The open standard for cryptographic capability certification.
UCCO defines how capability credentials are issued, verified, revoked, and audited — for both human and autonomous actors. Every certification carries cryptographic proof of who issued it, who holds it, and what they demonstrated.
The internet moved data without knowing who sent it. UCCO moves capability with full knowledge of who holds it, what they're certified to do, and what they actually did.
| Document | Version | Status |
|---|---|---|
| UCCO Standard | v1.1 Rev2 | Draft |
- Scope — what UCCO covers and what it doesn't
- Normative References — external standards UCCO depends on
- Terms and Definitions — canonical vocabulary
- UCCO Data Model — the certification object structure
- Cryptographic Operations — signing, chain hashing, verification
- Lifecycle Management — issuance, renewal, transfer
- Revocation and Expiry — how credentials die
- Conformance Requirements — what "UCCO-conforming" means
Read the standard. That's it. UCCO is a specification, not a software library.
If you're building a conforming implementation:
- Read the full standard document
- Implement the data model (Section 4)
- Implement the cryptographic operations (Section 5)
- Pass the conformance requirements (Section 8)
UCCO is developed in the open. Everyone can contribute.
- Discussions — ask questions, propose ideas, share feedback
- Issues — report problems or request changes to the spec
- Pull Requests — propose edits to the standard
See CONTRIBUTING.md for guidelines.
The UCCO Foundation maintains this standard as a public good. The foundation is independent of any single implementation.
The UCCO standard document is licensed under CC BY 4.0.
Reference implementations and test suites (when published) will be licensed under the Apache License 2.0.
- Website: ucco.foundation
- Contact: admin@ucco.foundation