Humanitarian Service Marketplace – Trust Framework

Governance specification for the humanitarian-service-marketplace ecosystem. Defines who participates, what credentials exist, how authority is delegated, and what obligations each role carries. Generated by /keri-c0-ecosystem.

1. Executive Summary

The Humanitarian Service Marketplace trust framework establishes a KERI-native governance model for volunteer service coordination. It replaces siloed platforms and centralized trust intermediaries with cryptographically verifiable relationships using Autonomic Identifiers (AIDs), Authentic Chained Data Containers (ACDCs), and delegated authority hierarchies.

This ecosystem unifies the fragmented landscape of humanitarian service — where organizations like the Red Cross, United Way, faith-based organizations, and countless grassroots groups each operate independently — into a shared marketplace where service needs and volunteer capacity flow freely across organizational boundaries. The individual is at the center: they own their identity, credentials, and service history. Organizations become peers in a permissionless network, differentiated by reputation depth rather than gatekeeping authority.

Scope: A cross-organizational ecosystem where individuals and organizations declaratively state service needs, and credentialed volunteers contractually commit to meet those needs. Service organizations participate as peers — each credentialing and vetting volunteers according to their own governance, while service opportunities and verified service records flow freely across organizational boundaries. Trust is rooted in verifiable credentials: whoever issues a credential also verifies it. Volunteers build portable reputation through cryptographically verified service history owned by the individual.

Regulatory basis: State nonprofit reporting requirements, tax-exempt status auditing, child protection laws, OSHA regulations, SEDI frameworks, GDPR / state privacy laws.

Design principles:

• Permissionless entry — anyone can participate; reputation grows organically
• Graduated publication — service needs flow from intimate circles outward, with AI-assisted formality
• Individual data sovereignty — organizations receive contractual views, never copies
• Composable trust — KYV standards built from component credentials; multiple standards coexist
• Automated verification — proof-of-service through location, biometrics, and digital tools
• Aligned incentives — service records are truth, not tradeable currency; no conflicts of interest
• Compliance as optional tiers — grassroots needs nothing; formality layers grow with scale

2. Governance Authority

2.1 Governing Body

This ecosystem is intentionally decentralized — there is no single governing body. Governance authority is distributed across participants according to their role and the formality of their operations.

At the grassroots level, governance is implicit: friends help friends, neighbors help neighbors, and trust is personal. As organizations scale, they adopt governance structures appropriate to their formality: KYV programs, credential standards, interoperability agreements. The largest organizations (Red Cross, United Way, faith-based institutions) serve as trust anchors not by decree but by reputation — their KYV standards carry weight because they have invested in robust vetting processes.

Government agencies provide the ultimate trust root through SEDI (State-Endorsed Digital Identity) and regulatory frameworks, but government participation is not required for the ecosystem to function at any level.

The ecosystem’s governance model is evolutionary: it meets people where they are and grows with them.

2.2 Regulatory Frameworks

• State nonprofit reporting requirements (scales with organizational formality)
• Tax-exempt status auditing (IRS 990 reporting for formal organizations)
• Child protection laws (background checks required for service involving minors)
• OSHA regulations (applicable to physical labor volunteer activities)
• State-Endorsed Digital Identity (SEDI) frameworks (Utah leading, multi-state adoption)
• GDPR / state privacy laws (where applicable to personal data handling)

2.3 Framework Versioning

This trust framework is versioned. Changes to credential schemas, role definitions, or delegation rules require a new version published to the ecosystem’s schema registry. Participants MUST verify framework version before issuing or accepting credentials.

3. Participant Roles

3.1 Role Summary

3.2 Role Details

Individual (individual)

Description: A person — can be a requester, volunteer, or both. Owns their identity, credentials, and service history. The center of the ecosystem. May hold a SEDI identity or bootstrap trust through ecosystem-native KYV credentials.

Governance obligations:

• Maintain key security for their AID
• Provide truthful self-asserted data (equipment inventory, availability)
• Honor service commitments or revoke them before the commitment window

Credentials issued: service_need, equipment_inventory, guardian_delegation Credentials required to participate: (none — permissionless entry)

Guardian (guardian)

Description: Manages a delegated AID on behalf of someone who cannot manage their own (minor, elderly, person with disabilities). The ward retains their own AID — the guardian holds a delegated AID that acts within a cryptographically bounded scope. When the ward gains capacity, delegation can be revoked and they take full control.

Governance obligations:

• Act within the scope defined by the guardian_delegation credential
• Preserve the ward’s AID and transfer control when delegation ends
• Comply with applicable guardianship laws and court orders

Credentials issued: (none) Credentials required to participate: guardian_delegation

Grassroots Organization (grassroots_org)

Description: Informal groups — neighborhood clubs, homeschool co-ops, friend networks, small faith communities — that publish needs and coordinate volunteers without formal governance. Permissionless entry. Same protocols as large platforms, different scale and reputation depth.

Governance obligations:

• Publish service needs accurately
• Honor interoperability agreements with partner organizations
• Comply with legal obligations that scale with organizational formality

Credentials issued: service_need, org_membership, service_record Credentials required to participate: (none — permissionless entry)

Service Platform (service_platform)

Description: Formal organizations (Red Cross, United Way, Church of Jesus Christ of Latter-day Saints, etc.) that operate as marketplace peers — matching volunteers to needs, running KYV programs, and serving as trust anchors. Their value-add may evolve as the ecosystem matures: KYV vetting, disaster coordination at scale, government liaison, rather than simply being middlemen.

Governance obligations:

• Maintain witness pool with >= 3 geographically distributed witnesses
• Publish OOBI endpoints for discovery
• Operate KYV programs per published standards
• Honor interoperability and attribution agreements with partner platforms
• Report duplicity evidence to governance body
• Comply with nonprofit reporting and tax-exempt auditing requirements

Credentials issued: org_membership, service_record, service_need, kyv_standard, interop_agreement, attribution_agreement Credentials required to participate: platform_registration

Credential Provider (credential_provider)

Description: Entities that issue skill and training credentials — trade schools, CPR trainers, online education platforms, professional licensing bodies. The issuer is also the verifier: whoever grants the credential is responsible for confirming its validity.

Governance obligations:

• Verify credential validity when queried
• Revoke credentials when underlying qualifications expire or are lost
• Maintain credential schemas in the ecosystem schema registry
• Publish OOBI endpoints for credential verification

Credentials issued: skill_credential Credentials required to participate: (none)

KYV Provider (kyv_provider)

Description: Entities running Know Your Volunteer programs — composing background checks, training certificates, psychological evaluations, and other component credentials into a KYV credential. Multiple KYV standards coexist, each with known strengths and weaknesses. Could be a service platform, a specialized provider, or a consortium. As the ecosystem matures, high-standard KYV becomes accessible even to small organizations.

Governance obligations:

• Publish the KYV standard definition (what component credentials are required)
• Verify all component credentials before issuing KYV credential
• Revoke KYV credentials when component credentials expire or are revoked
• May require in-person training or other governance structures as they see fit

Credentials issued: kyv_credential Credentials required to participate: kyv_standard

Verification Service (verification_service)

Description: Background check providers, identity verification services, biometric verification providers — the component suppliers that feed into KYV and other composite credentials. Specialized providers that serve multiple KYV providers and platforms.

Governance obligations:

• Perform checks according to published standards
• Issue results as verifiable credentials with clear methodology disclosure
• Maintain data privacy per legal and contractual obligations

Credentials issued: background_check, proof_of_service Credentials required to participate: (none)

Government Agency (government_agency)

Description: Regulatory bodies that issue licenses (SEDI identity, professional licenses), receive tax reporting, and enforce child protection laws. Consumes aggregated, auditable roll-ups of service data. Benefits from KERI’s automatic verifiability — reduced accounting overhead, provable compliance.

Governance obligations:

• Issue SEDI and other government-backed credentials per regulatory standards
• Publish credential schemas and verification endpoints
• Accept and validate aggregated reporting from ecosystem participants

Credentials issued: sedi_identity, platform_registration Credentials required to participate: (none)

4. Credential Governance

4.1 Issuance Rules

Each credential type has a designated issuer role. Only AIDs holding the required role credential may issue that credential type. Issuance MUST:

• Validate the issuer holds a current, unrevoked role credential (where applicable)
• Verify schema compliance before signing
• Anchor the TEL issuance event in the issuer’s KEL
• Collect witness receipts meeting the ecosystem’s threshold

Special considerations for this ecosystem:

• Composable KYV credentials MUST verify all component credentials are current and unrevoked before issuance
• Service records MUST chain from a valid proof-of-service credential
• Self-asserted credentials (equipment_inventory) carry lower trust weight and may be endorsed by organizations to increase trust

4.2 Revocation Policies

• Issuers MAY revoke credentials they have issued at any time
• Revocation is immediate upon TEL rev event anchored in the issuer’s KEL
• Governance body MAY mandate revocation for policy violations
• Revoked credentials MUST NOT be accepted by verifiers
• KYV credentials are automatically invalidated when any component credential is revoked
• Guardian delegations are revocable by the ward (or their legal representative) at any time

4.3 Dispute Resolution

Disputes are resolved through cryptographic evidence. The KEL/TEL audit trail shows exactly who verified what credentials, who authorized what actions, and what proof-of-service was recorded. Duplicity (equivocation) detected by watchers constitutes automatic grounds for credential suspension.

For formal organizations, a governance body convenes a judge/jury panel to evaluate evidence. For grassroots interactions, the cryptographic record itself serves as the basis for any legal proceedings. Liability follows the audit trail — if a platform verified credentials that were fraudulent, the chain shows where fraud originated. If a platform failed to verify, that omission is equally visible.

Duplicity (equivocation) detected by watchers constitutes automatic grounds for credential suspension. The governance body convenes a judge/jury panel to evaluate duplicity evidence and render a binding judgment.

5. Infrastructure Obligations

5.1 Witness Pool Requirements

Roles operating witness pools (service_platform, credential_provider, kyv_provider, government_agency) MUST:

• Maintain a minimum of 3 geographically distributed witnesses
• Achieve KAACE consensus threshold before confirming events
• Publish OOBI endpoints for witness discovery
• Monitor witness availability and rotate failed witnesses

5.2 Watcher Network Requirements

Roles subscribing to watcher networks (service_platform, kyv_provider, government_agency) MUST:

• Sync KELs for all AIDs they interact with
• Report duplicity evidence to the governance body
• Maintain first-seen records for audit purposes

5.3 Agent Service Requirements

All roles running KERIA agents MUST:

• Secure private key material (never at rest on disk unencrypted)
• Implement key rotation on a schedule defined by the governance body (or self-determined for individuals)
• Maintain backup and recovery procedures
• Support the IPEX protocol for credential exchange

5.4 Proof-of-Service Infrastructure

Entities providing proof-of-service verification MUST support at least one of:

• Geolocation verification: Signed GPS + barometric data at regular intervals via phone KEL
• Biometric verification: Face scan or fingerprint at check-in/check-out, signed and anchored
• Digital tool verification: Signed interaction logs from software or online tools used during service
• Manual attestation: Event sponsor or requester signs a completion attestation (lowest verification strength)

Each verification method MUST record its type and strength level in the proof-of-service credential.

6. Privacy Framework

6.1 Disclosure Modes

• State-Endorsed Digital Identity: selective disclosure
• Know Your Volunteer Credential: selective disclosure
• Skill/Training Certificate: full disclosure
• Verified Service Record: selective disclosure
• Equipment/Tool Availability: full disclosure
• Organization Membership: full disclosure
• Service Need Publication: selective disclosure
• Service Commitment Agreement: full disclosure
• Proof of Service: selective disclosure
• Platform Registration: full disclosure
• KYV Standard Definition: full disclosure
• Interoperability Agreement: full disclosure
• Background Check Result: selective disclosure
• Guardian Delegation Authority: selective disclosure
• Service Attribution Agreement: full disclosure

6.2 Data Minimization

Verifiers MUST request only the minimum credential fields required for their purpose. Selective disclosure credentials MUST be presented in compact form unless the verifier demonstrates a legitimate need for full disclosure.

Specific to this ecosystem:

• Government tax reporting receives aggregated hours and verification strength — never raw location or biometric data
• Service need publications reveal only category and general location to unqualified viewers — full details disclosed only to credential-verified volunteers
• Background check details are visible only to KYV providers, never to end requesters or platforms

6.3 Consent

Credential holders control presentation. No credential may be verified without the holder initiating the IPEX presentation exchange. The holder’s agent MUST prompt for consent before disclosing attributes.

Guardian-managed AIDs follow the same consent model — the guardian consents on behalf of the ward, within the scope defined by the guardian_delegation credential.

6.4 Privacy Requirements

• Volunteer personal data owned by the individual — organizations receive contractual views, not copies
• Service need publications use selective disclosure to protect requester vulnerability
• Biometric and location proof-of-service data exposed only on selective disclosure basis
• Guardian-managed AIDs for minors and vulnerable populations — scope-bounded delegation
• Privacy violations are provable via cryptographic audit trail — law is the enforcement mechanism
• Platforms and individuals bound by legally enforceable contracts governing data use

7. Liability Framework

7.1 Issuer Liability

Credential issuers are liable for the accuracy of claims at the time of issuance. Issuers MUST revoke credentials when underlying facts change. In this ecosystem:

• KYV providers are liable for the integrity of their vetting process
• Credential providers are liable for the accuracy of skill/training certifications
• Government agencies are liable for the accuracy of SEDI identities and platform registrations

7.2 Verifier Liability

Verifiers are liable for checking revocation status and duplicity evidence before relying on a credential. Platforms that match volunteers to service needs based on credential verification carry liability proportional to their verification commitments — the cryptographic record shows exactly what was checked and what was not.

7.3 Holder Liability

Holders are liable for maintaining key security. Compromise of a holder’s keys does not invalidate properly-issued credentials but requires immediate key rotation and re-issuance. Volunteers are liable for honoring service commitments they have cryptographically signed.

7.4 Infrastructure Liability

Witness pool operators are liable for availability and first-seen integrity. Watcher operators are liable for timely duplicity reporting. Proof-of-service infrastructure providers are liable for the accuracy of their verification methodology.

7.5 Platform Liability

Service platforms that verify volunteer credentials and match them to service needs carry liability for the quality of their verification process. If a platform’s KYV standard is insufficient and a safety incident occurs, the cryptographic trail shows exactly what standard was applied and what it required. Liability follows the audit trail — not assumptions or finger-pointing.

8. Interoperability

Transportation Ecosystem Bridge

Bridge credentials: driver_credential, vehicle_credential

Data flows:

• Volunteers and requesters access ride-sharing for service-related transportation
• Transportation providers verify volunteer status for priority or subsidized rides

Tool-Sharing Ecosystem Bridge

Bridge credentials: tool_listing_credential, borrower_reputation

Data flows:

• Volunteers discover and borrow tools needed for service work
• Tool owners verify volunteer KYV status before lending high-value equipment

SEDI Digital Identity Bridge

Bridge credentials: sedi_identity

Data flows:

• State-endorsed digital identity serves as gold-standard root of trust for the ecosystem
• SEDI credentials bootstrap trust for new participants without existing ecosystem reputation

Insurance Ecosystem Bridge

Bridge credentials: liability_coverage_credential, workers_comp_credential

Data flows:

• Formal service platforms verify liability coverage for high-risk volunteer activities
• Insurance providers consume verified service records for risk assessment

Tax Reporting Ecosystem Bridge

Bridge credentials: service_hour_aggregation, tax_deduction_certificate

Data flows:

• Government agencies receive aggregated, auditable volunteer hour roll-ups
• Individuals claim tax deductions backed by cryptographically verified service records

Cross-ecosystem credential verification requires both ecosystems to publish compatible OOBIs and recognize each other’s governance frameworks. Bridge credentials MUST chain from a credential recognized in both ecosystems.

9. Delegation Trees

Government Authority Delegation

government_agency (root)
  → service_platform (scope: "Operate as recognized service marketplace", depth: 2)
    → grassroots_org (scope: "Coordinate volunteers within platform", depth: 1)
  → credential_provider (scope: "Issue credentials within licensed domain", depth: 1)
  → kyv_provider (scope: "Administer KYV programs per approved standards", depth: 1)

Platform Trust Anchor Delegation

service_platform (root — as ecosystem trust anchor)
  → kyv_provider (scope: "Issue KYV credentials per platform's standard", depth: 1)
  → verification_service (scope: "Perform background checks for platform participants", depth: 1)
  → grassroots_org (scope: "Coordinate volunteers and publish needs on platform", depth: 1)

Individual Self-Sovereign Delegation

individual (root — self-sovereign)
  → guardian (scope: "Manage delegated AID on behalf of ward", depth: 1)

Note: The ward (person being guarded) retains their own AID. The guardian holds a delegated AID that operates within the cryptographically bounded scope defined by the guardian_delegation credential. When the ward gains capacity (a child grows up, an elderly person recovers), the delegation is revoked and they take full control of their AID.

Next Steps

• Run /keri-c1-system to design services within this ecosystem
• Credential schemas in credential-catalog.md define the ACDC a block for each type
• Infrastructure patterns are selected at C2 based on role requirements in this document