Skip to content

RFC-002: Trust Badge Specification#2

Merged
beonde merged 2 commits into
mainfrom
rfc-002-trust-badge
Dec 10, 2025
Merged

RFC-002: Trust Badge Specification#2
beonde merged 2 commits into
mainfrom
rfc-002-trust-badge

Conversation

@beonde

@beonde beonde commented Dec 10, 2025

Copy link
Copy Markdown
Member

Summary

Adds RFC-002: Trust Badge Specification - the formal specification for cryptographic identity credentials in the CapiscIO ecosystem.

RFC-002 Overview

The Trust Badge is a JWS (JSON Web Signature) token that provides portable, verifiable identity for AI agents participating in AGCP-governed workflows.

Key Features

Feature Description
Format JWS (Compact Serialization) with EdDSA signatures
Identifier W3C-standard did:web for portability
Trust Levels DV (1), OV (2), EV (3) - validation rigor
Lifetime Short-lived (default 5 min TTL)
Revocation Blocklist API with bulk sync support

Relationship to RFC-001 (AGCP)

RFC-002 implements the SVID (Secure Verifiable Identity Document) concept from RFC-001 §4.2:

AGCP Concept Badge Implementation
Agent Identity Badge sub claim (DID)
SVID Signature Badge JWS signature
Short-lived TTL Badge exp claim
Revocation Lists Badge jti + revocation endpoint
Trust Graph Badge iss (CA) + vc.level

API Endpoints

POST /v1/agents/{id}/badge      # Issue badge
GET  /v1/badges/{jti}/status    # Check status
POST /v1/badges/{jti}/revoke    # Revoke badge
GET  /.well-known/jwks.json     # CA public keys
GET  /v1/revocations            # Bulk revocation list

CLI Commands

capiscio key gen                 # Generate Ed25519 keypair
capiscio badge issue             # Request Badge from CA
capiscio badge verify <token>    # Verify locally
capiscio badge keep              # Auto-renewal daemon
capiscio trust add <jwk>         # Add CA to trust store

Document Structure

  • §1-3: Abstract, RFC-001 relationship, terminology
  • §4-5: Badge structure, claims, trust levels
  • §6: DID method (did:web) and resolution
  • §7: Lifecycle (issuance, renewal, revocation)
  • §8: Verification flow and error codes
  • §9-10: Transport and security considerations
  • §11-13: JWKS, API reference, implementation notes
  • §14: Future work (out of scope for v1)
  • Appendices: Full examples, standards comparison

Related PRs

Implementation PRs that depend on this specification:

Status

Approved - Ready for implementation

beonde added 2 commits December 8, 2025 17:12
@beonde
docs: clean up changelog - v1.0 initial public release
9bbb261
@beonde
feat: add RFC-002 Trust Badge Specification
0b3e84c 
RFC-002 defines the CapiscIO Trust Badge, the cryptographic identity
credential for AI agents in the CapiscIO ecosystem.

## Key Concepts

- Trust Badges are JWS tokens proving agent identity
- Uses did:web for W3C-standard DID identifiers
- Three trust levels: DV (1), OV (2), EV (3)
- Short-lived tokens (default 5 min TTL)
- Revocation via blocklist API

## Relationship to RFC-001

Implements the SVID (Secure Verifiable Identity Document) concept
from RFC-001 AGCP. Badges enable the cryptographic signature validation
required for delegation chain integrity.

## API Endpoints

- POST /v1/agents/{id}/badge - Issue badge
- GET /v1/badges/{jti}/status - Check status
- POST /v1/badges/{jti}/revoke - Revoke badge
- GET /.well-known/jwks.json - CA public keys
- GET /v1/revocations - Bulk revocation list

Status: Approved
@beonde beonde merged commit b9ff010 into main Dec 10, 2025
@beonde beonde deleted the rfc-002-trust-badge branch December 10, 2025 03:32
@beonde beonde mentioned this pull request Dec 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@beonde