<?xml version="1.0" encoding="UTF-8"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude"
     ipr="trust200902"
     docName="draft-anders-merchant-identity-assertions-01"
     category="info"
     submissionType="IETF"
     consensus="false"
     version="3">

  <front>
    <title abbrev="Merchant Identity Assertions">Merchant Identity Assertions for Autonomous Commerce</title>

    <seriesInfo name="Internet-Draft" value="draft-anders-merchant-identity-assertions-01"/>

    <author fullname="Robb Anders" initials="R." surname="Anders">
      <organization>RegisteredBrands.AI</organization>
      <address>
        <email>founder@registeredbrands.ai</email>
        <uri>https://registeredbrands.ai</uri>
      </address>
    </author>

    <date year="2026" month="July" day="4"/>


    <keyword>merchant identity</keyword>
    <keyword>autonomous commerce</keyword>
    <keyword>agentic commerce</keyword>
    <keyword>trust verification</keyword>
    <keyword>Ed25519</keyword>

    <abstract>
      <t>Existing work helps a relying party determine whether an
      automated client is authorized to initiate a transaction. This
      document addresses the complementary problem: how that client
      can obtain a verifiable identity statement about the merchant
      that will receive the resulting payment, before the transaction
      is completed.</t>

      <t>This document defines a Merchant Identity Assertion (MIA):
      a signed JSON document binding a legal entity claim to a
      domain name. It specifies the claims schema, the proof
      envelope, key discovery via a JSON Web Key Set at a
      well-known URI, third-party issuance with explicit
      authorization, signing and verification procedures, validity
      and revocation semantics, and an optional signed Evaluation
      Result Token that records the outcome of a verification check
      as a portable audit artifact.</t>

      <t>This document is informational. It defines a discovery and
      verification mechanism only. It does not define trust scoring,
      merchant ranking, payment authorization, or agent identity.
      It complements existing agent identity and payment
      authorization protocols without modifying them.</t>
    </abstract>
  </front>

  <middle>
    <section anchor="introduction">
      <name>Introduction</name>

      <t>The rapid growth of autonomous AI agents executing financial
      transactions on behalf of human principals has created a new
      class of trust requirements that existing protocols do not
      fully address.</t>

      <t>Current work in agent identity -- including IETF Web Bot Auth
      <xref target="WEBBOTAUTH"/> and payment authorization frameworks such as Visa
      Trusted Agent Protocol, Mastercard Agent Pay, and the KYAPay Profile
      <xref target="KYAPAY"/> -- provides
      mechanisms for a receiving system to verify that an automated
      client is legitimate and authorized to transact.
      HTTP Message Signatures <xref target="RFC9421"/> provide the cryptographic
      foundation on which several of these frameworks build.</t>

      <t>MIA is independent of these mechanisms but designed to
      compose with them. A relying party MAY use Web Bot Auth or
      HTTP Message Signatures to authenticate itself to the
      merchant's MIA endpoint, and the merchant MAY use the same
      mechanisms to authenticate its inbound transaction request
      from the agent. The MIA itself is fetched as a static signed
      document and does not require any specific transport-layer
      authentication. This independence is intentional: it allows
      MIA verification to occur in deployment contexts where
      transport-coupled signing is not available, while permitting
      transport-coupled signing where it is.</t>

      <t>These mechanisms answer: "Is this agent who it claims to be,
      and is it authorized to pay?"</t>

      <t>A complementary question remains unanswered by existing
      standards: "Is the merchant this agent intends to pay who it
      claims to be?"</t>

      <t>In human-mediated commerce, consumers evaluate merchant
      identity through visual cues, brand recognition, and
      accumulated reputation. Autonomous agents lack these faculties.
      Without a machine-readable, cryptographically verifiable
      merchant identity mechanism, agents must either trust merchant
      identity claims implicitly -- creating fraud exposure -- or
      implement proprietary verification mechanisms that are not
      interoperable.</t>

      <t>This document defines the Merchant Identity Assertion (MIA):
      a minimal, interoperable signed JSON document that enables any
      autonomous agent to verify merchant identity before executing
      a transaction.</t>

      <t>The MIA is designed to:</t>

      <ul>
        <li>Be self-hostable by any merchant at a well-known URI</li>
        <li>Be verifiable by any agent without central registry dependency</li>
        <li>Complement existing agent identity protocols without replacing or competing with them</li>
        <li>Support independent implementations by any party</li>
      </ul>

      <t>This document does not define trust scoring algorithms,
      merchant ranking systems, payment authorization protocols,
      or agent identity mechanisms. Those concerns are addressed
      by other specifications.</t>
    </section>

    <section anchor="terminology">
      <name>Terminology</name>

      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
      "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",
      "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document
      are to be interpreted as described in BCP 14 <xref target="RFC2119"/>
      <xref target="RFC8174"/> when, and only when, they appear in all capitals,
      as shown here.</t>

      <dl>
        <dt>Merchant:</dt>
        <dd>A legal entity offering goods or services in exchange for
        payment, identified by a domain name.</dd>

        <dt>Merchant Identity Assertion (MIA):</dt>
        <dd>A signed JSON document attesting to the verifiable identity
        of a merchant entity, as defined in <xref target="mia"/>.</dd>

        <dt>Claims Object:</dt>
        <dd>The JSON object containing the identity fields of an MIA,
        excluding the proof. Used as the signing input.</dd>

        <dt>Proof Object:</dt>
        <dd>The JSON object embedded in an MIA that carries the
        cryptographic signature and key reference, as defined
        in <xref target="proof-object"/>.</dd>

        <dt>Issuer:</dt>
        <dd>An entity that signs and publishes a Merchant Identity
        Assertion. The issuer MAY be the merchant itself or a
        third party acting on the merchant's behalf with explicit
        authorization per <xref target="third-party-auth"/>.</dd>

        <dt>Relying Party:</dt>
        <dd>An autonomous agent or system that consumes a Merchant
        Identity Assertion to make a pre-transaction verification
        decision.</dd>

        <dt>Subject Domain:</dt>
        <dd>The fully qualified domain name (FQDN) to which the
        Merchant Identity Assertion applies.</dd>

        <dt>Evaluation Result Token (ERT):</dt>
        <dd>A signed JWT <xref target="RFC7519"/> issued by a verification service
        summarizing the result of a pre-transaction merchant
        identity check, as defined in <xref target="ert"/>.</dd>

        <dt>Key Directory:</dt>
        <dd>A JSON Web Key Set <xref target="RFC7517"/> published at a well-known
        location used to discover public keys for signature
        verification.</dd>

        <dt>Domain Comparison:</dt>
        <dd>Throughout this document, comparison of two FQDNs
        (e.g., subject against verifier-supplied domain;
        verificationMethod authority against issuer.domain;
        DNS TXT issuer value against issuer.domain) MUST be
        performed as follows: both values are converted to
        their A-label form per IDNA2008 <xref target="RFC5890"/>;
        any trailing dot is removed; the resulting ASCII
        labels are compared case-insensitively. Internationalized
        domain names that differ only by U-label vs A-label
        representation MUST be treated as equal. Implementations
        MUST reject FQDN values that contain disallowed code
        points or that fail IDNA2008 processing.</dd>
      </dl>
    </section>

    <section anchor="problem-statement">
      <name>Problem Statement</name>

      <t>Consider an autonomous procurement agent operating on
      behalf of a corporate principal. The agent receives an
      invoice from supplier.example.com for goods delivered
      under an existing master services agreement. The agent
      has standing authorization to settle invoices below a
      configured threshold without human review.</t>

      <t>Before authorizing payment, the agent needs to answer
      a question that has no standardized protocol response
      today: is the legal entity operating supplier.example.com
      the same entity named on the underlying agreement? The
      agent has the invoice, a domain name, and a payment
      destination. It has no machine-readable, cryptographically
      verifiable statement that binds the domain to a specific
      legal entity, jurisdiction, and registration record.</t>

      <t>In the absence of such a statement, the agent has three
      options: trust the domain implicitly, defer to a human
      reviewer (defeating the automation), or rely on a
      proprietary verification service whose attestations are
      not interoperable with other agents or auditors.</t>

      <t>This document addresses this gap. It defines a signed,
      self-hostable assertion that any merchant can publish
      and any agent can verify, producing a portable audit
      artifact in the process.</t>

      <t>More generally, autonomous agents executing financial
      transactions face a fundamental asymmetry: agent identity
      protocols enable merchants to verify agents, but no
      complementary mechanism enables agents to verify merchants.</t>

      <t>This asymmetry creates the following risks:</t>

      <section anchor="merchant-impersonation">
        <name>Merchant Impersonation</name>
        <t>Without verifiable merchant identity, an agent may be
        directed to pay a fraudulent entity impersonating a
        legitimate merchant. Domain spoofing, homograph attacks,
        and DNS hijacking all represent realistic attack vectors
        in autonomous transaction flows.</t>
      </section>

      <section anchor="absent-audit-trail">
        <name>Absent Audit Trail</name>
        <t>Regulated industries including healthcare, government
        procurement, and financial services require demonstrable
        proof that vendor identity was verified before payment.
        No standardized cryptographic mechanism currently exists
        to produce this proof in autonomous transaction flows.</t>
      </section>

      <section anchor="policy-enforcement-gap">
        <name>Policy Enforcement Gap</name>
        <t>Human principals delegating transaction authority to
        autonomous agents may wish to restrict transactions to
        verified merchant entities. Without a machine-readable
        merchant identity standard, such policies cannot be
        enforced consistently across agent implementations.</t>
      </section>

      <section anchor="interoperability-absence">
        <name>Interoperability Absence</name>
        <t>Proprietary merchant verification mechanisms implemented
        by individual agent platforms are not interoperable. A
        merchant verified by one platform's mechanism provides
        no assurance to a different platform. A common standard
        eliminates this fragmentation.</t>
      </section>
    </section>

    <section anchor="design-goals">
      <name>Design Goals</name>

      <dl>
        <dt>G1. Verifiability:</dt>
        <dd>Any relying party MUST be able to verify an MIA using
        only the assertion document and publicly available key
        material, without dependency on a central authority.</dd>

        <dt>G2. Self-Hostability:</dt>
        <dd>Any merchant MUST be able to publish an MIA without
        registration with a central registry. Discovery via
        well-known URI <xref target="RFC8615"/> enables decentralized
        publication.</dd>

        <dt>G3. Interoperability:</dt>
        <dd>The MIA format MUST permit independent implementation
        by any party. No proprietary extensions SHALL be
        required for basic verification.</dd>

        <dt>G4. Minimal Disclosure:</dt>
        <dd>The MIA MUST contain only the fields necessary to
        establish merchant identity. Trust scoring, ranking,
        and behavioral data are explicitly out of scope.</dd>

        <dt>G5. Composability:</dt>
        <dd>The MIA MUST complement existing agent identity and
        payment authorization protocols without requiring
        modification to those protocols.</dd>

      </dl>
    </section>

    <section anchor="non-goals">
      <name>Non-Goals</name>

      <t>The mechanism defined in this document is intentionally
      narrow. The following are explicitly out of scope:</t>

      <dl>
        <dt>Trust scoring or reputation:</dt>
        <dd>An MIA does not assert that a merchant is trustworthy,
        reliable, well-behaved, financially solvent, or a good
        commercial counterparty. It asserts only that a specific
        legal entity has cryptographically bound identity claims
        to a specific domain. Reputation, ratings, scoring, and
        behavioral signals are out of scope.</dd>

        <dt>Merchant ranking or discovery:</dt>
        <dd>This document defines no mechanism for ranking,
        prioritizing, recommending, or directing relying parties
        toward any merchant. MIA verification produces a binary
        outcome (the assertion is valid or it is not) and a set
        of identity claims; it produces no ordering.</dd>

        <dt>Endorsement or certification:</dt>
        <dd>An MIA is not a certification, accreditation, or
        endorsement. The presence of a valid MIA does not imply
        that the issuer has audited, approved, or sanctioned the
        merchant beyond verifying the identity claims contained
        in the assertion.</dd>

        <dt>Payment authorization:</dt>
        <dd>This document defines no authorization, settlement,
        clearing, or routing mechanism. Whether a verified
        merchant should be paid, in what amount, by what
        instrument, and under what terms is determined by the
        relying party's policies and by separate payment
        protocols.</dd>

        <dt>Agent or principal identity:</dt>
        <dd>This document defines no identity mechanism for
        autonomous agents, the human or corporate principals on
        whose behalf they act, or the platforms that operate them.
        Agent identity is addressed by other specifications, with
        which MIA is designed to compose.</dd>

        <dt>Identity of natural persons:</dt>
        <dd>This document concerns the identity of legal entities
        (corporations, LLCs, partnerships, etc.) that operate
        commercial domains. It is not a mechanism for verifying
        the identity of individual natural persons. Sole
        proprietor cases, where the legal entity and the natural
        person coincide, are addressed only with the privacy
        constraints in <xref target="privacy-considerations"/>.</dd>

        <dt>A central registry:</dt>
        <dd>No central registry, authority, or trusted third party
        is defined or required. Each merchant, or a third party
        explicitly authorized by the merchant, publishes its own
        MIA. Relying parties may apply their own policies for
        which issuers they trust.</dd>
      </dl>

      <t>Implementations and deployments MAY layer additional
      capabilities on top of MIA verification (for example, a
      relying party may consult external reputation services
      after MIA verification succeeds). Such layers are out of
      scope for this document and MUST NOT be implied by the
      presence of a valid MIA alone.</t>
    </section>

    <section anchor="relationship-existing-work">
      <name>Relationship to Existing Work</name>

      <t>Several existing technologies address adjacent problems.
      This section describes how MIA relates to each, and why
      a distinct mechanism is proposed.</t>

      <section anchor="rel-x509">
        <name>X.509 and Web PKI</name>
        <t>X.509 certificates bind a public key to a domain name,
        and Extended Validation (EV) certificates additionally
        attest to the legal entity operating the domain.
        However, EV identity information is presented at the
        TLS layer, is not exposed as structured, queryable data
        to autonomous agents, and is not designed to be
        consumed as a transaction-time identity assertion.
        Certificate Transparency <xref target="RFC9162"/> provides
        public auditability of certificate issuance but does
        not surface legal entity claims in a form suitable for
        machine evaluation. MIA produces a structured JSON
        assertion that an agent can parse, validate, and retain
        as an audit artifact alongside transaction records.</t>
      </section>

      <section anchor="rel-vc">
        <name>W3C Decentralized Identifiers and Verifiable Credentials</name>
        <t>The W3C Verifiable Credentials Data Model defines a
        general framework for cryptographically verifiable
        claims about a subject, and Decentralized Identifiers
        (DIDs) define resolver-based identity. An MIA could in
        principle be expressed as a constrained Verifiable
        Credential profile. This document defines a narrower
        mechanism intentionally: discovery via a single
        well-known URI rather than DID resolution across
        heterogeneous methods, a fixed claim schema scoped to
        merchant identity, and a wire format optimized for
        agent verification rather than holder presentation.
        Future work MAY define an MIA-to-VC mapping for
        deployments that require it.</t>
      </section>

      <section anchor="rel-oauth-dcr">
        <name>OAuth Dynamic Client Registration</name>
        <t>OAuth 2.0 Dynamic Client Registration <xref target="RFC7591"/>
        enables a client to register identity metadata with an
        authorization server. It addresses a different problem:
        client onboarding within a trust relationship mediated
        by an authorization server. MIA addresses
        transaction-time merchant verification across trust
        boundaries, with no central authorization server and
        no prior registration relationship between the
        verifying agent and the merchant.</t>
      </section>

      <section anchor="rel-spiffe">
        <name>SPIFFE and Workload Identity</name>
        <t>SPIFFE defines workload identity within a trust domain,
        typically a single organization or federation thereof.
        MIA addresses cross-organization identity verification
        between parties with no pre-established trust
        relationship.</t>
      </section>

      <section anchor="rel-dns">
        <name>DNS-Based Identity (DANE, TLSA)</name>
        <t>DNS-based mechanisms such as DANE <xref target="RFC6698"/>
        bind keys or certificates to domain names via DNSSEC.
        MIA uses DNS only as one of two third-party
        authorization mechanisms (<xref target="third-party-auth"/>) and
        carries the structured legal entity claims that DNS
        records are not designed to convey. A future profile
        MAY define a DNS record type for MIA discovery; this
        document defines HTTPS well-known URI discovery as the
        primary mechanism for compatibility with the broader
        deployment of HTTPS over DNSSEC.</t>
      </section>
    </section>

    <section anchor="mia">
      <name>Merchant Identity Assertion</name>

      <t>An MIA is a JSON <xref target="RFC8259"/> document served with media
      type application/merchant-identity+json (<xref target="media-type"/>).
      It consists of a Claims Object (<xref target="claim-fields-required"/> and <xref target="claim-fields-optional"/>)
      and an embedded Proof Object (<xref target="proof-object"/>).</t>

      <t>The Claims Object is the canonical input to the signing
      procedure. The Proof Object records the resulting
      signature and key reference. Both are serialized together
      as a single JSON document on the wire (<xref target="wire-format"/>).</t>

      <section anchor="claim-fields-required">
        <name>Claim Fields (Required)</name>

        <dl>
          <dt>version (integer):</dt>
          <dd>The MIA specification version. This document defines
          version 1. Implementations MUST reject assertions with
          unrecognized version values.</dd>

          <dt>subject (string):</dt>
          <dd>The subject domain. MUST be a fully qualified domain
          name (FQDN) expressed in lowercase. MUST match the
          domain from which the assertion is served or the domain
          for which the issuer holds explicit authorization per
          <xref target="third-party-auth"/>.</dd>

          <dt>legalName (string):</dt>
          <dd>The registered legal name of the merchant entity as
          it appears in the jurisdiction of incorporation or
          registration.</dd>

          <dt>entityType (string):</dt>
          <dd>The legal entity type. MUST be one of: "corporation",
          "llc", "partnership", "sole_proprietor",
          "cooperative", "nonprofit", "government", or "other".</dd>

          <dt>jurisdiction (string):</dt>
          <dd>The ISO 3166-1 alpha-2 country code of the primary
          jurisdiction of registration (e.g., "US", "GB", "DE").
          Where a subdivision-level identifier is available and
          relevant, implementors MAY use an ISO 3166-2 code
          (e.g., "US-AZ") in the extensions field.</dd>

          <dt>issuedAt (string):</dt>
          <dd>The UTC datetime at which this assertion was issued,
          in RFC 3339 format (e.g., "2026-04-15T00:00:00Z").</dd>

          <dt>expiresAt (string):</dt>
          <dd>The UTC datetime after which this assertion MUST NOT
          be accepted, in RFC 3339 format. Issuers SHOULD NOT
          set validity periods exceeding 365 days.</dd>

          <dt>issuer (object):</dt>
          <dd><t>An object identifying the signing entity. MUST contain:</t>
            <dl>
              <dt>name (string):</dt>
              <dd>Human-readable issuer name.</dd>
              <dt>domain (string):</dt>
              <dd>Issuer FQDN.</dd>
              <dt>keyDirectory (string):</dt>
              <dd>HTTPS URI of the issuer's Key Directory (<xref target="key-directory"/>).</dd>
            </dl>
          </dd>
        </dl>
      </section>

      <section anchor="claim-fields-optional">
        <name>Claim Fields (Optional)</name>

        <dl>
          <dt>registrationId (string):</dt>
          <dd>A jurisdiction-specific business registration
          identifier (e.g., EIN, Companies House number,
          GLEIF LEI <xref target="LEI"/>).</dd>

          <dt>evidenceUris (array of strings):</dt>
          <dd>HTTPS URIs referencing third-party authoritative
          records that corroborate the identity claims in this
          assertion (e.g., a public government business
          registry record, a GLEIF LEI record). Each URI MUST
          be publicly accessible over HTTPS without
          authentication. Failure to retrieve or parse an
          evidenceUris value (network failure, non-200 HTTP
          status, redirect to an authentication-gated resource,
          or unparseable response) does not, by itself,
          invalidate the MIA. Relying parties MAY define
          policies (per <xref target="issuance-policy"/>) that
          condition acceptance on successful evidence retrieval
          for high-value or regulated transactions; such
          policies are deployment-specific and out of scope
          for this document.</dd>

          <dt>extensions (object):</dt>
          <dd>A JSON object for implementation-specific fields.
          Relying parties MUST ignore unrecognized keys.
          Extension keys MUST use reverse domain notation
          (e.g., "com.example.customField").</dd>
        </dl>
      </section>

      <section anchor="proof-object">
        <name>Proof Object</name>

        <t>The proof field MUST be present in a signed MIA and
        MUST be a JSON object containing:</t>

        <dl>
          <dt>type (string):</dt>
          <dd>MUST be "MerchantIdentityProof-v1" for assertions
          signed per this document. This value identifies the
          proof envelope format defined in this section. Future
          documents MAY define additional proof type values for
          structurally different envelopes.</dd>

          <dt>alg (string):</dt>
          <dd>The signature algorithm identifier. This document
          defines a single value: "Ed25519", indicating the
          Edwards-Curve Digital Signature Algorithm with the
          Ed25519 curve <xref target="RFC8032"/>. Future
          specifications MAY register additional algorithm
          identifiers via Standards Action; see
          <xref target="crypto-agility"/>. Implementations
          MUST reject assertions with unrecognized alg values
          and MUST NOT attempt to infer an algorithm from the
          key material alone.</dd>

          <dt>created (string):</dt>
          <dd>The UTC datetime at which the proof was created, in
          RFC 3339 format. MUST match the issuedAt claim field.</dd>

          <dt>verificationMethod (string):</dt>
          <dd>An HTTPS URI of the form:
          {issuer.keyDirectory}#{kid}
          where {kid} is the key identifier within the Key
          Directory used to produce this signature. This
          field anchors the signature to a specific, named
          key and provides a deterministic path for key
          retrieval without requiring the relying party to
          trust the payload-embedded keyDirectory value in
          isolation (see <xref target="security-considerations"/>, trust bootstrap).</dd>

          <dt>proofValue (string):</dt>
          <dd>The base64url-encoded signature over the canonical
          Claims Object, produced using the algorithm named in
          the alg field, as defined in
          <xref target="signing-procedure"/>.</dd>
        </dl>

        <t>The keyDirectory URI appears in the assertion payload, which could
        raise a trust bootstrap concern if a relying party were to trust the
        payload as the sole source of key discovery information. To avoid this,
        the relying party MUST derive the authoritative key directory location
        from proof.verificationMethod and MUST NOT rely on issuer.keyDirectory
        as the sole key discovery path. Relying parties SHOULD additionally
        verify that the domain in verificationMethod matches issuer.domain as a
        consistency check.</t>
      </section>

      <section anchor="wire-format">
        <name>Wire Format</name>

        <t>An MIA is serialized as a single JSON document. The
        Claims Object fields (<xref target="claim-fields-required"/> and <xref target="claim-fields-optional"/>) and the
        proof field (<xref target="proof-object"/>) appear at the top level of
        this JSON document.</t>

        <t>The document MUST be served over HTTPS with:</t>

        <artwork><![CDATA[Content-Type: application/merchant-identity+json]]></artwork>

        <t>Implementations MUST NOT serve or accept MIA documents
        over plain HTTP.</t>
      </section>

      <section anchor="versioning">
        <name>Versioning</name>

        <t>The version field in the Claims Object identifies
        the MIA specification version, not the issuer's
        software version or assertion content version. This
        document defines version 1.</t>

        <t>The version field follows a strict-rejection model:
        relying parties MUST reject assertions with unrecognized
        version values. New claim fields, optional or required,
        do not increment the version number; they are added
        through extensions (<xref target="claim-fields-optional"/>)
        or through new optional fields defined by future documents
        that update this specification.</t>

        <t>The version number is incremented only when an
        incompatible structural change is made to the Claims
        Object such that an implementation built to an earlier
        version could not safely interpret the assertion.
        Examples of incompatible changes include: removal of a
        required field, change in the canonicalization algorithm,
        or change in the meaning of an existing field.</t>

        <t>The proof.type field follows the same model
        independently. The version number in the proof type
        identifier (currently "MerchantIdentityProof-v1")
        increments only on incompatible changes to the proof
        envelope structure itself, distinct from algorithm
        changes (which are signaled via proof.alg per
        <xref target="crypto-agility"/>).</t>
      </section>

      <section anchor="example">
        <name>Example</name>

        <t>The following is a non-normative example of a complete
        signed MIA document:</t>

        <sourcecode type="json"><![CDATA[{
  "version": 1,
  "subject": "supplier.example.com",
  "legalName": "Example Supply Corporation",
  "entityType": "corporation",
  "jurisdiction": "US",
  "issuedAt": "2026-04-15T00:00:00Z",
  "expiresAt": "2027-04-15T00:00:00Z",
  "issuer": {
    "name": "Example Trust Registry",
    "domain": "trust.example.org",
    "keyDirectory": "https://trust.example.org/.well-known/jwks.json"
  },
  "registrationId": "12-3456789",
  "evidenceUris": [
    "https://www.gleif.org/lei/5493001KJTIIGC8Y1R12"
  ],
  "proof": {
    "type": "MerchantIdentityProof-v1",
    "alg": "Ed25519",
    "created": "2026-04-15T00:00:00Z",
    "verificationMethod":
      "https://trust.example.org/.well-known/jwks.json#key-01",
    "proofValue": "MGViZDcwYTk...86-char-base64url-signature"
  }
}]]></sourcecode>
      </section>
    </section>

    <section anchor="discovery">
      <name>Discovery</name>

      <section anchor="well-known-uri">
        <name>Well-Known URI</name>

        <t>A merchant MAY self-issue an MIA and publish it at:</t>

        <artwork><![CDATA[https://{subject-domain}/.well-known/merchant-identity.json]]></artwork>

        <t>This resource MUST be served over HTTPS with:</t>

        <artwork><![CDATA[Content-Type: application/merchant-identity+json]]></artwork>

        <t>A relying party wishing to obtain an MIA for a given
        merchant domain SHOULD first attempt retrieval from this
        well-known URI.</t>

        <t>For a self-issued MIA, the issuer.domain field MUST
        equal the subject field, and the issuer.keyDirectory
        MUST resolve to a Key Directory at the subject domain.</t>
      </section>

      <section anchor="third-party-auth">
        <name>Third-Party Issuer Authorization</name>

        <t>Merchants MAY authorize a third-party issuer to publish
        an MIA on their behalf. Before relying on a third-party
        MIA, the relying party MUST verify that the issuer is
        authorized by the subject domain using one of the
        following mechanisms:</t>

        <t>a) DNS TXT Authorization Record:</t>

        <t>The subject domain MUST publish a DNS TXT record at
        the name _mia-auth.{subject-domain}:</t>

        <artwork><![CDATA[_mia-auth.supplier.example.com. IN TXT
    "v=mia1; issuer=trust.example.org"]]></artwork>

        <t>The issuer value MUST exactly match the issuer.domain
        field in the MIA.</t>

        <t>b) HTTP Delegation Document:</t>

        <t>The subject domain MUST publish a Merchant Identity
        Delegation Document (MIDD) at:</t>

        <artwork><![CDATA[https://{subject-domain}/.well-known/mia-delegation.json]]></artwork>

        <t>An MIDD is a distinct document type from an MIA. It
        MUST be a JSON object signed using the same proof
        structure defined in <xref target="proof-object"/> and MUST contain:</t>

        <dl>
          <dt>version (integer):</dt>
          <dd>MUST be 1.</dd>
          <dt>type (string):</dt>
          <dd>MUST be "MerchantIdentityDelegation".</dd>
          <dt>subject (string):</dt>
          <dd>The merchant domain granting delegation.</dd>
          <dt>authorizedIssuer (string):</dt>
          <dd>The FQDN of the authorized third-party issuer.</dd>
          <dt>issuedAt (string):</dt>
          <dd>RFC 3339 datetime.</dd>
          <dt>expiresAt (string):</dt>
          <dd>RFC 3339 datetime.</dd>
          <dt>proof (object):</dt>
          <dd>Per <xref target="proof-object"/>, signed by a key published at the subject domain's Key Directory.</dd>
        </dl>

        <t>The MIDD MUST be served over HTTPS with:</t>

        <artwork><![CDATA[Content-Type: application/merchant-delegation+json]]></artwork>

        <t>Relying parties MUST verify the MIDD proof using a key
        hosted at the subject domain's Key Directory before
        accepting the named issuer as authorized. See
        <xref target="media-type-midd"/> for the media type
        registration.</t>

        <t>A subject domain that authorizes a third-party issuer
        via MIDD MUST publish a Key Directory at the location
        identified by the proof.verificationMethod field of the
        MIDD itself. The Key Directory MUST contain the public
        key whose corresponding private key signed the MIDD.
        This Key Directory is operated by the subject domain
        and is distinct from any Key Directory operated by the
        third-party issuer to which delegation is granted. A
        subject domain that uses only DNS TXT third-party
        authorization (mechanism a) is not required to operate
        a Key Directory.</t>

        <t>Relying parties MUST treat an MIA as invalid if neither
        authorization mechanism is satisfied.</t>
      </section>
    </section>

    <section anchor="issuance-models">
      <name>Issuance Models and Assurance Considerations</name>

      <t>An MIA is structurally valid if it satisfies the
      verification procedure in <xref target="verification-procedure"/>.
      Structural validity is a necessary condition for relying on
      an assertion, but it is not, by itself, a sufficient
      condition for high-assurance use.</t>

      <t>This document defines no normative assurance levels.
      However, the protocol surfaces enough information for a
      relying party to apply its own policies. This section
      describes the issuance models the protocol supports and
      the corresponding signals available to relying parties.</t>

      <section anchor="issuance-self">
        <name>Self-Issuance</name>
        <t>A merchant may self-issue an MIA: the issuer.domain
        equals the subject, and the assertion is signed by a
        key published at the subject domain's Key Directory.
        Self-issuance demonstrates control of the subject domain
        at the time of signing and provides cryptographic
        attribution of the claims to whoever controls the
        domain. It does not, by itself, demonstrate that the
        legal entity claims (legalName, entityType, jurisdiction,
        registrationId) correspond to the actual entity operating
        the domain.</t>
      </section>

      <section anchor="issuance-third-party">
        <name>Third-Party Issuance</name>
        <t>A merchant may authorize a third-party issuer per
        <xref target="third-party-auth"/>. The relying party can
        then evaluate the assertion as the joint product of two
        signals: the merchant's authorization of the issuer
        (proven by the DNS TXT record or signed delegation
        document at the subject domain) and the issuer's
        attestation to the merchant's identity claims. The
        strength of the resulting assurance depends on the
        practices of the named issuer, which are out of scope
        for this document.</t>
      </section>

      <section anchor="issuance-evidence">
        <name>External Evidence</name>
        <t>An MIA MAY include the optional evidenceUris field
        (<xref target="claim-fields-optional"/>), referencing
        publicly accessible authoritative records that
        corroborate identity claims (for example, a GLEIF LEI
        record, a government business registry entry, or a
        public regulator filing). The evidenceUris field allows
        a relying party, or an automated verification service
        acting on the relying party's behalf, to check the
        consistency of the MIA's claims against independent
        sources at verification time.</t>

        <t>This document does not require relying parties to
        fetch or validate evidenceUris. Implementations MAY
        define policies that condition acceptance on successful
        evidence retrieval and consistency checks; such
        policies are deployment-specific.</t>
      </section>

      <section anchor="issuance-policy">
        <name>Relying Party Policy</name>
        <t>Relying parties operating in regulated, high-value, or
        otherwise high-stakes contexts SHOULD define explicit
        policies for which issuance models they accept. Examples
        of policies a relying party MAY adopt include:</t>

        <ul>
          <li>Accept only third-party-issued MIAs from issuers on
          a maintained allowlist.</li>
          <li>Accept self-issued MIAs only for transactions below
          a configured threshold.</li>
          <li>Require an evidenceUris value resolving to a GLEIF
          LEI record for transactions exceeding a configured
          threshold.</li>
          <li>Require a fresh assertion (recently retrieved from
          the well-known URI rather than served from cache) for
          transactions within a defined recency window.</li>
        </ul>

        <t>Such policies are out of scope for this specification.
        The protocol exposes the inputs; the policy decisions
        belong to the relying party and its principals.</t>
      </section>
    </section>

    <section anchor="signing-and-verification">
      <name>Signing and Verification</name>

      <section anchor="signing-algorithm">
        <name>Signing Algorithm</name>
        <t>This document defines a single mandatory-to-implement
        signature algorithm: the Edwards-Curve Digital Signature
        Algorithm (EdDSA) with the Ed25519 curve
        <xref target="RFC8032"/>, identified in the proof.alg
        field as "Ed25519". All conforming issuers and relying
        parties MUST support this algorithm.</t>

        <t>Future specifications MAY define additional algorithm
        identifiers; see <xref target="crypto-agility"/> for the
        extension model and post-quantum migration considerations.</t>
      </section>

      <section anchor="key-directory">
        <name>Key Directory</name>

        <t>Issuers MUST publish a JSON Web Key Set <xref target="RFC7517"/>
        at the HTTPS URI in the issuer.keyDirectory field.
        This document is the Key Directory.</t>

        <t>Key Directory entries used for MIA signing with the
        Ed25519 algorithm MUST include:</t>

        <dl>
          <dt>kty:</dt><dd>"OKP"</dd>
          <dt>crv:</dt><dd>"Ed25519"</dd>
          <dt>use:</dt><dd>"sig"</dd>
          <dt>kid:</dt><dd>A stable, unique, URL-safe identifier.</dd>
          <dt>x:</dt><dd>The base64url-encoded Ed25519 public key.</dd>
        </dl>

        <t>JWK parameters MUST be appropriate for the algorithm
        identified in the proof.alg field of the assertion the
        key is used to verify, per <xref target="RFC7517"/>.
        Specifications defining additional algorithm identifiers
        (<xref target="crypto-agility"/>) MUST specify the
        corresponding JWK parameter requirements.</t>

        <t>The Key Directory MUST be served over HTTPS with
        appropriate HTTP caching headers. Relying parties
        SHOULD cache key material per those headers to reduce
        verification latency and network load. Implementations
        MUST NOT cache key material beyond the lifetime indicated
        by the HTTP cache directives, and MUST re-fetch on
        signature verification failure to accommodate key
        rotation. Issuers SHOULD set cache lifetimes that
        balance verification performance against key rotation
        responsiveness; values between one hour and 24 hours
        are RECOMMENDED.</t>

        <t>If the Key Directory is unreachable during
        verification, relying parties MUST NOT accept the
        assertion as verified. Relying parties MAY retry per
        their own operational policies but MUST NOT fall back
        to cached keys whose cache lifetime has expired.</t>
      </section>

      <section anchor="signing-procedure">
        <name>Signing Procedure</name>

        <t>To produce an MIA signature, the issuer MUST:</t>

        <ol>
          <li>Construct the Claims Object containing all required
          fields (<xref target="claim-fields-required"/>) and any optional fields
          (<xref target="claim-fields-optional"/>), excluding the proof field.</li>

          <li>Produce the canonical signing input by serializing
          the Claims Object as a JSON string with keys in
          lexicographic order and no insignificant whitespace
          <xref target="RFC8785"/>.</li>

          <li>Sign the UTF-8 encoding of the canonical string
          using the private key corresponding to the chosen kid,
          producing a signature with the algorithm identified
          by proof.alg.</li>

          <li>Encode the resulting 64-byte signature as a
          base64url string (proofValue).</li>

          <li>Construct the proof object (<xref target="proof-object"/>) with the
          type, created, verificationMethod, and proofValue
          fields.</li>

          <li>Merge the Claims Object and proof object into a
          single JSON document (<xref target="wire-format"/>).</li>
        </ol>
      </section>

      <section anchor="verification-procedure">
        <name>Verification Procedure</name>

        <t>A relying party MUST perform the following steps:</t>

        <ol>
          <li>Retrieve the MIA document via HTTPS. If the
          retrieval fails (network error, DNS resolution
          failure, TLS validation failure, non-2xx HTTP status,
          unfollowed redirect, or response exceeding a
          relying-party-defined maximum size), the relying
          party MUST treat the verification result as "no MIA
          available" and MUST NOT proceed with subsequent
          verification steps. Implementations MUST NOT
          automatically follow HTTP redirects when retrieving
          an MIA from the well-known URI; redirected responses
          MUST be treated as retrieval failure. The maximum
          response size SHOULD be at least 64 kilobytes and
          SHOULD NOT exceed 1 megabyte for any deployment.</li>

          <li>Verify the Content-Type is application/merchant-identity+json.</li>

          <li>Parse the JSON document. Extract the proof field. If absent, reject the assertion.</li>

          <li>Verify proof.type is "MerchantIdentityProof-v1" and that proof.alg names a recognized algorithm. If either check fails, reject. Implementations MUST NOT accept assertions with unknown proof type or alg values.</li>

          <li>Extract the key directory URI and kid from proof.verificationMethod by splitting on the last "#" character. The key directory URI is the portion before "#"; the kid is the portion after. The relying party MUST use this URI as the authoritative key directory location. It MUST also verify that the authority component of this URI matches the issuer.domain field in the assertion as a consistency check, using the Domain Comparison rules defined in <xref target="terminology"/>. If they do not match, the assertion MUST be rejected. The path component of the URI MAY differ from any path implied by issuer.keyDirectory; only the authority component is compared.</li>

          <li>Retrieve the Key Directory over HTTPS from the extracted URI.</li>

          <li>Locate the JWK entry with the matching kid. If absent, reject.</li>

          <li>Reconstruct the canonical signing input from the assertion document with the proof field removed, following the procedure in <xref target="signing-procedure"/>, step 2.</li>

          <li>Verify the signature in proof.proofValue against the canonical signing input using the located public key and the algorithm identified by proof.alg.</li>

          <li>Verify that the current time is strictly between issuedAt and expiresAt (exclusive).</li>

          <li>Verify that the subject field matches the domain for which verification is being performed, using the Domain Comparison rules defined in <xref target="terminology"/>.</li>

          <li>If issuer.domain differs from subject, verify third-party authorization per <xref target="third-party-auth"/>.</li>

          <li>If all steps succeed, the assertion is valid.</li>
        </ol>

        <t>A relying party MUST NOT act on an assertion that
        fails any verification step.</t>
      </section>
    </section>

    <section anchor="freshness-and-revocation">
      <name>Freshness and Revocation</name>

      <t>This document distinguishes two categories of change
      that affect the validity of a previously issued MIA:</t>

      <dl>
        <dt>Identity revocation:</dt>
        <dd>A material change to the legal entity claims in the
        MIA (e.g., legal name change, jurisdiction change,
        dissolution, loss of business registration, or transfer
        of the subject domain to a different legal entity).
        Identity revocation invalidates the assertion's claims
        regardless of cryptographic validity.</dd>

        <dt>Operational revocation:</dt>
        <dd>A change to the issuer's signing infrastructure
        (e.g., key compromise, key rotation, or suspension of
        issuance) that affects the cryptographic validity of
        outstanding assertions but does not change the
        underlying identity claims.</dd>
      </dl>

      <t>The protocol addresses these two categories through
      complementary mechanisms.</t>

      <section anchor="rev-validity-period">
        <name>Validity Periods and Re-Issuance</name>
        <t>Relying parties MUST NOT accept assertions for which
        the current time is at or after the expiresAt value.</t>

        <t>Issuers SHOULD limit assertion validity periods.
        Validity periods of 90 days or less are RECOMMENDED for
        issuers with automated re-issuance pipelines.</t>

        <t>Issuers MUST re-issue assertions promptly when material
        identity information changes. Re-issuance is the primary
        mechanism for identity revocation; the previous assertion
        is allowed to expire on its own schedule unless explicit
        revocation is also signaled.</t>

        <t>Relying parties in high-stakes or regulated contexts
        SHOULD retrieve a fresh assertion rather than relying on
        a cached copy when the cached copy is older than 24 hours,
        regardless of the expiresAt value.</t>

        <t>Issuers MAY set HTTP cache directives on the MIA
        endpoint. Relying parties MAY honor these directives but
        MUST NOT cache an MIA beyond its expiresAt value
        regardless of HTTP cache headers, and MUST NOT cache an
        MIA whose Cache-Control directives explicitly forbid
        caching. Where issuer-supplied cache directives permit
        caching beyond the recency thresholds defined in this
        section, the more restrictive policy applies.</t>
      </section>

      <section anchor="rev-explicit">
        <name>Explicit Revocation</name>
        <t>Issuers MAY support explicit revocation by including a
        revocationUri extension field in the Claims Object. If
        present, this field MUST be an HTTPS URI that resolves
        to a JSON object with at least a boolean "revoked"
        field and a "checkedAt" string in RFC 3339 format
        indicating when the revocation status was last updated
        by the issuer.</t>

        <t>Relying parties MAY check this URI before relying on
        an assertion. Relying parties in high-stakes or
        regulated contexts SHOULD do so. The revocationUri
        endpoint MUST be served over HTTPS with valid
        certificate validation.</t>

        <t>This document does not define a normative revocation
        list format. A future specification MAY define one for
        deployments at scale.</t>
      </section>

      <section anchor="rev-key-rotation">
        <name>Key Rotation</name>
        <t>Operational revocation through signing-key rotation
        is supported by the Key Directory mechanism
        (<xref target="key-directory"/>). When an issuer rotates
        keys, it removes the old key from its Key Directory.
        Relying parties that follow the cache requirements in
        <xref target="key-directory"/> will fail signature
        verification on assertions signed with revoked keys
        once the cache lifetime elapses.</t>

        <t>Issuers MUST remove compromised keys from the Key
        Directory without delay and SHOULD re-issue all
        outstanding assertions previously signed with the
        compromised key.</t>
      </section>
    </section>

    <section anchor="ert">
      <name>Evaluation Result Token</name>

      <t>A verification service MAY issue an Evaluation Result
      Token (ERT) after successfully verifying an MIA. The
      ERT is a signed JWT <xref target="RFC7519"/> that serves as a portable
      audit artifact confirming that verification was
      performed.</t>

      <t>The ERT is an optional layer. Its issuance does not
      alter the validity of the underlying MIA.</t>

      <section anchor="ert-claims">
        <name>Claims</name>

        <dl>
          <dt>iss (string, REQUIRED):</dt>
          <dd>The domain of the verification service.</dd>

          <dt>sub (string, REQUIRED):</dt>
          <dd>The subject domain that was verified.</dd>

          <dt>iat (NumericDate, REQUIRED):</dt>
          <dd>Time of ERT issuance.</dd>

          <dt>exp (NumericDate, REQUIRED):</dt>
          <dd>Expiry time. MUST NOT exceed iat + 300 seconds to limit replay exposure.</dd>

          <dt>jti (string, REQUIRED):</dt>
          <dd>A cryptographically random, globally unique token identifier for replay detection.</dd>

          <dt>mia_verified (boolean, REQUIRED):</dt>
          <dd>True if a valid, unexpired MIA was located and successfully verified for the subject domain per <xref target="verification-procedure"/>. False otherwise.</dd>

          <dt>mia_subject (string, REQUIRED when mia_verified is true):</dt>
          <dd>The subject field from the verified MIA.</dd>

          <dt>mia_issued_at (string, REQUIRED when mia_verified is true):</dt>
          <dd>The issuedAt field from the verified MIA.</dd>

          <dt>mia_issuer_domain (string, REQUIRED when mia_verified is true):</dt>
          <dd>The issuer.domain field from the verified MIA.</dd>
        </dl>

        <t>No consumer or agent identity fields SHALL be included
        in an ERT without explicit principal consent.</t>
      </section>

      <section anchor="ert-signing">
        <name>Signing</name>

        <t>The ERT MUST be signed as a JWS <xref target="RFC7515"/> using
        EdDSA with Ed25519 <xref target="RFC8032"/>. The JWS Protected
        Header MUST include:</t>

        <dl>
          <dt>alg:</dt><dd>"EdDSA"</dd>
          <dt>kid:</dt><dd>Key identifier in the verification service's Key Directory.</dd>
        </dl>

        <t>Implementations MUST follow JWT Best Current Practices
        <xref target="RFC8725"/>, including algorithm validation and rejection
        of the none algorithm.</t>
      </section>

      <section anchor="ert-example">
        <name>Example</name>

        <t>The following is a non-normative example of a decoded
        ERT payload:</t>

        <sourcecode type="json"><![CDATA[{
  "iss": "trust.example.org",
  "sub": "supplier.example.com",
  "iat": 1776254400,
  "exp": 1776254700,
  "jti": "f7a2c9e1b4d8",
  "mia_verified": true,
  "mia_subject": "supplier.example.com",
  "mia_issued_at": "2026-04-15T00:00:00Z",
  "mia_issuer_domain": "trust.example.org"
}]]></sourcecode>

        <t>A relying party MAY include the ERT in payment
        metadata or transaction records to provide downstream
        parties with a verifiable audit artifact that
        pre-transaction merchant identity verification
        occurred.</t>
      </section>
    </section>

    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>

      <section anchor="minimal-disclosure">
        <name>Minimal Disclosure</name>
        <t>MIA documents MUST NOT include personal data about
        natural persons except where the subject is a sole
        proprietor, such disclosure is legally required in
        the jurisdiction, and the natural person has provided
        explicit consent.</t>
      </section>

      <section anchor="evidence-uri-privacy">
        <name>Evidence URI Privacy</name>
        <t>The evidenceUris field, if included, reveals which
        third-party registries were used to corroborate the
        merchant's identity. Issuers SHOULD assess the
        privacy implications of each URI before inclusion.</t>
      </section>

      <section anchor="relying-party-query-privacy">
        <name>Relying Party Query Privacy</name>
        <t>Real-time retrieval of MIAs from well-known URIs or
        Key Directories reveals which merchants a relying
        party intends to transact with. Implementations
        SHOULD use caching and pre-fetching strategies to
        reduce this correlation risk.</t>
      </section>

      <section anchor="issuer-correlation-privacy">
        <name>Issuer-Side Correlation</name>
        <t>An issuer hosting MIAs at well-known URIs, and the
        operator of any Key Directory, observes which network
        endpoints retrieve which assertions. Operators of
        verification-as-a-service offerings, third-party
        issuers, and CDNs in the retrieval path can therefore
        construct correlation graphs linking relying parties
        to merchant-domain queries. Issuers and intermediaries
        SHOULD NOT log or retain the source IP, principal
        identifier, or session identifier of MIA retrievals
        beyond what is operationally necessary, and MUST NOT
        share such retrieval metadata with third parties
        without the requesting relying party's consent.
        Operators of verification services that issue ERTs on
        behalf of relying parties MUST ensure that retrieval
        logs are not cross-linked with ERT issuance records in
        ways that would defeat the consumer principal privacy
        requirements in
        <xref target="consumer-principal-privacy"/>.</t>
      </section>

      <section anchor="consumer-principal-privacy">
        <name>Consumer Principal Privacy</name>
        <t>ERTs as defined in <xref target="ert"/> MUST NOT include
        consumer or agent principal identifiers. Verification
        services MUST NOT log consumer identifiers in
        association with merchant verification events without
        explicit consumer consent.</t>
      </section>
    </section>

    <section anchor="security-considerations">
      <name>Security Considerations</name>

      <section anchor="replay-attacks">
        <name>Replay Attacks</name>
        <t>The ERT jti claim provides a unique token identifier.
        Relying parties MUST maintain a jti cache for at
        least the duration of the token's validity window
        (exp - iat), plus a clock-skew allowance of at least
        60 seconds, and MUST reject any ERT whose jti has
        been seen previously. The RECOMMENDED maximum ERT
        validity of 300 seconds bounds the size of this
        cache.</t>

        <t>Relying parties verifying iat and exp claims SHOULD
        permit clock skew of up to 60 seconds in either
        direction relative to the relying party's local clock.
        Implementations operating in environments with reliable
        time synchronization (e.g., NTP-disciplined clocks) MAY
        use a smaller skew allowance. Implementations MUST NOT
        permit skew exceeding 300 seconds, as doing so would
        extend the effective replay window beyond the token's
        intended lifetime.</t>
      </section>

      <section anchor="key-compromise">
        <name>Key Compromise</name>
        <t>If an issuer's signing key is compromised, all MIA
        documents signed with that key MUST be treated as
        invalid. Issuers MUST maintain key rotation
        procedures and MUST remove compromised keys from
        their Key Directory promptly. Relying parties that
        cache Key Directory material MUST re-fetch on
        signature verification failure.</t>
      </section>

      <section anchor="domain-transfer">
        <name>Domain Transfer</name>
        <t>An MIA is bound to a domain name. Transfer of that
        domain to a new owner does not automatically
        invalidate outstanding assertions. Issuers MUST
        implement procedures to detect domain transfer
        and revoke or re-evaluate affected assertions
        without delay.</t>
      </section>

      <section anchor="malicious-issuers">
        <name>Malicious Issuers</name>
        <t>A third-party issuer operating in bad faith may
        publish false assertions. Relying parties SHOULD
        NOT treat all issuers as equally trustworthy. Relying
        parties MAY maintain allowlists of trusted issuer
        domains and SHOULD treat assertions from unknown
        issuers with heightened scrutiny. The third-party
        authorization requirement in <xref target="third-party-auth"/> ensures
        that an issuer cannot publish an MIA for a domain
        that has not explicitly authorized it, but does not
        guarantee the issuer itself is trustworthy.</t>
      </section>

      <section anchor="stale-assertions">
        <name>Stale Assertions</name>
        <t>Merchant legal standing may change after assertion
        issuance (e.g., insolvency, license revocation,
        sanctions designation). Relying parties in regulated
        industries MUST NOT treat an MIA as sole evidence of
        current compliance and SHOULD supplement MIA
        verification with jurisdiction-appropriate checks for
        high-value or high-risk transactions.</t>
      </section>

      <section anchor="downgrade-attacks">
        <name>Downgrade Attacks</name>
        <t>An attacker with network access could substitute an
        older but still-valid MIA for a more recently issued
        one. Relying parties SHOULD record the issuedAt
        timestamp of the assertion used in a transaction and
        SHOULD reject assertions whose issuedAt predates
        their recency threshold for the transaction context.</t>
      </section>

      <section anchor="third-party-auth-poisoning">
        <name>Third-Party Authorization Poisoning</name>
        <t>DNS TXT records (<xref target="third-party-auth"/>, mechanism a) are
        susceptible to cache poisoning if DNSSEC is not
        deployed. Implementations MUST use DNSSEC-validated
        resolution where available when performing DNS-based
        third-party authorization checks. HTTP delegation
        documents (mechanism b) MUST be retrieved over HTTPS
        with certificate validation; relying parties MUST
        reject delegation documents served without a valid
        TLS certificate.</t>
      </section>

      <section anchor="jwt-security">
        <name>JWT Security</name>
        <t>Implementations of the ERT (<xref target="ert"/>) MUST comply
        with JWT Best Current Practices <xref target="RFC8725"/>, including:</t>

        <ul>
          <li>Explicitly validating the alg header value.</li>
          <li>Rejecting tokens with alg: "none".</li>
          <li>Validating iss, sub, iat, exp, and jti before acting on any token.</li>
          <li>Not relying on unverified header parameters for security decisions.</li>
        </ul>
      </section>

      <section anchor="crypto-agility">
        <name>Cryptographic Agility and Post-Quantum Considerations</name>

        <t>The MIA proof envelope (<xref target="proof-object"/>)
        carries an explicit alg field to enable cryptographic
        agility. This document defines a single algorithm,
        Ed25519 <xref target="RFC8032"/>, as mandatory to
        implement. Future specifications MAY register additional
        algorithm identifiers via Standards Action, including
        post-quantum signature algorithms standardized by NIST
        such as ML-DSA <xref target="FIPS204"/>, and composite
        signature schemes that combine a classical and a
        post-quantum algorithm in a single proof.</t>

        <t>An MIA is a signed assertion, not an encrypted
        payload. The "harvest now, decrypt later" threat model
        applicable to confidentiality-protected traffic does
        not apply directly to MIA documents. The post-quantum
        concern relevant to this specification is the future
        forgeability of long-lived merchant signing keys: an
        adversary in possession of a cryptographically relevant
        quantum computer could, in principle, recover an
        Ed25519 private key from observed public-key material
        and use it to forge assertions. Issuers SHOULD therefore
        treat assertion validity periods and signing-key
        rotation cadence as the primary mitigations available
        within the bounds of this document.</t>

        <t>Implementations consuming MIAs SHOULD be designed to
        accommodate additional algorithm identifiers in the
        proof.alg field without requiring changes to the
        envelope format or wire structure. Specifications
        introducing new algorithms MUST define the corresponding
        JWK parameters in the Key Directory
        (<xref target="key-directory"/>) and SHOULD address
        coexistence with deployed Ed25519 keys.</t>
      </section>
    </section>

    <section anchor="iana-considerations">
      <name>IANA Considerations</name>

      <t>The media type registrations below request names in the
      standards tree. Per Section 3.1 of <xref target="RFC6838"/>,
      standards-tree registrations require approval associated with
      IETF standards-track processing. The author acknowledges that
      these registrations are contingent on the disposition of this
      document; should this document not progress toward
      standards-track publication, the registrations would be
      withdrawn or resubmitted under the vendor tree.</t>

      <section anchor="well-known-merchant-identity">
        <name>Well-Known URI: merchant-identity.json</name>
        <t>This document requests registration in the "Well-Known
        URIs" registry <xref target="RFC8615"/>:</t>

        <dl>
          <dt>URI suffix:</dt><dd>merchant-identity.json</dd>
          <dt>Change controller:</dt><dd>IETF</dd>
          <dt>Specification document(s):</dt><dd>This document, <xref target="well-known-uri"/></dd>
          <dt>Status:</dt><dd>permanent</dd>
          <dt>Related information:</dt><dd>None</dd>
        </dl>
      </section>

      <section anchor="well-known-mia-delegation">
        <name>Well-Known URI: mia-delegation.json</name>
        <t>This document requests registration in the "Well-Known
        URIs" registry <xref target="RFC8615"/>:</t>

        <dl>
          <dt>URI suffix:</dt><dd>mia-delegation.json</dd>
          <dt>Change controller:</dt><dd>IETF</dd>
          <dt>Specification document(s):</dt><dd>This document, <xref target="third-party-auth"/></dd>
          <dt>Status:</dt><dd>permanent</dd>
          <dt>Related information:</dt><dd>Used to publish a Merchant Identity Delegation Document (MIDD) authorizing a named third-party issuer to publish MIAs on behalf of the subject domain.</dd>
        </dl>
      </section>

      <section anchor="media-type">
        <name>Media Type: application/merchant-identity+json</name>
        <t>This document requests registration of a new media
        type per <xref target="RFC6838"/>:</t>

        <dl>
          <dt>Type name:</dt><dd>application</dd>
          <dt>Subtype name:</dt><dd>merchant-identity+json</dd>
          <dt>Required parameters:</dt><dd>none</dd>
          <dt>Optional parameters:</dt><dd>version: The MIA version number (integer). Defaults to 1 if absent.</dd>
          <dt>Encoding considerations:</dt><dd>Binary (UTF-8 encoded JSON per <xref target="RFC8259"/>).</dd>
          <dt>Security considerations:</dt><dd>See <xref target="security-considerations"/> of this document.</dd>
          <dt>Interoperability considerations:</dt><dd>See <xref target="design-goals"/> of this document.</dd>
          <dt>Published specification:</dt><dd>This document.</dd>
          <dt>Applications that use this media type:</dt><dd>Autonomous agents performing pre-transaction merchant identity verification; verification services issuing Evaluation Result Tokens; merchant identity registries.</dd>
          <dt>Fragment identifier considerations:</dt><dd>None.</dd>
          <dt>Additional information:</dt><dd>Deprecated alias names for this type: None. Magic number(s): None. File extension(s): .mia.json. Macintosh file type code(s): None.</dd>
          <dt>Person &amp; email address to contact for further information:</dt><dd>founder@registeredbrands.ai</dd>
          <dt>Intended usage:</dt><dd>COMMON</dd>
          <dt>Restrictions on usage:</dt><dd>None.</dd>
          <dt>Author:</dt><dd>Robb Anders</dd>
          <dt>Change controller:</dt><dd>IETF</dd>
        </dl>
      </section>

      <section anchor="media-type-midd">
        <name>Media Type: application/merchant-delegation+json</name>
        <t>This document requests registration of a new media
        type per <xref target="RFC6838"/>:</t>

        <dl>
          <dt>Type name:</dt><dd>application</dd>
          <dt>Subtype name:</dt><dd>merchant-delegation+json</dd>
          <dt>Required parameters:</dt><dd>none</dd>
          <dt>Optional parameters:</dt><dd>version: The MIDD version number (integer). Defaults to 1 if absent.</dd>
          <dt>Encoding considerations:</dt><dd>Binary (UTF-8 encoded JSON per <xref target="RFC8259"/>).</dd>
          <dt>Security considerations:</dt><dd>See <xref target="security-considerations"/> of this document. The MIDD MUST be signed by a key published at the subject domain's Key Directory; see <xref target="third-party-auth"/>.</dd>
          <dt>Interoperability considerations:</dt><dd>See <xref target="design-goals"/> of this document.</dd>
          <dt>Published specification:</dt><dd>This document, <xref target="third-party-auth"/>.</dd>
          <dt>Applications that use this media type:</dt><dd>Merchant Identity Assertion (MIA) issuers and verifiers; relying parties evaluating third-party-issued MIAs.</dd>
          <dt>Fragment identifier considerations:</dt><dd>None.</dd>
          <dt>Additional information:</dt><dd>Deprecated alias names for this type: None. Magic number(s): None. File extension(s): .midd.json. Macintosh file type code(s): None.</dd>
          <dt>Person &amp; email address to contact for further information:</dt><dd>founder@registeredbrands.ai</dd>
          <dt>Intended usage:</dt><dd>COMMON</dd>
          <dt>Restrictions on usage:</dt><dd>None.</dd>
          <dt>Author:</dt><dd>Robb Anders</dd>
          <dt>Change controller:</dt><dd>IETF</dd>
        </dl>
      </section>
    </section>
  </middle>

  <back>
    <references>
      <name>References</name>

      <references>
        <name>Normative References</name>

        <reference anchor="RFC2119" target="https://www.rfc-editor.org/rfc/rfc2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date year="1997" month="March"/>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>

        <reference anchor="RFC7515" target="https://www.rfc-editor.org/rfc/rfc7515">
          <front>
            <title>JSON Web Signature (JWS)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date year="2015" month="May"/>
          </front>
          <seriesInfo name="RFC" value="7515"/>
          <seriesInfo name="DOI" value="10.17487/RFC7515"/>
        </reference>

        <reference anchor="RFC7517" target="https://www.rfc-editor.org/rfc/rfc7517">
          <front>
            <title>JSON Web Key (JWK)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date year="2015" month="May"/>
          </front>
          <seriesInfo name="RFC" value="7517"/>
          <seriesInfo name="DOI" value="10.17487/RFC7517"/>
        </reference>

        <reference anchor="RFC7519" target="https://www.rfc-editor.org/rfc/rfc7519">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date year="2015" month="May"/>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>

        <reference anchor="RFC8032" target="https://www.rfc-editor.org/rfc/rfc8032">
          <front>
            <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
            <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"/>
            <date year="2017" month="January"/>
          </front>
          <seriesInfo name="RFC" value="8032"/>
          <seriesInfo name="DOI" value="10.17487/RFC8032"/>
        </reference>

        <reference anchor="RFC8174" target="https://www.rfc-editor.org/rfc/rfc8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date year="2017" month="May"/>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>

        <reference anchor="RFC5890" target="https://www.rfc-editor.org/rfc/rfc5890">
          <front>
            <title>Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework</title>
            <author fullname="J. Klensin" initials="J." surname="Klensin"/>
            <date year="2010" month="August"/>
          </front>
          <seriesInfo name="RFC" value="5890"/>
          <seriesInfo name="DOI" value="10.17487/RFC5890"/>
        </reference>

        <reference anchor="RFC8259" target="https://www.rfc-editor.org/rfc/rfc8259">
          <front>
            <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
            <author fullname="T. Bray" initials="T." surname="Bray" role="editor"/>
            <date year="2017" month="December"/>
          </front>
          <seriesInfo name="STD" value="90"/>
          <seriesInfo name="RFC" value="8259"/>
          <seriesInfo name="DOI" value="10.17487/RFC8259"/>
        </reference>

        <reference anchor="RFC8615" target="https://www.rfc-editor.org/rfc/rfc8615">
          <front>
            <title>Well-Known Uniform Resource Identifiers (URIs)</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <date year="2019" month="May"/>
          </front>
          <seriesInfo name="RFC" value="8615"/>
          <seriesInfo name="DOI" value="10.17487/RFC8615"/>
        </reference>

        <reference anchor="RFC8725" target="https://www.rfc-editor.org/rfc/rfc8725">
          <front>
            <title>JSON Web Token Best Current Practices</title>
            <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/>
            <author fullname="D. Hardt" initials="D." surname="Hardt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date year="2020" month="February"/>
          </front>
          <seriesInfo name="BCP" value="225"/>
          <seriesInfo name="RFC" value="8725"/>
          <seriesInfo name="DOI" value="10.17487/RFC8725"/>
        </reference>

        <reference anchor="RFC8785" target="https://www.rfc-editor.org/rfc/rfc8785">
          <front>
            <title>JSON Canonicalization Scheme (JCS)</title>
            <author fullname="A. Rundgren" initials="A." surname="Rundgren"/>
            <author fullname="B. Jordan" initials="B." surname="Jordan"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <date year="2020" month="June"/>
          </front>
          <seriesInfo name="RFC" value="8785"/>
          <seriesInfo name="DOI" value="10.17487/RFC8785"/>
        </reference>

        <reference anchor="RFC6838" target="https://www.rfc-editor.org/rfc/rfc6838">
          <front>
            <title>Media Type Specifications and Registration Procedures</title>
            <author fullname="N. Freed" initials="N." surname="Freed"/>
            <author fullname="J. Klensin" initials="J." surname="Klensin"/>
            <author fullname="T. Hansen" initials="T." surname="Hansen"/>
            <date year="2013" month="January"/>
          </front>
          <seriesInfo name="BCP" value="13"/>
          <seriesInfo name="RFC" value="6838"/>
          <seriesInfo name="DOI" value="10.17487/RFC6838"/>
        </reference>
      </references>

      <references>
        <name>Informative References</name>

        <reference anchor="RFC9421" target="https://www.rfc-editor.org/rfc/rfc9421">
          <front>
            <title>HTTP Message Signatures</title>
            <author fullname="A. Backman" initials="A." surname="Backman" role="editor"/>
            <author fullname="J. Richer" initials="J." surname="Richer" role="editor"/>
            <author fullname="M. Sporny" initials="M." surname="Sporny"/>
            <date year="2024" month="February"/>
          </front>
          <seriesInfo name="RFC" value="9421"/>
          <seriesInfo name="DOI" value="10.17487/RFC9421"/>
        </reference>


        <reference anchor="WEBBOTAUTH" target="https://datatracker.ietf.org/doc/draft-meunier-web-bot-auth-architecture/">
          <front>
            <title>Web Bot Auth Architecture</title>
            <author fullname="T. Meunier" initials="T." surname="Meunier"/>
            <author fullname="S. Major" initials="S." surname="Major"/>
            <date year="2026"/>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-meunier-web-bot-auth-architecture"/>
        </reference>

        <reference anchor="KYAPAY" target="https://datatracker.ietf.org/doc/draft-skyfire-kyapayprofile-01/">
          <front>
            <title>KYAPay Profile</title>
            <author><organization>IETF</organization></author>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-skyfire-kyapayprofile-01"/>
        </reference>

        <reference anchor="RFC7591" target="https://www.rfc-editor.org/rfc/rfc7591">
          <front>
            <title>OAuth 2.0 Dynamic Client Registration Protocol</title>
            <author fullname="J. Richer" initials="J." surname="Richer" role="editor"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="M. Machulak" initials="M." surname="Machulak"/>
            <author fullname="P. Hunt" initials="P." surname="Hunt"/>
            <date year="2015" month="July"/>
          </front>
          <seriesInfo name="RFC" value="7591"/>
          <seriesInfo name="DOI" value="10.17487/RFC7591"/>
        </reference>

        <reference anchor="RFC6698" target="https://www.rfc-editor.org/rfc/rfc6698">
          <front>
            <title>The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA</title>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <author fullname="J. Schlyter" initials="J." surname="Schlyter"/>
            <date year="2012" month="August"/>
          </front>
          <seriesInfo name="RFC" value="6698"/>
          <seriesInfo name="DOI" value="10.17487/RFC6698"/>
        </reference>

        <reference anchor="RFC9162" target="https://www.rfc-editor.org/rfc/rfc9162">
          <front>
            <title>Certificate Transparency Version 2.0</title>
            <author fullname="B. Laurie" initials="B." surname="Laurie"/>
            <author fullname="E. Messeri" initials="E." surname="Messeri"/>
            <author fullname="R. Stradling" initials="R." surname="Stradling"/>
            <date year="2021" month="December"/>
          </front>
          <seriesInfo name="RFC" value="9162"/>
          <seriesInfo name="DOI" value="10.17487/RFC9162"/>
        </reference>

        <reference anchor="FIPS204" target="https://csrc.nist.gov/pubs/fips/204/final">
          <front>
            <title>Module-Lattice-Based Digital Signature Standard</title>
            <author>
              <organization>National Institute of Standards and Technology</organization>
            </author>
            <date year="2024" month="August"/>
          </front>
          <seriesInfo name="FIPS" value="204"/>
        </reference>

        <reference anchor="LEI" target="https://www.gleif.org/">
          <front>
            <title>Legal Entity Identifier</title>
            <author>
              <organization>Global Legal Entity Identifier Foundation</organization>
            </author>
            <date year="2026"/>
          </front>
        </reference>
      </references>
    </references>

    <section anchor="acknowledgements" numbered="false">
      <name>Acknowledgements</name>
      <t>The author thanks the participants of the IETF
      web-bot-auth working group for their engagement, and
      in particular David Schinazi and Rifaat Shekh-Yusef
      for their guidance in directing this work toward the
      DISPATCH working group. The author also acknowledges
      the complementary work in draft-skyfire-kyapayprofile,
      which addresses agent-side identity in a manner that
      this document's merchant-side framework is designed
      to complement.</t>
    </section>

    <section anchor="document-history" numbered="false">
      <name>Document History</name>
      <t>This section is to be removed by the RFC Editor before
      publication.</t>

      <t>Changes from -00 to -01 (author revision):</t>

      <ul>
        <li>Added Motivating Scenario in
        <xref target="problem-statement"/>.</li>
        <li>Added dedicated Non-Goals section
        (<xref target="non-goals"/>) explicitly excluding trust
        scoring, ranking, endorsement, payment authorization,
        agent identity, identity of natural persons, and
        central registries.</li>
        <li>Added Relationship to Existing Work section
        (<xref target="relationship-existing-work"/>) covering
        X.509/Web PKI, W3C VC/DID, OAuth Dynamic Client
        Registration, SPIFFE, and DNS-based identity.</li>
        <li>Added Issuance Models and Assurance Considerations
        section (<xref target="issuance-models"/>) describing
        self-issuance, third-party issuance, external evidence,
        and relying party policy.</li>
        <li>Refactored proof envelope: separated proof.type
        (envelope format identifier) from proof.alg (signature
        algorithm identifier); renamed proof type from
        MerchantIdentityProof-EdDSA-v1 to
        MerchantIdentityProof-v1.</li>
        <li>Added Cryptographic Agility section
        (<xref target="crypto-agility"/>) including
        post-quantum considerations and ML-DSA reference.</li>
        <li>Tightened Key Directory caching, rotation, and
        unreachable-directory requirements
        (<xref target="key-directory"/>).</li>
        <li>Restructured Freshness and Revocation
        (<xref target="freshness-and-revocation"/>) to
        distinguish identity revocation, explicit revocation,
        and operational revocation through key rotation.</li>
        <li>Added Security Considerations subsections on Domain
        Transfer, Stale Assertions, Downgrade Attacks, and
        Third-Party Authorization Poisoning.</li>
        <li>Registered media type
        application/merchant-delegation+json
        (<xref target="media-type-midd"/>) and updated the
        third-party authorization section to use it.</li>
        <li>Added Versioning subsection
        (<xref target="versioning"/>) clarifying the
        independent version semantics of the Claims Object
        and the proof envelope.</li>
        <li>Added normative Domain Comparison rules
        (<xref target="terminology"/>) covering IDNA2008
        A-label normalization, trailing-dot handling, and
        case-insensitive comparison; updated verification
        steps to reference these rules.</li>
        <li>Clarified the relationship between
        proof.verificationMethod and issuer.keyDirectory:
        only the authority component is compared, and the
        path component MAY differ.</li>
        <li>Added MIA endpoint cache-control guidance
        (<xref target="rev-validity-period"/>).</li>
        <li>Made the Key Directory dependency for MIDD-based
        third-party authorization explicit
        (<xref target="third-party-auth"/>); clarified that
        DNS-only authorization does not require subject-domain
        Key Directory.</li>
        <li>Added clock-skew tolerance for ERT iat/exp
        validation (<xref target="replay-attacks"/>).</li>
        <li>Added evidenceUris failure-handling guidance
        (<xref target="claim-fields-optional"/>): retrieval
        failure does not invalidate the MIA absent
        deployment-specific policy.</li>
        <li>Added MIA fetch failure handling and redirect
        prohibition in the verification procedure
        (<xref target="verification-procedure"/>).</li>
        <li>Added Issuer-Side Correlation privacy
        consideration (<xref target="issuer-correlation-privacy"/>).</li>
        <li>Added a paragraph clarifying the architectural
        relationship between MIA and existing transport-layer
        agent identity mechanisms (Web Bot Auth, HTTP Message
        Signatures) in <xref target="introduction"/>.</li>
        <li>Editorial improvements throughout.</li>
      </ul>
    </section>
  </back>

</rfc>
