| Internet-Draft | Groundmark Attestation | May 2026 |
| Noss & Jeftovic | Expires 25 November 2026 | [Page] |
This document defines the Groundmark attestation framework and the profile of Identity Service Providers (IDSPs) that issue Groundmark attestations. It is the companion document to the Groundmark core protocol, which specifies DNS publication and request-signature mechanics. This document specifies the role and obligations of Identity Service Providers, a four-level taxonomy of attestation strength, an initial vocabulary of claim types, the JSON schema and signature construction for attestation payloads, the method-disclosure discipline that defines an IDSP's accountability obligation, and revocation semantics for the attestation layer.¶
The core protocol document defines the discovery mechanisms (the _agentclaim DNS TXT record and the HTTP retrieval of attestation payloads) on which this document depends. Together the two documents specify Groundmark.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 25 November 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The Groundmark core protocol [I-D.noss-jeftovic-groundmark-core] specifies how an agent's signing public key and references to externally hosted attestations are published in DNS, and how relying parties verify HTTP request signatures using the published key. The core protocol intentionally treats attestation content as opaque: DNS publishes a reference, the relying party retrieves it over HTTPS, and the question of what an attestation says and how it should be evaluated is deferred to this document.¶
This document specifies that evaluation framework. It defines:¶
The design is informed by Kim Cameron's Laws of Identity [Cameron2005], reframed for a setting in which the principal whose identity is being attested is an organizational operator (or, in the individual-operator case, a hosted-identity provider) rather than a human individual interacting directly.¶
This document depends on the core protocol [I-D.noss-jeftovic-groundmark-core] for:¶
A relying party implementing Groundmark MUST implement the core protocol. Implementing this document additionally is OPTIONAL: a relying party may choose to require only signature verification (Level 0) without evaluating attestations, in which case the mechanisms in this document are not exercised. The core protocol's permissionless default mode remains available to all participants.¶
The framework defined here is shaped by three principles, in addition to those stated in the core protocol.¶
This document does not:¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The terminology of the core protocol [I-D.noss-jeftovic-groundmark-core] applies. The following additional terms are used in this document.¶
An IDSP under Groundmark is an entity that:¶
Any person, organization, or institution with appropriate competence may operate as an IDSP for claims within its competence. No central designation is required. Recognition of an IDSP by a relying party, or by a regulatory framework whose requirements a relying party is attempting to satisfy, is independent of this specification.¶
An IDSP's primary obligation under Groundmark is method disclosure: each attestation MUST contain a structured description of the verification methods the IDSP performed. This obligation is what distinguishes an IDSP from a conventional certificate authority. A certificate authority asserts a conclusion ("this entity controls this domain"); a Groundmark IDSP asserts a conclusion together with a disclosure of how that conclusion was reached, allowing the relying party to make a contextual trust decision.¶
The structure of the method_disclosure object is specified in Section 6.3. The IDSP is responsible for the accuracy of this disclosure; misrepresentation of methods is the principal failure mode against which the IDSP's reputation is exposed.¶
This document does not specify how a relying party comes to trust a specific IDSP for a specific purpose. The expected mechanisms include:¶
These are out of scope for this specification. What this specification provides is the substrate that makes any of these evaluation modes possible: every Groundmark attestation includes the IDSP's identity, the methods it performed, and the cryptographic material needed to verify the IDSP's signature.¶
Groundmark defines four attestation levels indicating the strength of verification associated with a claim. The level is a floor, not a ceiling: a relying party requiring Level 1 MAY accept a Level 2 or Level 3 attestation for the same claim type. A relying party requiring Level 2 MUST NOT accept a Level 1 attestation in its place.¶
The levels do not aggregate. Three Level 2 attestations do not constitute a Level 3 attestation. Each claim stands on its own merits.¶
No attestation required. The relying party verifies an HTTP request signature against the agent's DNS-published key per the core protocol; domain ownership establishes the accountability chain through DNS and (if DNSSEC-validated) through the registrar-verified registrant.¶
This is the default mode under Groundmark and is expected to cover the majority of agent transactions. Self-asserted _agentclaim records using the "val=" form (for example, operator-contact) are Level 0 disclosures: they are operator assertions, not third-party verifications.¶
A relying party operating at Level 0 CAN conclude that the request originated from a party that controls the agent domain. It CANNOT conclude anything about the operator's identity, legal standing, location, or compliance.¶
A real, identifiable party stands behind the agent. Level 1 establishes that an operator exists, that the operator demonstrably controls the agent domain, and that the operator has accepted accountability under the IDSP's trust framework. The claim is about existence and accountability, not capability or compliance: if something goes wrong, there is a known party to contact.¶
Required verification, performed by the IDSP:¶
Acceptable methods are at the IDSP's discretion subject to the method-disclosure obligation. Typical methods include business registration lookup, confirmation messaging to an organizational domain, or credential binding to a verified account.¶
A relying party operating at Level 1 CAN conclude that an identifiable operator is accountable for the agent's actions, and that the operator accepted terms establishing accountability. It CANNOT conclude that the operator is compliant with any specific regulation or legal standard.¶
A bounded, specific fact about the operator or agent has been attested. Each Level 2 attestation is a single predicate: "the operator is over 18", "the operator holds a valid Ontario real estate licence", "the agent has passed basic financial-services onboarding". The minimal-disclosure principle is operationally critical at this level: the IDSP attests to the predicate, not to the underlying data.¶
A relying party operating at Level 2 CAN conclude that the stated predicate was verified by a third party to the standard disclosed, and that the IDSP staked its reputation on the accuracy of the attestation. It CANNOT conclude that the claim satisfies a regulatory requirement without also verifying that the IDSP and its methods are recognised by the relevant regulator.¶
The attestation meets a specific legal or regulatory standard. Level 3 covers claims that must meet defined legal or regulatory requirements such as Know Your Customer / Anti-Money Laundering verification under a named framework, professional licensure verified against government records, or biometric identity proofing under a named assurance level.¶
A Level 3 attestation MUST carry the "framework" field (Section 6.2) identifying the regulatory or trust framework under which the attestation is issued. It MUST carry the "jurisdiction" field where the framework is jurisdictionally scoped.¶
A relying party operating at Level 3 CAN rely on the attestation to satisfy its own regulatory obligations where the relevant trust framework explicitly permits such reliance. The relying party MUST verify that the named IDSP is recognized by the relevant regulator or framework before relying on a Level 3 attestation for compliance purposes; this specification does not designate any IDSP as authoritative for any framework.¶
An agent identity MAY carry multiple _agentclaim records simultaneously, each independent. A single agent might present a Level 1 operator-verified attestation alongside several Level 2 claim-specific attestations from different IDSPs. The relying party selects only the claims its policy requires.¶
Multiple attestations from different IDSPs do not implicitly refer to the same underlying operator identity, since IDSPs do not coordinate with one another. Section 9.3 addresses this limitation.¶
This section defines the initial vocabulary of claim types. Each claim type specifies the JSON structure of the claim_value field in an attestation payload (Section 6).¶
Custom claim types MUST use the form "x-<registrant-domain>-<claim-name>", where <registrant-domain> is a domain controlled by the entity defining the claim type. Custom claim types do not require IANA registration; relying parties MUST ignore claim types they do not recognize, per the core protocol.¶
Claim types intended for broad interoperability SHOULD be registered in the IANA Groundmark Claim Types registry established by this document (Section 12).¶
Level: 1.¶
The IDSP has verified that a real, identifiable operator controls the agent and has accepted the IDSP's accountability terms.¶
claim_value:¶
{
"verified": true,
"operator_display_name": "Acme Corp"
}
¶
"verified" is REQUIRED and MUST be true (an attestation with verified=false MUST NOT be issued; such a record should be absent, or, if previously present, revoked).¶
"operator_display_name" is OPTIONAL and SHOULD only be included if the operator has explicitly chosen to disclose it publicly. Relying parties MUST NOT use operator_display_name as the sole basis of any trust or access-control decision. See Section 9.2.¶
Level: 2.¶
The operator meets the specified age threshold. The claim value is a boolean predicate; the operator's actual age or date of birth is not disclosed.¶
claim_value:¶
{ "result": true }
¶
Level: 2 or 3, depending on the IDSP's method and the framework under which it is operating.¶
The operator holds a valid licence in a named jurisdiction and practice category. The licence number MUST NOT be included in the claim value.¶
claim_value:¶
{
"licensed": true,
"jurisdiction": "CA-ON",
"licence_category": "real-estate-agent",
"licence_status": "active"
}
¶
"jurisdiction" uses the conventional country-subdivision form (ISO 3166-1 alpha-2, optionally followed by "-" and an ISO 3166-2 subdivision code).¶
When this claim is published as a Level 3 attestation, the top-level "framework" field of the attestation MUST identify the regulatory licensing framework.¶
Level: 2 or 3.¶
The operator has passed a basic Know Your Customer screening.¶
claim_value:¶
{
"passed": true,
"framework": "FINTRAC-PCMLTFA",
"tier": "basic"
}
¶
The "framework" field inside claim_value is REQUIRED for this claim type and identifies the screening framework applied. When the attestation is Level 3, the top-level "framework" field MUST also be present and SHOULD match the claim_value "framework".¶
Level: 3.¶
The operator has passed an enhanced KYC process, including source-of-funds verification or equivalent under the named framework.¶
claim_value:¶
{
"passed": true,
"framework": "FINTRAC-PCMLTFA",
"tier": "enhanced"
}
¶
Level: 0 (self-asserted).¶
A self-declared contact point. This claim type MAY be published directly in a _agentclaim record using "val=" without a "ref=" URL or "idsp=", per the core protocol. Relying parties MUST treat it as unverified self-assertion.¶
claim_value (when retrieved as an IDSP-issued attestation, which is uncommon for this claim type):¶
{
"contact_type": "email",
"value": "ops@acmecorp.example"
}
¶
This section defines the JSON document served by an IDSP at the URL referenced by an _agentclaim "ref=" field.¶
The transport for attestation retrieval is HTTPS, per the core protocol. Additional requirements specific to the attestation layer:¶
The attestation is a flat JSON [RFC8259] object using snake_case field names. The following fields are defined.¶
The following non-normative example illustrates the JSON payload served by an IDSP at the URL referenced by an _agentclaim "ref=" field. It is the Level 1 operator-verified attestation referenced by the worked example in the core protocol.¶
{
"schema_version": "1.0",
"subject": "purchasing.acmecorp.example",
"claim_type": "operator-verified",
"claim_value": {
"verified": true,
"operator_display_name": "Acme Corp"
},
"level": 1,
"idsp": "verify.example.net",
"issued_at": "2026-05-19T12:00:00Z",
"expires_at": "2026-12-01T00:00:00Z",
"method_disclosure": {
"methods": [
"corporate-registry-lookup",
"organizational-domain-email-confirmation"
],
"method_detail":
"Operator legal entity confirmed against the Ontario
Business Registry; domain control confirmed by email
challenge to postmaster@acmecorp.example.",
"evidence_class": [
"corporate-registry",
"domain-control"
]
},
"endpoint_url":
"https://verify.example.net/a/4f9f3e1c7ab93d4f8d22",
"revocation_endpoint":
"https://verify.example.net/r/4f9f3e1c7ab93d4f8d22",
"signing_key_id": "k1",
"signature": "MEUCIQ...base64url...=="
}
¶
The IDSP's signing public key is published at _agentid.verify.example.net. The relying party retrieves it via a DNSSEC-validating resolver, selects the record with kid=k1, reconstructs the canonical payload using [RFC8785] on the object with the signature field removed, and verifies the Ed25519 signature against the IDSP's public key.¶
Attestation signatures use Ed25519 [RFC8032]. The signature is computed over a canonical serialization of the attestation payload with the signature field removed.¶
The canonical serialization is JSON Canonicalization Scheme [RFC8785] applied to the attestation payload object, omitting the signature key. JCS provides a deterministic byte sequence regardless of input ordering or whitespace, removing a class of canonicalization bugs.¶
The IDSP's public key is published in DNS using the _agentid.<idsp-domain> convention defined by the core protocol. IDSPs MUST sign their zones with DNSSEC. A public key retrieved from a non-DNSSEC-signed zone MUST NOT be used for attestation verification. The signing_key_id field in the attestation identifies which of the IDSP's keys was used; this corresponds to the "kid=" field in the IDSP's _agentid record.¶
A relying party verifying an attestation payload MUST:¶
Two independent revocation mechanisms operate at the attestation layer, in addition to DNS-level revocation provided by the core protocol (deletion of the _agentclaim record).¶
The revocation endpoint response is structurally minimal:¶
{ "revoked": true }
¶
or¶
{ "revoked": false }
¶
IDSPs MAY include additional fields (revoked_at, reason) but MUST include the boolean revoked field as defined. Relying parties MUST NOT require additional fields.¶
The revocation endpoint MUST NOT require authentication from the relying party. IDSPs MUST NOT use the revocation endpoint as a per-transaction authentication gate (see Section 9.5).¶
When the revocation endpoint is unreachable, relying parties MUST apply the following fail behaviour, scaled by attestation level:¶
Fail-open behaviour at any level MUST be logged. The logging requirements below are the minimum; relying parties may impose additional requirements under their own policies.¶
The fail-open log entry MUST include:¶
The log MUST be retained by the relying party for a period not less than one year, or for the period required by any applicable regulatory framework, whichever is longer. The log SHOULD be available to the IDSP on reasonable request, since an unexpected pattern of fail-open events on a particular IDSP is operationally significant to both parties.¶
Real-time revocation checks against an IDSP endpoint introduce the same class of operational fragility as OCSP. To mitigate this without reintroducing OCSP's worst failure modes, an IDSP MAY include a short_lived_token field in the attestation payload, analogous to certificate stapling.¶
A short-lived status token is a signed assertion of the form:¶
{
"status": "active",
"as_of": "2026-05-19T12:00:00Z",
"valid_until": "2026-05-19T18:00:00Z",
"signature": "<base64url-ed25519>"
}
¶
The token is signed by the same IDSP signing key as the parent attestation, over the canonical serialization of the token object with signature removed.¶
When a current short-lived status token is present and valid, the relying party MAY treat it as a substitute for a fresh revocation_endpoint check during the token's validity window. The relying party MUST NOT extend the token's effective validity past valid_until. Token validity windows SHOULD be no longer than 24 hours; IDSPs that issue longer-lived tokens defeat the purpose of the mechanism.¶
IDSPs MAY rotate tokens by re-serving the attestation payload with an updated short_lived_token; the rest of the payload (and its signature) is unchanged. Relying parties caching the attestation SHOULD periodically re-fetch to obtain refreshed tokens; this is substantially cheaper than full revocation checks.¶
The endpoint_url field in the canonical payload binds an attestation to the specific URL at which it is served. Without this binding, an attacker who obtained a valid attestation payload (perhaps by previously serving as the IDSP under a since-decommissioned identity) could serve that payload at a different location and have it accepted by relying parties. Including endpoint_url in the signed canonical payload prevents this attack. Relying parties MUST verify the endpoint_url match per Section 7.1; this is not optional.¶
The operator_display_name field in operator-verified attestations is operator-chosen and self-asserted. The IDSP attesting that the operator exists and is accountable does not, by default, verify that the chosen display name is accurate or non-deceptive.¶
Relying parties MUST NOT use operator_display_name as the basis of trust or access-control decisions. The field is a UI affordance only.¶
Future versions of this specification may require IDSPs to validate display names against protected brand-name lists as a condition of Level 1 attestation. Such a requirement is out of scope for this document, but the field's presence in the schema provides a hook for such future requirements.¶
A single agent may carry attestations from multiple IDSPs that implicitly refer to different underlying operator identities, since IDSPs do not coordinate with one another. A relying party evaluating two claims from two different IDSPs cannot, in general, determine whether both claims describe the same operator.¶
For high-assurance transactions requiring multiple claims, relying parties SHOULD prefer attestations from a single IDSP where possible. Future versions of this specification may define a subject_handle field that allows IDSPs to identify a stable operator handle within a single trust framework, enabling cross-claim consistency checks. This is out of scope for this document.¶
Compromise of an IDSP's signing key permits an attacker to issue fraudulent attestations until the corresponding _agentid record at the IDSP's domain is removed and caches expire. IDSPs MUST treat their signing keys with the same operational discipline as certificate-authority signing keys, including hardware key storage and audit-grade access controls. An IDSP SHOULD prepare for emergency key rotation per the procedure defined in the core protocol, and SHOULD pre-announce key rotation policy in its public practices statement.¶
A compromised IDSP signing key invalidates all attestations signed under that key. There is no fine-grained recovery: relying parties detecting an IDSP key compromise SHOULD treat all attestations under that key as unverifiable until the key is rotated and the affected attestations are re-issued.¶
The revocation endpoint is a relying-party-facing service consulted on a substantial fraction of attestations. IDSPs that operate it as an authenticated, throttled, or per-relying-party-rate-limited service shift operational fragility onto the entire relying-party population. This document REQUIRES the revocation endpoint to be unauthenticated, structurally minimal, and operated at a service quality appropriate to its function in the trust framework. IDSPs that do not meet this requirement create a denial-of-service vector against deployments depending on their attestations.¶
The method_disclosure object is the central accountability locus of the IDSP role. An IDSP that misrepresents its methods - claiming verification it did not perform, omitting subcontractors, or misstating evidence classes - undermines the trust framework that makes its attestations evaluable. There is no cryptographic mechanism that detects this; the discipline depends on the relying party's, and the broader community's, ability to evaluate IDSP practices and on the IDSP's reputational exposure to inaccurate disclosure. Trust frameworks that recognize specific IDSPs SHOULD require audit of method-disclosure accuracy as a condition of recognition.¶
This document inherits the privacy considerations of the core protocol [I-D.noss-jeftovic-groundmark-core], and is shaped by the guidance of [RFC6973]. The following considerations are specific to the attestation layer.¶
The claim-value structures in Section 5 are deliberately minimal. age-over-18 discloses a boolean, not a date of birth. jurisdiction-licensed discloses the existence and category of a licence in a named jurisdiction, not the licence number. kyc-basic and kyc-enhanced disclose only that the relevant screening was performed under a named framework.¶
Custom claim types defined under the "x-<registrant-domain>-<claim-name>" extension mechanism SHOULD follow the same discipline. Claim types that would require disclosure of richer personal data SHOULD be considered carefully against the minimal-disclosure principle and, where possible, decomposed into bounded predicates.¶
What is publicly visible in DNS for a given agent is the existence of an attestation of a given claim_type from a named idsp, plus the high-entropy "ref=" URL. The claim value itself is reachable only by following the "ref=" URL.¶
This is an intentional design tradeoff. Publishing the claim type and IDSP name supports interoperability and meaningful relying-party policy; publishing the value would either require value confidentiality (complicating retrieval) or render claim-value privacy moot. The recommended deployment pattern for individual operators concerned about this visibility is provider-hosted identities, as discussed in the core protocol's Privacy Considerations.¶
A relying party that observes a Groundmark request signature obtains the agent's domain and, on attestation retrieval, the attestation's content. Multiple relying parties observing requests from the same agent can correlate by agent domain. This is a property of DNS-anchored identity and is not unique to Groundmark; an agent domain is necessarily globally unique and linkable.¶
Operators concerned about cross-relying-party linkability SHOULD provision per-relationship agent domains (for example, distinct subdomains per counterparty) or use ephemeral agent domains. These mitigations come at the cost of reduced amortization of attestation issuance and verification, and are accordingly out of scope for the default deployment pattern.¶
This specification permits a diversity of IDSP operators, trust frameworks, and jurisdictional regimes. It does not designate any of them.¶
The framework's accountability properties depend on the existence of mechanisms - external to this specification - for evaluating IDSPs. Such mechanisms may include:¶
The Groundmark framework supports all of these because every attestation carries the IDSP's identity, the methods performed, and the cryptographic material needed to verify the attestation. What this specification provides is the technical substrate that makes governance possible; the governance itself is the work of trust frameworks and the broader community.¶
IANA is requested to establish a new registry titled "Groundmark Claim Types" under a new "Groundmark" registry group.¶
Registration policy: Specification Required, per [RFC8126]. The designated expert SHOULD evaluate proposed registrations for:¶
The initial registry contents are the claim types defined in Section 5:¶
| Claim Type | Level(s) | Reference |
|---|---|---|
| operator-verified | 1 | This document |
| age-over-18 | 2 | This document |
| age-over-21 | 2 | This document |
| jurisdiction-licensed | 2, 3 | This document |
| kyc-basic | 2, 3 | This document |
| kyc-enhanced | 3 | This document |
| operator-contact | 0 | This document |
IANA is requested to establish a new registry titled "Groundmark Method Identifiers" under the "Groundmark" registry group.¶
Registration policy: Specification Required, per [RFC8126].¶
The initial registry contents are reserved for community development and will be populated by an early companion specification defining the verification method vocabulary. Examples of expected initial entries include "corporate-registry-lookup", "government-issued-id", "biometric-liveness", "domain-control-acme", and "organizational-domain-email-confirmation".¶
The authors thank Doc Searls for substantive review of earlier drafts, the late Kim Cameron whose Laws of Identity [Cameron2005] shaped the philosophical commitments of this work, and the broader registrar, DNS, and identity communities whose infrastructure and prior art make this approach viable.¶