Trust Architecture
Verifiable credentials, digital product passports, cryptographic trust, and compliance verification.
Overview
GoSource is a global leader in digital trust architecture — systems that make claims, credentials, and compliance evidence verifiable by anyone, anywhere, without contacting the issuer. Steven Capell is Vice-Chair of UN/CEFACT Digital Foundations and Project Lead for the UN Transparency Protocol (UNTP), a global framework for supply chain transparency implemented by 80+ experts across 20 countries. Ashley Harwood is a UN Registered Expert and lead maintainer of the UNTP open-source reference implementation. Both are members of the W3C Working Groups for Verifiable Credentials and Decentralised Identifiers.
This is not consulting about standards — it is creating them.
The Problem
Compliance verification today relies on self-assessed reporting and manual audits of tiny samples. Australian Border Force compliance audits find roughly 25% non-compliance from a sample of about 0.01% of all import consignments. Product safety certificates are hard to find and harder to verify. Studies show as many as 70% of sustainability claims are fake or misleading. And the problem is getting worse: AI tools make evidence increasingly easy to fabricate.
AI can fake a PDF, a signature, even a hologram. It cannot fake cryptography. A verifiable credential is mathematically tamper-proof and instantly verifiable by any party.
How It Works
The Verifiable Credentials Model
The W3C Verifiable Credentials standard provides the foundation:
- Issuer — an authority that creates a credential (a government agency issuing a permit, a certifier issuing a compliance certificate).
- Holder — the entity that receives and holds the credential (an exporter, a business).
- Verifier — any party that checks the credential’s authenticity (a regulator, an auditor).
The credential is cryptographically signed by the issuer. The verifier confirms authenticity by checking the digital signature against the issuer’s public key. Any modification invalidates the signature. This replaces “trust me” with “verify it.”
Digital Product Passports
For supply chain transparency, we design Digital Product Passports (DPPs) — verifiable credentials attached to products or shipments containing product identity, conformity credentials (third-party certificates linked as verifiable evidence), and traceability events showing the product’s journey from origin to destination. DPPs are human-readable (via QR code) and machine-readable (for automated compliance systems). End-to-end traceability follows links from passport to passport using resolvable identifiers — no central platform required.
Applicable Domains
| Domain | Credential Examples |
|---|---|
| Trade & border | Certificates of origin, CITES permits, customs declarations |
| Agriculture & food | Deforestation-free certificates, organic certifications, food safety |
| Licences & permits | Business licences, building permits, export licences |
| Financial | Bank statements, insurance certificates, credit assessments |
| Education | University degrees, professional certifications |
| Health | Vaccination records, practitioner registrations |
From Manual Audit to Continuous Verification
- Issue verifiable credentials. The authority begins creating digitally verifiable versions of its documents alongside existing paper/PDF processes.
- Enable manual verification. QR codes on existing documents allow any recipient to scan and verify authenticity within current business processes.
- Enable machine verification. Automated retrieval and verification of structured credentials, checking authenticity algorithmically.
- Continuous compliance. Every credential in every transaction is checked automatically. Human attention is directed only to anomalies.
Principles
- Protocol over platform. Centralised trust platforms (including most blockchain solutions) have failed to scale because they require all participants to use the same system. We design interoperability protocols: any organisation can participate using any system, provided it speaks the same protocol. Software vendors have implemented AATP in weeks using free open-source tools.
- Inclusive by design. A small farmer in regional Australia and a multinational processor both need to participate. Our solutions scale from QR code scanning on paper to full machine-to-machine verification.
- Public good over proprietary advantage. GoSource contributed our anti-counterfeiting protocols and verification tooling (VCKit) to the United Nations as open-source public goods rather than patenting them.
Policy Alignment
- W3C Verifiable Credentials / Decentralised Identifiers — Built on these standards, which GoSource staff co-develop as Working Group members.
- UN/CEFACT — GoSource leads the UN working group on digital trade facilitation. UNTP is published under UNECE Recommendation 49.
- EU Deforestation Regulation (EUDR) — UNTP directly addresses due diligence obligations under EUDR and 16+ other EU sustainability regulations. The European Commission expects UNTP to solve compliance challenges for EU industry.
- Australian Government Digital Identity Framework — Verifiable credentials align with the government’s direction on digital identity.
Evidence
- Case Study: UN Transparency Protocol — GoSource-led global standard; 80+ experts, 20 countries, European Commission endorsement.
- Case Study: Digital Verification Platform — Production platform for cross-border verifiable trade documents (Australia-Singapore); live on AWS/Ethereum.
- Case Study: ABF Cryptographic Credentials / VCKit — W3C VC/DID implementation for border security; VCKit contributed as open-source to UN/CEFACT.
- Case Study: Australian Agriculture Traceability Protocol — “Protocol over platform” architecture for national agricultural traceability; Digital Product Passports for red meat; GoSource appointed to develop national governance framework.
- Staff: Steven Capell — Vice-Chair UN/CEFACT Digital Foundations; UNTP Project Lead; W3C VC and DID Working Groups.
- Staff: Ashley Harwood — UN Registered Expert; UNTP open-source lead maintainer; VCKit core contributor.
Tools & Technologies
- Standards: W3C Verifiable Credentials, W3C Decentralised Identifiers, Open Attestation
- Credential Tooling: VCKit (GoSource-developed, open-source via UN/CEFACT), Digital Product Passports
- Trust Anchoring: Government domain-based trust (.gov.au), Ethereum, resolvable identifiers
- Verification: QR code scanning, structured credential APIs, conformity rule engines
- Infrastructure: AWS, Node.js/TypeScript, React
- Protocols: UNTP, AATP, UN/CEFACT verifiable trade documents