Signed Identity
Graph

A web-native protocol for publishing cryptographically signed relationship attestations. No proprietary registries, no vendor lock-in — just standard HTTPS.

Get Started Read the Spec

$ cargo install authkeep-cli

Documentation

Protocol model, data model, event types, signing, verification, and state derivation.

Specification

The complete SIG protocol specification with conformance requirements and security considerations.

CLI Reference

Initialize issuers, append events, verify feeds, and make authorization decisions from the command line.

API Reference

Rust crate architecture — authkeep-core, authkeep-jose, authkeep-server, authkeep-client, and authkeep-web.

Protocol Layers

Four layers of verified trust

SIG operates through identity, trust, attestation, and distribution layers.

Identity Layer

Publish a did:web identifier tied to your domain.

Trust Layer

Publish Ed25519 signing keys as JWKS at well-known URLs.

Attestation Layer

Sign and publish relationship events in an append-only NDJSON feed.

Distribution Layer

Consumers fetch, verify, and derive state through standard HTTPS.

Ed25519

Signing

JWS

Verification

HTTPS

Transport

100%

Open Source

Signed IdentityGraph