New Book: The Bitcoin Economy , Read free online or get your own copy. Read Now Buy on Amazon
Engineer docs

AttestoBind technical surface.

The adapter layer keeps upstream identity systems in place while Proofnet BTC owns the durable, post-quantum proof packet.

Public Demo Private Review Build List Offerings
What it is

Identity binding layer

AttestoBind accepts verified state from an identity adapter and emits a deterministic, post-quantum signed identity_binding attesto.

What it is not

Not a wallet takeover

Proofnet does not take over wallets, KERI agents, DID resolvers, certificate authorities, C2PA manifest systems, or Sigstore services.

What Proofnet owns

Durable proof packet

Proofnet owns the canonical record, SHA3-512 digest, ML-DSA-87 signature, memory-block persistence, verification packet, and optional Bitcoin anchor receipt.

Security boundary

Public state only

Adapters provide verified public state. Proofnet does not require seed phrases, wallet recovery material, production node credentials, or upstream private keys.

Build status

Review packet build is checked.

Checked means the item is built into the local/static review packet and can be reviewed or exported without exposing secrets. Live customer systems can attach behind the same contract.

Open build list Open checked boxes

Eight-adapter selector

Built: Proofnet Native, KERI, DID, SPIFFE, Sigstore, C2PA, OpenID4VC, and X.509 all resolve through the same selector model.

Non-canonical interoperability bridge

Built: upstream evidence normalizes into the Proofnet identity_binding packet without claiming to replace the source identity system.

KERI deep evidence packet

Built: KERIpy path, AID, OOBI review fixture, KEL inception plus rotation, KeyStateRecord facts, and state checks are represented.

Four-track Phase 4 spread

Built: proof layer, workflow layer, enterprise deployment, and network-scale replay are defined for every adapter.

Memory Block first record path

Built: each packet shows Proofnet Memory Blocks as the native record path with optional Bitcoin anchoring after the fact.

Downloadable review artifacts

Built: selected verification, all verification outputs, selected JSON packet, all adapter packets, selected brief, and all briefs.

Company-facing brief

Built: Blockie Talkie LLC, Proofnet BTC, AttestoBind, Anthony Derbidge, Drew Derbidge, and Jamie Derbidge are included in the brief.

Public-safe security boundary

Built: packets avoid seed phrases, wallet secrets, production node credentials, upstream private keys, and private signing material.

Build list

Bring every adapter to Phase 4.

All adapter paths should reach the same durable Proofnet contract: verified upstream state, canonical digest, ML-DSA-87 binding, Memory Block replay, enterprise controls, and network-scale operation.

How to read this board: each row is an identity adapter and each checked box is one reviewable track in the packet. A check means that track is represented as public-safe evidence, exportable Markdown, JSON, or verification output; customer-specific infrastructure and private credentials stay outside the static packet.
Adapter
Proof layer
Workflow layer
Enterprise layer
Network scale
Proofnet Native
Node identity, PQ key state, Memory Block attesto.
Enroll, rotate, recover, move device, Toshi PQ1 sign.
Policy defaults, reviewer scope, audit export.
Cross-node replay, replicated Memory Blocks, anchor policy.
KERI / KERIpy
AID, OOBI review fixture, KEL replay, KeyStateRecord.
Rotation, recovery, ACDC/vLEI issue, receive, present, revoke.
KERIA path, public OOBIs, witness policy, reviewer scopes.
Cross-organization replay over the accepted KERI state.
DID / DIDKit
DID document, verification method, resolver output digest.
VC/VP issue, present, status, revoke, method policy.
Resolver policy, tenant method selection, audit exports.
Multi-method federation, trust registries, partner verification.
SPIFFE / SPIRE
SPIFFE ID, trust domain, SVID digest, workload identity.
Workload enroll, rotate, expire, service identity consent.
Trust-domain policy, workload role, service audit.
Federated trust domains, service mesh replay, workload audit.
Sigstore / Rekor
Artifact digest, signing identity, Rekor inclusion proof.
CI/CD admission, release approval, provenance verification.
Release gates, provenance export, software audit policy.
Cross-org software supply chain, build policy, release replay.
C2PA
Manifest digest, asset digest, signer, assertion set.
Claim verify, transform, update, revoke, chain-of-custody.
Media policy, review scopes, compliance exports.
Content provenance networks, media audit, custody replay.
OpenID4VC
Issuer, holder, credential digest, presentation digest.
Offer, receive, present, status, revoke, verifier policy.
Issuer policy, verifier routes, tenant audit export.
Federated credential exchange, trust registry, compliance export.
X.509
Certificate chain, subject, issuer, serial, fingerprint.
Issue, renew, rotate, revoke, OCSP/CRL status.
CA policy, certificate profile, audit export.
Enterprise PKI, mTLS/device identity, CA policy replay.
Track 1

Adapter proof layer

Normalize upstream verified state into a canonical identity_binding packet with SHA3-512 state digestion, ML-DSA-87 binding, and a replayable Memory Block record.

  • Resolve the upstream identity subject.
  • Extract the verified state object or replay evidence.
  • Canonicalize the state into stable packet fields.
  • Sign the binding and store the proof packet.
Acceptance

What must be true

The adapter produces a deterministic packet, the digest is repeatable, the signature verifies, and the packet can be imported or replayed without upstream private material.

  • identity_subject is present.
  • identity_state_digest is stable for the same input.
  • binding_digest and signature verify.
  • native_record points to a Memory Block record.
Adapter
Packet fields
API surface
Acceptance
Proofnet Native
node_id, state_digest, pq_signature, native_record.
GET /identity/native/state, POST /identity/native/bind.
Node state binds without external dependencies.
KERI / KERIpy
aid, oobi, kel_events, key_state_digest, witness_threshold.
POST /identity/keri/replay, POST /identity/bind.
OOBI resolves and KEL replay yields KeyStateRecord evidence.
DID / DIDKit
did, doc_digest, verification_method, status.
POST /identity/did/resolve, POST /identity/did/bind.
DID document state canonicalizes cleanly.
SPIFFE / SPIRE
spiffe_id, trust_domain, svid_digest, workload.
POST /identity/spiffe/resolve, POST /identity/spiffe/bind.
Workload identity resolves to a stable SVID digest.
Sigstore / Rekor
artifact_digest, bundle_digest, rekor_uuid, inclusion_proof.
POST /identity/sigstore/verify, POST /identity/sigstore/bind.
Transparency log evidence survives packet import.
C2PA
asset_digest, manifest_digest, claim_digest, signer.
POST /identity/c2pa/inspect, POST /identity/c2pa/bind.
Manifest evidence normalizes without exposing source media secrets.
OpenID4VC
issuer, holder, credential_digest, presentation_digest.
POST /identity/openid4vc/present, POST /identity/openid4vc/bind.
Presentation state digests deterministically.
X.509
subject, issuer, serial, fingerprint, ocsp_status.
POST /identity/x509/verify, POST /identity/x509/bind.
Certificate state canonicalizes with chain verification.
Track 2

Credential and workflow layer

Show issue, receive, present, revoke, rotate, recover, refresh, and status workflows where they make sense for the upstream system.

  • Bind workflow events as public-safe packet fields.
  • Record the exact accepted status at the moment of verification.
  • Keep presentation and revocation evidence replayable.
  • Keep the upstream system in control of its own semantics.
Acceptance

Workflow checks

Each workflow should produce a visible verification result, a canonical digest, and a packet export that does not require live secrets to inspect later.

  • At least one issue or enrollment flow is shown.
  • At least one present or verify flow is shown.
  • Status or revocation is reflected in the packet.
  • Rotation or recovery is preserved as a separate historical record when applicable.
Adapter
Workflow fields
API surface
Acceptance
Proofnet Native
review_scope, reviewer_role, state_version, imported_record.
POST /workflow/native/import, POST /workflow/native/export.
Review and import/export are visible without secrets.
KERI / KERIpy
credential_state, issue_event, present_event, revocation_status, rotation_sequence.
POST /workflow/keri/issue, POST /workflow/keri/present, POST /workflow/keri/status.
Issue, receive, present, revoke, rotate, and recover map to packet fields.
DID / DIDKit
presentation_state, did_method, status, refresh_hint.
POST /workflow/did/present, POST /workflow/did/status.
Presentation and method refresh remain deterministic.
SPIFFE / SPIRE
workload_attestation, trust_domain, rotation_state, mesh_policy.
POST /workflow/spiffe/enroll, POST /workflow/spiffe/rotate.
Workload enrollment and SVID rotation are represented.
Sigstore / Rekor
sign_event, verify_event, checkpoint, release_status.
POST /workflow/sigstore/sign, POST /workflow/sigstore/verify.
Artifact signing and release review remain reproducible.
C2PA
inspect_event, provenance_state, revocation_status, asset_update.
POST /workflow/c2pa/inspect, POST /workflow/c2pa/status.
Provenance and content update flows stay readable.
OpenID4VC
offer_state, presentation_state, credential_status, issuer_policy.
POST /workflow/openid4vc/offer, POST /workflow/openid4vc/present, POST /workflow/openid4vc/status.
Offer, receive, present, revoke, and status are shown.
X.509
certificate_state, rotation_state, ocsp_status, ca_policy.
POST /workflow/x509/issue, POST /workflow/x509/status.
Certificate issue, refresh, and revocation are clear.
Track 3

Enterprise deployment

Make the adapter usable in a real organization with tenants, RBAC, service credentials, audit logs, export paths, and explicit policy controls.

  • Separate tenant and environment state from packet state.
  • Define role boundaries for admin, reviewer, operator, and auditor.
  • Expose audit and export surfaces for enterprise review.
  • Keep all deployment controls outside the private signing material.
Acceptance

Enterprise checks

A deployment is complete when an admin can manage policy, a reviewer can inspect packets, and an auditor can export evidence without needing privileged keys.

  • tenant_id and policy_id are present where needed.
  • role, scope, and audit_event are recorded.
  • Service credentials are managed separately from proof packets.
  • Compliance exports are deterministic and access-controlled.
Adapter
Enterprise fields
API surface
Acceptance
Proofnet Native
tenant_id, policy_id, audit_event, service_role.
GET /admin/policies, POST /admin/audit/export.
Tenant and audit boundaries are explicit.
KERI / KERIpy
tenant_id, agent_id, rbac_role, review_scope.
POST /admin/keri/policy, GET /admin/keri/audit.
KERIA or agent policy can be scoped per tenant.
DID / DIDKit
tenant_id, did_method, resolver_policy, audit_event.
POST /admin/did/policy, GET /admin/did/export.
Method choice and export policy are configurable.
SPIFFE / SPIRE
trust_domain, tenant_id, workload_role, audit_event.
POST /admin/spiffe/policy, GET /admin/spiffe/audit.
Trust-domain and workload roles are tenant-aware.
Sigstore / Rekor
org_policy, release_gate, audit_event, provenance_export.
POST /admin/sigstore/policy, GET /admin/sigstore/export.
Release governance and provenance export are enforced.
C2PA
media_policy, tenant_id, review_scope, export_format.
POST /admin/c2pa/policy, GET /admin/c2pa/export.
Content review and export rules are tenant-scoped.
OpenID4VC
issuer_policy, verifier_route, tenant_id, audit_event.
POST /admin/openid4vc/policy, GET /admin/openid4vc/audit.
Issuer and verifier policy can be managed centrally.
X.509
ca_policy, tenant_id, cert_profile, audit_event.
POST /admin/x509/policy, GET /admin/x509/export.
Certificate policy and audit exports are available.
Track 4

Network scale

Design for cross-organization verification, replicated Memory Blocks, anchor scheduling, partner integrations, and predictable replay even when an upstream service disappears.

  • Support import/export across org boundaries.
  • Record anchor receipts without changing the proof packet.
  • Replicate the native record layer for durable replay.
  • Expose peer, partner, and federation-facing verification surfaces.
Acceptance

Scale checks

The packet should still verify after transport, replication, and time have passed. The proof should remain deterministic even if the source resolver is gone.

  • replica_id or equivalent scale marker is present.
  • anchor_status is optional and does not alter the signed record.
  • federation_id or partner scope is expressible where relevant.
  • Verification can run from a copied packet alone.
Adapter
Scale fields
API surface
Acceptance
Proofnet Native
replica_id, anchor_status, sync_state, audit_chain.
POST /scale/native/replicate, GET /scale/native/status.
Native records replicate across nodes cleanly.
KERI / KERIpy
federation_id, peer_org, witness_policy, anchor_receipt.
POST /scale/keri/federate, POST /scale/keri/anchor.
Cross-org verification and replay survive resolver loss.
DID / DIDKit
method_registry, replica_id, resolver_status, federation_id.
POST /scale/did/federate, GET /scale/did/status.
DID resolution remains portable across environments.
SPIFFE / SPIRE
trust_bundle, federation_id, mesh_replica, anchor_status.
POST /scale/spiffe/federate, POST /scale/spiffe/anchor.
Trust-domain federation is visible and auditable.
Sigstore / Rekor
transparency_root, checkpoint, replica_id, release_anchor.
POST /scale/sigstore/replicate, GET /scale/sigstore/checkpoint.
Provenance can be replayed from replicated records.
C2PA
partner_id, asset_federation, replica_id, chain_state.
POST /scale/c2pa/federate, GET /scale/c2pa/status.
Content provenance remains portable between organizations.
OpenID4VC
trust_registry, verifier_route, federation_id, replica_id.
POST /scale/openid4vc/federate, GET /scale/openid4vc/status.
Credential exchange can span trust registries.
X.509
ca_chain, federation_id, replica_id, crl_ocsp_state.
POST /scale/x509/federate, GET /scale/x509/status.
PKI replay and revocation stay inspectable at scale.
CLI shape

Review and operations commands.

These commands express the expected service contract: list adapters, bind state, verify packets, import records, and issue optional anchor receipts.

proofnet attestobind adapters
proofnet attestobind bind --scheme keri --source state.json
proofnet attestobind verify binding.json
proofnet attestobind store-import binding.json
proofnet attestobind packet sha3-512:<digest>
proofnet attestobind anchor-receipt sha3-512:<digest>
Record fields

Canonical record surface.

attesto_type
identity_binding
identity_scheme
keri, did, sigstore, c2pa, spiffe, openid4vc, x509, proofnet_native
identity_subject
Upstream public identity handle, such as a KERI AID or DID.
identity_state_digest
SHA3-512 digest of verified upstream state.
binding_digest
SHA3-512 digest of the canonical Proofnet binding record.
proofnet_pq_signature_b64
ML-DSA-87 signature over the canonical signed message.
Verification packet

Portable proof artifact.

{
  "type": "proofnet_attestobind_packet_v0",
  "binding_digest": "sha3-512:<digest>",
  "verification": {
    "ok": true,
    "binding_digest_valid": true,
    "proofnet_pq_signature_valid": true
  },
  "durable_proof_claim": {
    "native_record": "proofnet_memory_block_first",
    "optional_external_anchor": "bitcoin"
  }
}
HTTP service surface

Conceptual API routes.

The static site does not expose live APIs. These routes document the service contract for a node or private demo service.

GET/identity/adapters
POST/identity/bind
POST/identity/bindings/verify
GET/identity/bindings/:digest
GET/identity/subjects/:scheme/:subject
POST/identity/anchor
Export surface

Every adapter has a downloadable packet.

The public demo and private room expose selected-adapter downloads and full all-adapter bundle downloads. The bundle shape is intentionally public-safe so it can be forwarded for engineering review.

JSONselected identity_binding packet
JSONall eight Phase 4 packets
TXTall verification outputs
MDall adapter review briefs
MDAttestoBind readiness board
Static deployment note: these docs describe the integration contract. The public Cloudflare Pages site serves safe HTML and fixtures. Live verification, reviewer credentials, node state, and production APIs belong behind a server-side gate.