KYC and attestation

KYC and attestation are what feed : the verified outcome of a KYC run becomes the portable, KYC-verified identity a user carries across products. Sumvin turns the raw outcome of a KYC run — an identity document, a liveness check, a sanctions screen — into a small set of attestation claims that a verifier can consume on a . The raw KYC data stays with the identity-verification provider and with Sumvin; the verifier only sees the attestation.

The pipeline

The partner runs KYC in one of three modes: WebSDK, hybrid, or document-only. See the KYC guide for each mode’s shape.
The identity-verification provider returns a verified identity outcome to Sumvin. Sumvin stores the user’s name and the link to the applicant record; the full PII remains with the provider.
On token exchange, the user’s KYC outcome surfaces on the issued JWT as the kyc_status claim, and — when the scope envelope requests them — as further attestations like age_over_18 or proof_of_personhood. Together these claims are what make Sigil a portable Proof of Personhood.

What a verifier trusts

The verifier trusts the SIS signature on the JWT. The chain of trust is:

Identity-verification provider
  → Sumvin (stores outcome, gates on scope)
  → SIS (signs the JWT)
  → Verifier (validates signature against JWKS)

A verifier accepting a kyc_status: verified claim is transitively trusting the identity-verification provider via Sumvin via SIS. A verifier that needs to inspect underlying KYC documents (not just the status) requests sr:us:pint:identity:kyc_read — the scoped SIS lookup endpoint then returns the document metadata to the verifier’s API key.

KYC and attestation

KYC and attestation

The pipeline

What a verifier trusts

See also

Referenced from

​KYC and attestation

​The pipeline

​What a verifier trusts

​See also

​Referenced from

KYC and attestation

The pipeline

What a verifier trusts

See also

Referenced from