resolver state and evidence records, Entity B decides whether to proceed with the interaction.

Interaction Logged

The interaction is logged with provenance linking both entities' resolver-verifiable identities.

Resolver State

Understanding Resolver State

Resolver state reflects dynamic, verifiable evidence about an entity. It is computed from deterministic Backend/Core records — not self-declared.

Identity Completeness

How complete and current the entity's identity record is. More evidence records, higher completeness.

Behavioural History

Track record of the entity's actions and interactions. Consistent, verified behaviour builds trust.

Evidence Currency

Are evidence records current? Expired or stale records affect resolver state.

Anomaly Status

Has the entity triggered any anomaly flags? Unresolved anomalies affect resolver state.

Principles

Verification Principles

Resolver-Verified, Not Assumed

No identity claim is accepted without Resolver checks. Every assertion is checkable through Resolver.

Continuous, Not Static

Verification is ongoing. Evidence state updates. Records refresh. Status evolves with behaviour.

Transparent, Not Opaque

Verification results are structured, documented, and auditable. No black boxes.

Decoupled, Not Siloed

TrustOps provisions. Resolver verifies. They're independent. No single point of failure.

Standard, Not Proprietary

ECZ-ID aligns with emerging standards for machine identity, digital product passports, and trust frameworks.

Sovereign, Not Dependent

Organisations control their identity infrastructure. ECZ-ID enables sovereignty, not dependency.

Authority Separation

Three Surfaces, Clear Responsibilities

Understanding which surface does what is essential to the ECZ-ID verification model.

🏗️ Developer Gateway (This Site)

Explains. Discovery, onboarding guidance, starter kits, build scaffolds, and documentation. This site helps you understand and start—it does not provision, price, or verify.

Role: Persuasion, education, build guidance

⚡ TrustOps

Provisions. All identity provisioning, credential management, pricing, sales, checkout, and credential lifecycle management. TrustOps is the commercial and operational control surface. Customer acquisition starts at /start.

Role: Provisioning, pricing, credentialing

🔍 Resolver

Proves. Public read-only resolver-state queries, evidence-record checks, and provenance tracing. No account required. Any party can verify any ECZ-ID independently.

Role: Verification, proof, public trust checks

Formal governance and specifications — issuance, revocation, authority, and specification material — are published at ecocitizenz.org. Governance defines the rules; this site documents how to implement against them.

System Overview

The Complete ECZ-ID Identity System

How passports, packages, badges, and verification fit together.

ECZ-ID Business Passport™

Parent passport. Root credential for every organisation. All child passports and derived add-ons attach to this.

7 Families / 33 Child Passports

Organised into 7 canonical categories covering digital systems, product/risk/transfer, robotics, road mobility, drones, infrastructure, and control overlays.

33 Packages

18 core bundles (includes KYA Ready Pack™) + 8 advanced / accelerator packages (includes ECZ-ID Digital Counterparty Infrastructure Pack™) + 7 extension packages (DORA, SBOM, Trade Finance, Construction). Commercial acquisition paths for child passports.

ECZ-ID Insurability Readiness™

Derived add-on on parent passport. Auto-computed from active passport state, evidence state, and canonical Backend/Core rules. Not a package. Not purchasable.

Badges & Public Proof

After verification, entities receive resolver-verifiable badges. These are public proof URLs anyone can check.

Deployment & Lifecycle

After credentialing and verification, entities deploy to production. Credentials travel with the entity. Evidence state and resolver state evolve over time.

See Verification in Action

Verify any ECZ-ID through Resolver, or provision new identities through TrustOps.

Go to Resolver Start in TrustOps