ubl-id 0.2.0

Universal Business Ledger identity primitives: DIDs (did:ubl:*), CIDs (cid:blake3:*), Wallets, and PoP headers. The identity kernel for the UBL ecosystem.
Documentation

ubl-id — Universal Business Ledger Identity Primitives

Crates.io Documentation License

UBL — Universal Business Ledger and Security OS for Agents

Audit-ready, EU-grade privacy standards. Incredibly easy onboarding for humans and LLMs.

The identity kernel for the UBL ecosystem. Provides unified primitives for:

  • DIDs — Decentralized Identifiers for entities (users, orgs, agents, apps, wallets)
  • CIDs — Content Identifiers for immutable data (chips, blueprints, proofs)
  • Wallets — Ephemeral Ed25519 keypairs for session-based signing
  • PoP — Proof-of-Possession headers for request authentication

Installation

[dependencies]
ubl-id = "0.2"

# With Directory resolution
ubl-id = { version = "0.2", features = ["resolve"] }

Quick Start

use ubl_id::{Did, DidType, Cid, Wallet};

// Create DIDs for different entity types
let user = Did::ubl(DidType::User, "daniel");      // Human
let org = Did::ubl(DidType::Org, "logline");       // Company
let agent = Did::ubl(DidType::Agent, "gpt4");      // LLM
let app = Did::ubl(DidType::App, "minicontratos"); // Application

// Create a CID from JSON (canonical serialization)
let data = serde_json::json!({"type": "policy", "version": "1.0"});
let cid = Cid::from_json(&data).unwrap();

// Generate an ephemeral wallet for this session
let wallet = Wallet::generate();

// Sign a PoP header for an HTTP request
let pop = wallet.sign_pop("POST", "/v1/chips/mint").unwrap();

DID Types

UBL treats humans and LLMs as equal citizens:

DID Entity Type Example
did:ubl:user:* Human user did:ubl:user:daniel
did:ubl:org:* Organization did:ubl:org:logline
did:ubl:agent:* LLM/AI agent did:ubl:agent:gpt4
did:ubl:app:* Application did:ubl:app:minicontratos
did:ubl:wallet:* Ephemeral session did:ubl:wallet:sess123
did:key:z* Self-certifying key did:key:z6Mk...

CID (Content Identifier)

Content-addressed, immutable identifiers using BLAKE3 + canonical JSON:

  • Alphabetically sorted keys
  • Normalized Unicode (NFC)
  • No extra whitespace

When an LLM generates JSON, the server gets identical bytes → identical hash → zero-trust verification works.

Audit-Ready by Design

Every identity operation produces traceable receipts:

{
  "kind": "chip.mint.v1",
  "tenant": "logline",
  "who": {"did": "did:key:z..."},
  "act": {"did": "did:ubl:user:daniel"},
  "trace": {"trace_id": "01HQXYZ...", "ts": 1704067200}
}

EU-Grade Privacy

  • Self-sovereign identity: Users control their DIDs
  • Minimal disclosure: PoP headers prove possession without exposing secrets
  • Ephemeral sessions: Wallets expire, limiting exposure window
  • Content-addressed: CIDs are just hashes, no PII embedded

Related Crates

Crate Purpose
ubl-auth Ed25519 JWT/JWKS verification
json_atomic Canonical JSON serialization
chip_as_code Semantic chips with GateBox

License

MIT OR Apache-2.0

UBL — Making AI agents first-class business citizens, with the same audit trail as humans.