Current integrations
Current UM standards integrations.
Each section names the standard, says what it does, shows what a UM manifest carries or references from it, and draws the line at what UM leaves alone.
00 / trust OmaTrust (OMA3 Trust and Attestation).
Trust attestation and verification for the open ecosystem.
OmaTrust OMA3
What it does OmaTrust provides trust attestation and verification for the open ecosystem. It is developed by OMA3.
What UM carries A manifest facet can carry an OmaTrust attestation: a trust claim issued within the OmaTrust framework. The attestation sits inside the manifest alongside other facets (credentials, consents, device state). When a receiver processes the manifest, it can verify the OmaTrust attestation through OmaTrust's attestation framework while applying UM's projection and consent rules to determine what else travels with it.
What UM leaves alone Attestation issuance, OmaTrust verification protocols, trust-level definitions, and OMA3 governance decisions. UM carries OmaTrust attestations as facets. OmaTrust defines what those attestations mean and how they are verified.
01 / who DID (Decentralized Identifiers).
Stable, decentralized identifiers that resolve to a DID Document without relying on a central registry.
DID W3C
What it does DIDs give subjects stable, decentralized identifiers that resolve to a DID Document without relying on a central registry. W3C Recommendation since 2022.
What UM carries A manifest's subject field can hold a DID (did:key, did:web, did:plc, or any method). The DID identifies who the manifest is about. UM also supports pairwise DIDs in the subject field so the same person can present a different identifier to each receiver, preventing cross-context tracking.
What UM leaves alone DID method definitions, resolution protocols, DID Document structure, and key management. UM consumes a DID as an identifier. It does not issue, rotate, or revoke DIDs.
02 / claims Signed claims issued by one party about another, verifiable by any third party.
VC W3C
What it does VCs are signed claims issued by one party about another, verifiable by any third party. W3C Recommendation, v2.0 published 2025.
What UM carries A manifest facet can contain a Verifiable Credential or a reference to one. The VC sits inside the manifest as a claim alongside other data (consents, device registrations, pointers). When the receiver processes the manifest, the UM spec tells it which facets are in scope, which to verify, and what result to record.
What UM leaves alone Credential issuance, issuer governance, VC signature suites, and the trust frameworks that decide which issuers to accept. UM is the envelope; VCs are one type of payload.
03 / present OID4VP (OpenID for Verifiable Presentations).
How a verifier requests a credential presentation from a wallet and receives one back, using OAuth 2.0 mechanics.
OID4VP
What it does OID4VP defines how a verifier requests a credential presentation from a wallet and receives one back, using OAuth 2.0 mechanics. An OpenID Foundation specification.
What UM composes with UM can define the manifest context that wraps an OID4VP exchange. The manifest declares what the subject is willing to present, under what consent terms, and to what audience. When a wallet responds to an OID4VP request, the manifest's projection rules determine which facets are included in the presentation. The result object records what the receiver asked for, what it received, and what it verified.
What UM leaves alone The OID4VP request/response protocol, wallet-to-verifier transport, and OAuth 2.0 mechanics. UM operates at the content and policy layer; OID4VP operates at the presentation transport layer.
04 / encrypt HPKE (Hybrid Public Key Encryption).
Encrypts a payload to a recipient's public key using a hybrid scheme. IETF RFC 9180.
HPKE RFC 9180
What it does HPKE encrypts a payload to a recipient's public key using a hybrid scheme (key encapsulation plus symmetric encryption). IETF RFC 9180, published 2022.
What UM uses it for UM supports encrypted inline facets as an optional privacy path. A manifest can contain facets where the payload is encrypted so that only specific receivers can read it. The facet name stays visible (so any receiver knows the facet exists), but the content is opaque ciphertext. A receiver that cannot decrypt the facet records it as "present but unreadable" in the result object. HPKE is one candidate encryption scheme for this path; JWE (JSON Web Encryption) is another.
What UM leaves alone Key encapsulation algorithms, encryption primitives, key distribution, and key rotation. UM identifies which facets are encrypted and specifies receiver behavior when a facet cannot be decrypted. The cryptographic operations themselves belong to HPKE (or whichever encryption scheme the deployment profile selects).
05 / cards ISO mDL (Mobile Driver's Licence).
How a mobile driver's licence is structured, signed, and presented from a device. ISO/IEC 18013-5.
ISO mDL ISO/IEC 18013-5
What it does ISO 18013-5 defines how a mobile driver's licence is structured, signed, and presented from a device. An ISO/IEC standard.
What UM carries A manifest facet can hold or reference mDL-derived proof material. The manifest does not replace the mDL; it carries a reference or extracted attestation alongside other context the mDL does not cover (consents, device state, additional claims from other issuers). The receiver uses the mDL material for the question in scope (age, address, licence class) while the rest of the manifest follows UM projection and result behavior.
What UM leaves alone Licence issuance, trust lists, mDL presentation protocols, and the ISO certification process. The issuing authority and mDL ecosystem own the credential. UM provides the portable context around it.
06 / proof Attaches cryptographic proofs to structured data at the RDF graph level, using linked-data canonicalization.
W3C-DI
What it does Data Integrity attaches cryptographic proofs to structured data at the RDF graph level, using linked-data canonicalization. A W3C specification.
What UM supports UM's signature architecture is designed for multiple coexisting proof profiles. The current v0.2 profile uses JCS (JSON-level canonicalization) plus Ed25519 as the pragmatic first profile. A Data Integrity profile (RDF canonicalization plus linked-data proofs) is a planned additive profile. Deployments that need both can carry UM-native proof material and Data Integrity proof material in the same manifest. Receivers verify the profiles they support and skip unknown ones safely.
What UM leaves alone RDF canonicalization (URDNA2015), JSON-LD processing, proof suite definitions, and Data Integrity governance. UM's multi-profile architecture means Data Integrity is additive, not a replacement for the base profile.
07 / no GPC (Global Privacy Control).
A browser-level signal refusing the sale or sharing of personal data, with legal force in some jurisdictions.
GPC
What it does GPC lets a user send a browser-level signal (via Sec-GPC header or navigator.globalPrivacyControl) refusing the sale or sharing of their personal data, in jurisdictions where the law gives that signal legal force.
What UM composes with GPC is a binary signal: on or off. UM consent records are granular: per-facet, per-purpose, with scope, expiry, and withdrawal semantics. A receiver can honor the GPC signal at the request level and still use UM consent records for interaction-specific permissions within the manifest. UM can also carry evidence of a GPC signal as a consent pointer, creating a portable record that the subject's privacy preference was active at the time of the exchange.
What UM leaves alone The GPC signal mechanism, browser implementation, and the legal regimes that give it force. UM does not replicate or override GPC. It adds a more granular consent layer that can coexist with the binary signal.
UM does not compete with standards. It composes with them. The composition boundary is the same every time: the standard produces the credential, the identifier, the proof, or the transport mechanism. UM carries it, references it, or sits beside it inside a portable envelope. UM defines what happens when a receiver processes the result: projection, consent, opacity, receipts. The standard's own rules govern everything inside its boundary. This is why the registry can grow to hundreds of entries without UM's spec growing at the same rate. Each new integration adds a composition profile. The core receiver behavior stays the same.
