SRI identity system — identifiers, scopes, and verification. The proof_of_personhood scope is the Sigil signal: when a user signs it, they’re asserting a verified Sigil to your app.
What the flow looks like
- Your app prompts the user to sign a Stamped Mandate (PINT) carrying an identity scope — for example
sr:us:pint:identity:proof_of_personhoodor a KYC attestation scope. - Your app exchanges the signed Stamped Mandate with SIS for a JWT.
- The JWT travels to your login endpoint as
x-sumvin-pint-token. - Your backend verifies the JWT against the SIS JWKS, reads the
subclaim (the user’s SRI), and inherits the verified attestations from the token body. - You associate the Sumvin SRI with your local account record and issue your own session token.
Which primitives back it
- SRIs are the durable, URI-style identifier behind a Sigil (for example
sr:us:person:safe:0x...). See the SRI format. - JWT verification is the same primitive as for checkout — verify against SIS JWKS, check
audandexp. See Verify a JWT. - Attestation claims carry verified facts — age, KYC status, Proof of Personhood — inside the JWT body. See attestation claims.
- Identity scopes describe which verified facts the user is consenting to share, including the
proof_of_personhoodscope. See the scopes reference.