The Scenario

A buyer presents an employment credential.
0.59 joules.

Sarah holds a verifiable credential issued by her employer. She presents it to the lender via OID4VP. The lender verifies it without calling HR. The whole exchange spends 0.6 joules and emits a signed receipt.

Start the walkthrough Skip to the artifact

Discovery

Lender RP

0.04 J

The lender's portal advertises its credential request.

The lender publishes an OpenID Connect discovery document at /.well-known/openid-configuration with vp_formats including jwt_vc_json and dc+sd-jwt, and an authorization_endpoint that accepts an OID4VP request_uri. Sarah's wallet fetches the document over a single 0.6 KB TLS exchange.

JWP ReceiptPayload

kind "trust.discovery.fetch"

doc.size 612 B gz

vp_formats jwt_vc_json, dc+sd-jwt

joules 0.038

cite "OIDC Core 1.0 §4 · OID4VP draft-21 §5.10"

sig "ed25519:0x4f...c1a"

Authentication

TrustOS IdP

0.07 J

Sarah signs in. An ID token is issued, not stored.

TrustOS authenticates Sarah via passkey (WebAuthn level 3, attested by an iCloud Keychain authenticator) and returns an ID token with acr=urn:openid:loa:high mapped to ISO/IEC 29115 LoA 4. No password reaches the relying party; no shared secret is written to disk.

JWP ReceiptPayload

kind "trust.id.token.issued"

acr loa:high

auth.method passkey/webauthn-l3

token.size 1.94 KB

joules 0.072

cite "OIDC Core 1.0 §2 · ISO/IEC 29115 LoA 4"

sig "ed25519:0x4f...c1a"

Request

Lender RP

0.04 J

The lender sends a Presentation Exchange definition.

The lender's OID4VP authorization request carries a DIF Presentation Exchange v2 presentation_definition asking for an EmploymentCredential with constraints on issuer DID, employer EIN, gross_income.last_2y, and a not_before within 30 days. Eight constraint filters, one input_descriptor.

JWP ReceiptPayload

kind "trust.pe.definition.received"

input_descriptors 1

constraints 8

purpose mortgage.underwrite

joules 0.041

cite "DIF Presentation Exchange v2 §4 · OID4VP draft-21 §6"

sig "ed25519:0x4f...c1a"

Selective Disclosure

Wallet

0.12 J

The wallet builds an SD-JWT VP with only four claims.

Of 27 disclosable claims on the credential, the wallet releases employer_name, employment_status, gross_income.2024, gross_income.2025 — the rest stay as salted hashes (RFC draft-ietf-oauth-selective-disclosure-jwt-08). One audience-bound key_binding_jwt is appended; nonce echoes the lender's c_nonce.

JWP ReceiptPayload

kind "trust.vp.token.built"

claims.disclosed 4 / 27

kb_jwt ES256, aud=lender.example

joules 0.118

cite "OID4VP draft-21 §6.1 · SD-JWT draft-08 · RFC 7519"

sig "ed25519:0x4f...c1a"

Verification

Lender Verifier

0.09 J

The verifier resolves the issuer DID and checks revocation.

The lender resolves the issuer's did:web:hr.acme.example to a JWKS, validates the JWS over the credential (RFC 7515, alg=ES256), and checks the StatusList 2021 bitstring entry at index 14228 — bit clear, credential live. Round trip: 184 ms; 27 KB pulled and cached for 24 h.

JWP ReceiptPayload

kind "trust.vc.verified"

issuer did:web:hr.acme.example

status.index 14228

status.bit 0

joules 0.094

cite "W3C VC Data Model 2.0 · RFC 7515 · StatusList 2021"

sig "ed25519:0x4f...c1a"

Assurance

TrustOS Policy

0.07 J

Issuer trust framework is checked against eIDAS LoA High.

TrustOS looks up the issuer in the EU LOTL (List of Trusted Lists) and the U.S. NIST IAL2/AAL2 registry. The credential's issuance flow carries trust_framework="eidas" and loa="high", matching the lender's policy threshold of ≥ ISO 29115 LoA 3.

JWP ReceiptPayload

kind "trust.framework.matched"

policy loa>=3

trust.framework eidas

joules 0.066

cite "ISO/IEC 29115 LoA 3 · eIDAS Regulation (EU) 910/2014 · NIST SP 800-63-3 IAL2"

sig "ed25519:0x4f...c1a"

Quorum

FROST coordinator

0.14 J

Three FROST signers co-author the closing keypair.

Sarah, the bank, and the title company run a 2-of-3 FROST round (draft-irtf-cfrg-frost-15) over Ed25519: round 1 commitments 96 B each, round 2 partial signatures 32 B each, final 64 B Ed25519 signature. No participant ever sees the full private key.

JWP ReceiptPayload

kind "trust.frost.signed"

threshold 2-of-3

sig.size 64 B

round.trips 2

joules 0.142

cite "draft-irtf-cfrg-frost-15 · RFC 8032 Ed25519"

sig "ed25519:0x4f...c1a"

Audit

TrustOS Ledger

0.02 J

Five JWP receipts hash into a single closing envelope.

Discovery, authn, presentation, verification, FROST — each step's receipt is a JSON Web Proof (draft-ietf-jose-json-web-proof-09) appended to the closing audit log. A Merkle root over the five leaves is anchored in the lender's transparency log; the root is 32 B.

JWP ReceiptPayload

kind "trust.audit.envelope"

leaves 5

root sha256:7c2e…d41a

joules 0.024

cite "JWP draft-09 · RFC 6962 transparency log"

sig "ed25519:0x4f...c1a"

TrustOS, in one line

0.59 joules. One receipt.

TrustOS handles identity as a typed, signed, energy-metered operation. The whole pillar is one shape: take a claim, do the work, sign the receipt.

Open the artifact → See the receipt format →

A buyer presents an employment credential. 0.59 joules.

The lender's portal advertises its credential request.

Sarah signs in. An ID token is issued, not stored.

The lender sends a Presentation Exchange definition.

The wallet builds an SD-JWT VP with only four claims.

The verifier resolves the issuer DID and checks revocation.

Issuer trust framework is checked against eIDAS LoA High.

Three FROST signers co-author the closing keypair.

Five JWP receipts hash into a single closing envelope.

0.59 joules. One receipt.

A buyer presents an employment credential.
0.59 joules.