Implementation experience: intent-gated identity and provenance wrapper (did:jis + TIBET from Jasper van de Meent on 2026-02-11 (public-credentials@w3.org from February 2026)

From: Jasper van de Meent <info@humotica.com>
Date: Wed, 11 Feb 2026 04:52:04 +0100 (CET)
To: "public-credentials@w3.org" <public-credentials@w3.org>
Cc: Ian Jacobs <ij@w3.org>
Message-ID: <1513148134.248438.1770781924350@webmail.strato.com>

Dear Credentials Community Group,

Following a recent discussion with Ian Jacobs, I am reaching out to share implementation-driven work and to gauge whether it may be relevant to ongoing or adjacent efforts within the W3C ecosystem.

This is not a proposal to create a new specification within the CG.
I would like to share running code and operational experience that addresses what I see as a structural gap between identity, capability, and enforceable intent in delegated and autonomous systems.

---------------------------------------------

The gap: intent and persistent provenance

Current identity and credential standards are strong at answering:

* Who (identity via DIDs)

* What (capabilities via Verifiable Credentials)

However, there is generally no protocol-level requirement that:

* Intent is explicitly declared before interaction, and

* Context and reasoning persist as a verifiable chain over time.

At scale, this leads to what I describe as “compliance archaeology”:
after an incident, systems attempt to reconstruct intent from logs rather than relying on cryptographically declared intent that existed prior to execution.

---------------------------------------------

Architectural model: audit as a precondition

The model implemented in this stack inverts the conventional approach:

* Audit is not an observation of behavior (logging).

* Audit is a precondition for behavior.

In this architecture, no interaction can occur unless identity and intent are declared upfront. The resulting provenance structure is not a side effect; it is the cryptographic mechanism that enables the action itself.

This model applies equally to:

* human-to-human interactions,

* human-to-AI delegation,

* AI-to-AI interactions.

It is not AI-specific, though it becomes particularly relevant in autonomous systems.

---------------------------------------------

Running implementations

I am sharing this work as an independent protocol architect, grounded in open-source implementations currently deployed in production environments (80 countries, ~33k+ combined downloads across related components).

The reference implementations originated within the Humotica open-source project and include:

---------------------------------------------

1. TIBET — Provenance Layer

Function:
A token-based provenance structure that can wrap or reference existing Verifiable Credentials to add intent, context, and chain-of-custody semantics.

TIBET does not replace VC formats. It operates as a structured envelope or wrapper that adds an immutable, forward-declared intent and context layer.

Status:
Running code, in production usage.

IETF Internet-Draft:
https://datatracker.ietf.org/doc/draft-vandemeent-tibet-provenance/

---------------------------------------------

2. did:jis — Identity Layer

Function:
A DID method that enforces bilateral consent before resolution or interaction (FIR/A protocol). Resolution is not assumed to be passive; it requires explicit intent acknowledgment by both parties.

This addresses spoofing and continuous consent challenges in delegated and autonomous environments.

Status:
Running code, in production usage.

IETF Internet-Draft:
https://datatracker.ietf.org/doc/draft-vandemeent-jis-identity/

---------------------------------------------

Why this may be relevant to the Credentials CG

I am not seeking to initiate a new standards effort at this stage.

Instead, I would welcome discussion around possible alignment with existing or emerging work in areas such as:

* DID Core: intent-gated resolution and bilateral consent models

* Verifiable Credentials: interoperable provenance envelopes around existing VC formats

* Delegation & agency: operational behavior in offline-first and AI-mediated environments

If the group finds this direction relevant, I would appreciate the opportunity to briefly present the architecture and deployment findings for discussion and feedback.

Thank you for your time and for the work you do in maintaining and evolving the web’s trust infrastructure.

Kind regards,

Jasper van de Meent
Independent Protocol Architect
(Open-source implementations stewarded via the Humotica project)

Received on Wednesday, 11 February 2026 03:55:09 UTC