UCP Binding · v1
Fidacy Trust-Verdict Binding (UCP)
How a Fidacy trust verdict rides the Universal Commerce Protocol. A signed approve / review / deny decision that anyone verifies independently, without trusting Fidacy.
signals mechanism, and the signed EdDSA JWS is the source of truth. Canonical spec lives in fidacy-open/spec.Binding URI
https://fidacy.com/ucp/extensions/trust-verdict/v1
Where the verdict rides: a UCP signal
UCP's signals schema defines signals as values that must not be buyer-asserted and are instead “independently verifiable third-party attestations”, keyed by reverse-domain identifiers. A Fidacy verdict is exactly that, so it rides under com.fidacy.trust_verdict:
"signals": {
"com.fidacy.trust_verdict": {
"format": "application/vc+jws",
"jws": "<compact EdDSA JWS, the signed verdict>",
"kid": "<signing key id>",
"provider_jwks": "https://api.fidacy.com/.well-known/jwks.json",
"payload": { "decision": "approve", "score": 12 }
}
}Advisory action
Fidacy is a third-party trust layer, not a UCP business or platform, and does not own the checkout status. Alongside the signal it returns an advisory recommended_action the merchant maps onto its own state: approve → proceed, review → step_up (UCP requires_escalation), deny → decline.
Verify it yourself
The convenience fields are untrusted hints until the JWS is verified. A recipient reads jws, fetches the public JWKS (provider_jwks), and checks the EdDSA signature with @fidacy/verify. No trust in Fidacy required.
What this binding does not do
- ·It does not publish a
/.well-known/ucpprofile. That document is hosted by a business or a platform; Fidacy is neither. Key discovery is theprovider_jwksinline in the signal. - ·It does not redefine the checkout schema. The verdict is a signal contributed to the existing
signalsnamespace.
Resources
- ·Full binding spec (fidacy-open/spec)
- ·@fidacy/verify, open-source verifier