The Open Capability Certification Standard
The internet moved data without knowing who sent it.
UCCO moves capability with full knowledge of who holds it, what they're certified to do, and what they actually did.
What is UCCO?
An enriched transit layer
UCCO defines how capability credentials are issued, verified, and revoked. Every certification carries cryptographic proof of who issued it, who holds it, and what they demonstrated. The standard is open. The implementations compete.
The document knows who’s reading it
UCCO credentials are bound to verified identities through a dual-key architecture. A persistent signing key establishes authority. An ephemeral session key proves presence. Both must agree before any capability assertion is trusted.
What you did, not just what you can do
Every capability action is recorded in an append-only hash chain. The chain is the audit trail. It cannot be edited without detection. Revocation propagates through the network. Expired credentials die on schedule.
The Standard
Universal Capability Certification Object
The UCCO standard defines the data structures, cryptographic operations, and protocol requirements for interoperable capability certification. It is designed for implementation by any conforming actor — human or autonomous.
- 1Scope
- 2Normative References
- 3Terms and Definitions
- 4UCCO Data Model
- 5Cryptographic Operations
- 6Lifecycle Management
- 7Revocation and Expiry
- 8Conformance Requirements
Participate
Open Development
UCCO is developed in the open. The specification, discussion, and governance all happen on GitHub. Anyone can read the standard, open an issue, or propose a change.
Join the Discussion→Governance
The UCCO Foundation maintains the standard as a public good. The foundation is independent of any single implementation. Governance procedures, contribution guidelines, and the editorial process are documented in the repository.
Contribution Guide→