Skip to main content
Jira progress: loading…

TG-FEDERATION-EXCHANGE

TrustGate Federation Exchange Engine

0. Identity

Loading identity…

Depends on module:

Decision-grade verification and assurance domain that orchestrates verifier workflows, evidence handling, trust scoring, audit trails, and assurance packaging across CSRD/ESRS and other frameworks. Enables third-party sign-off, dispute handling, and assurance-ready disclosure outputs with replayable provenance.
Domain:
assurance-verification
Category:
trust-assurance
Classification:
module
Lifecycle status:
active
Semver:
1.0.0
Introduced in:
v0.3
Governance
AI risk level:
high
Trust threshold:
0.97
Human review required:
true
Verifier involved:
true
Audit required:
true
Ownership
Primary owner:
Platform
Architecture board:
true
White-label allowed:
true
Entrypoints
Docs:
/verification-assurance
UI:
/app/assurance
API:
/api/assurance
Dependencies
Modules
  • sis
  • input-hub
  • reports-insights-hub
  • zara
  • zaam
Unresolved tokens
  • ALTD
  • DAL
  • EvidenceVault
  • StripeConnect
  • TruliooKYB
  • TrustGate
  • VTE
  • VerifierWorkflowEngine
Engines (declared)
  • VerifierWorkflowEngine
  • DaVE
  • VTE
  • DICE
  • EvidenceVault
  • ALTD
  • DAL
  • TrustGate
  • StripeConnect
  • TruliooKYB
  • AISIM
Micro-engines (from registry)
None
Micro-engines (declared)
None
Signals
USO
  • ASSURANCE.VERIFICATION
  • ASSURANCE.EVIDENCE
  • ASSURANCE.SIGNOFF
  • AUDIT.LINEAGE
  • GOVERNANCE.TRUST
  • IDENTITY.VERIFIER
  • PAYMENT.ESCROW
CSI
  • CSI_VERIFICATION_ASSURANCE
SSSR tags
  • assurance
  • verification
  • verifiers
  • evidence
  • signoff
  • trust-score
  • audit
  • tamper-detection
  • blockchain
  • rfp
  • disputes
  • escrow
  • stripe-connect
Workflows & Outputs
Workflows
  • VerifierOnboardingAndQualification
  • AssuranceRFPAndProposalFlow
  • EvidenceRequestAndCollection
  • EvidenceValidationAndScoring
  • TrustScoreComputationAndPropagation
  • VerifierReviewAndCommenting
  • IssueFlaggingAndDisputeResolution
  • VerifierSignOffAndStamping
  • AssurancePackagingForReports
  • PaymentEscrowAndPayoutOrchestration
Outputs
  • verifier_profiles
  • assurance_requests
  • evidence_packages
  • validation_findings
  • trust_score_updates
  • signoff_stamps
  • assurance_ready_disclosure_packages
  • payment_events
Audit
Ledger:
ALTD
Replay supported:
true
PII policy:
controlled_pii_outside_omr
Tags

1. Purpose

The TrustGate Federation Exchange Engine prepares and validates TrustGate assurance artifacts for secure exchange across ECO entities.

It is responsible for the export, import, validation, redaction, synchronization, and conflict handling of TrustGate trust evidence through the ZAYAZ federation stack.

The engine enables TrustGate outcomes to move beyond a single organization while preserving:

  • ECO Number identity binding;
  • DID-based verification;
  • DAL-backed integrity;
  • replayability;
  • policy-governed disclosure;
  • AFLE-compatible attestation structures;
  • EGFS routing and synchronization;
  • redaction and privacy controls;
  • Carbon Passport interoperability.

The engine is the TrustGate runtime bridge between local assurance decisions and cross-ECO trust exchange.


2. Position within TrustGate Runtime

Trust Scoring


Decision Engine


Replay Engine


Attestation Engine


DAL Anchor Engine


──────────────────────────────────────────
Federation Exchange Engine
──────────────────────────────────────────

├── AFLE Export Package
├── EGFS Federation Message
├── Cross-ECO Import Validation
├── Redacted Assurance Bundle
├── Carbon Passport Trust Link
└── Federation Verification Event

The engine executes after a trust attestation exists and DAL references are available, unless policy permits provisional federation exchange.


3. Canonical Identity

PropertyValue
MEIDMEID_TRUST_EXPORT_FEDERATION
CMIvera.TG-FED.ENGINE.EXPORTER.1_0_0
KINDENGINE
Owner ModuleVerification & Assurance
Runtime TierTier-0 Assurance Runtime
Engine CategoryEXPORT
Engine Domaintrust
ZAR RegistrationRequired
Replay SupportNative
DAL AnchoringRequired
Federation AwareNative

The MEID identifies the stable logical federation exchange engine.

The CMI identifies this specific versioned executable artifact.


4. Runtime Responsibilities

ResponsibilityDescription
Federation ExportPrepare TrustGate attestations and assurance evidence for AFLE/EGFS exchange.
Federation ImportValidate inbound assurance packages from external ECO entities.
ECO Identity BindingVerify ECO Number, DID, controller, and federation node metadata.
Redaction EnforcementApply FAGF and federation-profile redaction rules before export.
DAL Proof BindingAttach ledger references and Merkle inclusion proofs where available.
Replay Reference BindingAttach replay manifests and replay verification status.
Carbon Passport ExchangePrepare trust references for Carbon Passport and DPP workflows.
Signature VerificationVerify inbound package signatures and prepare outbound signature envelopes.
Conflict DetectionDetect inconsistent trust, lineage, identity, or ledger evidence.
Telemetry PublicationEmit federation metrics to AII, DSAIL, VIZZ, AFLE, and EGFS.

The engine must never export raw source data unless explicitly allowed by FAGF policy and the active federation profile.


5. Federation Exchange Types

Exchange TypePurpose
TRUST_ATTESTATION_EXPORTExport TrustGate attestation to another ECO entity.
TRUST_ATTESTATION_IMPORTValidate inbound trust attestation.
CARBON_PASSPORT_TRUST_LINKAttach TrustGate evidence to Carbon Passport exchange.
ASSURANCE_BUNDLE_EXPORTExport auditor-facing evidence package.
FEDERATION_LEDGER_PROOFExchange DAL proof references.
REPLAY_REFERENCE_EXPORTExchange replay manifest and reproducibility metadata.
FEDERATION_CONFLICT_NOTICENotify counterparties of trust or evidence conflict.
REGULATOR_VERIFICATION_PACKAGEProduce regulator-facing read-only verification package.

6. Federation Preconditions

Outbound federation exchange requires:

PreconditionRequired
Valid ECO NumberYes
Valid DIDYes
Valid federation profileYes
Trust attestation existsYes
Trust decision existsYes
Replay manifest existsYes
DAL reference existsYes, unless provisional allowed
Redaction profile resolvedYes
Target ECO or federation audience knownYes
Policy allows exportYes

Inbound federation exchange requires:

PreconditionRequired
Source ECO Number presentYes
Source DID resolvableYes
Signature validYes
DAL reference validConditional
Attestation schema validYes
Federation policy compatibleYes
Redaction status knownYes
Replay reference presentConditional

7. Runtime Processing Pipeline — Export

Receive Export Request


Resolve Federation Profile


Resolve Target Audience


Validate Source Identity


Collect Trust Attestation


Collect DAL and Replay References


Apply Redaction Profile


Create Federation Package


Prepare Signature Envelope


Submit to AFLE / EGFS


Emit Export Event

Outbound exchange must be policy-driven and fully auditable.


8. Runtime Processing Pipeline — Import

Receive Federation Package


Validate Envelope


Verify Source ECO Number


Resolve Source DID


Verify Signature


Validate Schema


Verify DAL Reference


Check Replay Reference


Evaluate Policy Compatibility


Accept / Review / Reject


Emit Import Verification Event

Inbound federation packages must be treated as untrusted until verified.


9. Processing Algorithm — Export

function export_federation_package(request):

profile = resolve_federation_profile(request.target)

assert policy_allows_export(profile, request)

identity = resolve_local_identity(request.eco_number)

attestation = load_trust_attestation(request.attestation_id)

ledger_ref = load_dal_reference(attestation)

replay_ref = load_replay_manifest(attestation)

redacted_payload = apply_redaction_profile(
attestation,
profile.redaction_profile
)

package = create_federation_package(
redacted_payload,
identity,
ledger_ref,
replay_ref,
profile
)

signature_envelope = prepare_signature(package)

submit_to_afle_or_egfs(signature_envelope)

emit_export_event(package)

return package

10. Processing Algorithm — Import

function import_federation_package(package):

validate_package_schema(package)

source_identity = resolve_eco_identity(package.issuer)

verify_did(package.proof.verificationMethod)

verify_signature(package.proof)

verify_dal_reference(package.lineage.dal_ref)

verify_replay_reference(package.lineage.replay_id)

policy_result = evaluate_federation_policy(package)

if policy_result.blocking:
reject_package(package, policy_result)

if policy_result.review_required:
create_review_task(package, policy_result)

emit_import_verified_event(package)

return verification_result

11. Federation Package Model

A canonical TrustGate federation package contains:

FieldDescription
federation_package_idUnique exchange package identifier.
exchange_typeType of federation exchange.
issuerSource ECO Number.
subjectSubject ECO Number, product, passport, or signal.
audienceTarget ECO, buyer, verifier, regulator, or federation region.
trustTrust score, confidence, and decision.
lineageUSO, DAL, replay, and origin references.
policyFAGF and federation policy references.
redactionRedaction profile and disclosure class.
proofSignature or verifiable credential proof envelope.
created_atCreation timestamp.

12. CSI Contracts

12.1. Input CSIs

CSIRequiredPurpose
comp.TG.INPUT.TRUST-ATTESTATION.v1_0YesTrustGate attestation to exchange.
comp.DAL.OUTPUT.LEDGER-REF.v1_0YesDAL reference for evidence integrity.
comp.TG.INPUT.REPLAY-MANIFEST.v1_0ConditionalReplay reference for reproducibility.
comp.EGFS.INPUT.IDENTITY-CONTEXT.v1_0YesECO Number and DID context.
comp.FAGF.INPUT.FEDERATION-POLICY.v1_0YesFederation and redaction policy.
comp.AFLE.INPUT.FEDERATION-PROFILE.v1_0YesAFLE exchange profile.
comp.TG.INPUT.CARBON-PASSPORT-TRUST-REF.v1_0ConditionalCarbon Passport trust linkage.

12.2. Output CSIs

CSIPurpose
comp.AFLE.OUTPUT.FEDERATION-PACKAGE.v1_0AFLE-compatible TrustGate exchange package.
comp.EGFS.OUTPUT.FEDERATION-MESSAGE.v1_0EGFS transport message.
comp.TG.EVENT.FEDERATION-EXPORTED.v1_0Export event.
comp.TG.EVENT.FEDERATION-IMPORTED.v1_0Import event.
comp.TG.EVENT.FEDERATION-VERIFIED.v1_0Verification event.
comp.TG.EVENT.FEDERATION-REJECTED.v1_0Rejection event.
comp.DSAIL.INPUT.FEDERATION-FEEDBACK.v1_0AI feedback event.
comp.AII.INPUT.FEDERATION-TELEMETRY.v1_0AII telemetry.

13. Canonical Export Request

{
"export_request_id": "TGFXR-2026-00001472",
"exchange_type": "TRUST_ATTESTATION_EXPORT",
"issuer": "ECO-A123",
"target": {
"eco_number": "ECO-B456",
"role": "buyer",
"region": "EU"
},
"attestation_id": "TGATT-2026-00001472",
"replay_id": "TGR-2026-00001472",
"dal_ref": "DAL-2026-001245",
"policy_context": {
"policy_bundle": "FAGF-2026.2",
"federation_profile": "buyer_standard_assurance_v1",
"redaction_profile": "standard_federation"
},
"created_at": "2026-06-25T13:42:00Z"
}

14. Canonical Federation Package

{
"@context": [
"https://schema.zayaz.io/trustgate/federation/v1"
],
"federation_package_id": "TGFX-2026-00001472",
"exchange_type": "TRUST_ATTESTATION_EXPORT",
"issuer": "ECO-A123",
"issued_at": "2026-06-25T13:42:00Z",
"audience": {
"eco_number": "ECO-B456",
"role": "buyer"
},
"subject": {
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123"
},
"trust": {
"score": 0.914,
"confidence": 0.936,
"decision": "ACCEPT"
},
"lineage": {
"uso_id": "USO-98122",
"replay_id": "TGR-2026-00001472",
"dal_ref": "DAL-2026-001245",
"root_hash": "sha256:7cc4b1..."
},
"policy": {
"policy_bundle": "FAGF-2026.2",
"federation_profile": "buyer_standard_assurance_v1",
"redaction_profile": "standard_federation"
},
"proof": {
"type": "Ed25519Signature2020",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:zayaz:ECO-A123#trustgate-key",
"jws": "PENDING_SIGNATURE"
}
}

15. EGFS Federation Message

{
"federation_id": "FED-2026-00001472",
"source_eco": "ECO-A123",
"target_eco": "ECO-B456",
"payload_type": "trust_attestation",
"payload_hash": "sha256:f91c35b6f21c...",
"dal_ref": "DAL-2026-001245",
"timestamp": "2026-06-25T13:42:00Z",
"signature": "PENDING_SIGNATURE",
"verified": false
}

The EGFS message carries the transport metadata, while the federation package contains the assurance payload.


16. Federation Import Verification Result

{
"verification_id": "TGFV-2026-00001472",
"federation_package_id": "TGFX-2026-00001472",
"source_eco": "ECO-A123",
"target_eco": "ECO-B456",
"signature_valid": true,
"did_valid": true,
"dal_ref_valid": true,
"replay_ref_present": true,
"schema_valid": true,
"policy_compatible": true,
"decision": "ACCEPT",
"verified_at": "2026-06-25T13:42:09Z"
}

17. Export Event

{
"event_type": "trustgate.federation.exported",
"federation_package_id": "TGFX-2026-00001472",
"exchange_type": "TRUST_ATTESTATION_EXPORT",
"source_eco": "ECO-A123",
"target_eco": "ECO-B456",
"engine_cmi": "vera.TG-FED.ENGINE.EXPORTER.1_0_0",
"timestamp": "2026-06-25T13:42:00Z"
}

18. Import Event

{
"event_type": "trustgate.federation.imported",
"federation_package_id": "TGFX-2026-00001472",
"source_eco": "ECO-A123",
"target_eco": "ECO-B456",
"verification_status": "verified",
"engine_cmi": "vera.TG-FED.ENGINE.EXPORTER.1_0_0",
"timestamp": "2026-06-25T13:42:09Z"
}

19. Conflict Event

{
"event_type": "trustgate.federation.conflict",
"conflict_id": "TGFC-2026-00001472",
"federation_package_id": "TGFX-2026-00001472",
"source_eco": "ECO-A123",
"conflict_type": "DAL_REFERENCE_MISMATCH",
"severity": "critical",
"requires_review": true,
"timestamp": "2026-06-25T13:43:01Z"
}

Federation conflicts must trigger review or quarantine depending on active policy.


20. DAL Integration

Federation exchange packages produce DAL anchor candidates.

{
"artifact_type": "FederationTrustPackage",
"artifact_id": "TGFX-2026-00001472",
"artifact_hash": "sha256:f91c35b6f21c...",
"engine_cmi": "vera.TG-FED.ENGINE.EXPORTER.1_0_0",
"meid": "MEID_TRUST_EXPORT_FEDERATION",
"exchange_type": "TRUST_ATTESTATION_EXPORT",
"created_at": "2026-06-25T13:42:00Z"
}

Outbound federation packages should not be sent externally until a DAL reference exists, unless provisional exchange is explicitly permitted.


21. Replay Behaviour

Federation package generation must be replayable.

Replay inputs include:

  • trust attestation;
  • DAL reference;
  • replay manifest;
  • federation profile;
  • redaction profile;
  • target audience;
  • policy context;
  • engine CMI.

Replay verification succeeds when:

Hash(FederationPackageoriginal)=Hash(FederationPackagereplay)Hash(FederationPackage_{original}) = Hash(FederationPackage_{replay})

Signature values may be excluded from deterministic replay if signing keys or timestamps rotate. The unsigned canonical payload hash remains the replay target.


22. Redaction and Disclosure

Redaction is mandatory for federation exchange.

The engine supports:

Redaction ProfileUse Case
internal_fullInternal tenant exchange only.
standard_federationBuyer/supplier exchange.
auditor_detailedAuditor evidence package.
regulator_readonlyRegulator verification package.
public_minimalPublic proof without sensitive details.

Redaction must be deterministic and replayable.


23. AI / DSAIL Integration

Federation outcomes are high-value AI feedback events.

DSAIL may consume:

  • federation verification failures;
  • federation conflicts;
  • repeated source ECO issues;
  • delayed synchronization;
  • redaction mismatch rates;
  • rejected inbound attestations;
  • Carbon Passport trust discrepancies.

AI may recommend:

  • increased sampling;
  • federation trust decay;
  • supplier review;
  • policy adjustment;
  • routing changes.

AI may not override federation verification results.


24. AII Integration

Federation exchange metrics contribute to AII.

{
"eco_number": "ECO-A123",
"period": "2026-Q2",
"federated_attestations_exported": 3912,
"federated_attestations_imported": 1440,
"federation_verification_rate": 0.997,
"federation_conflict_rate": 0.003,
"avg_export_latency_seconds": 2.4,
"avg_import_verification_latency_seconds": 1.1
}

25. Failure Handling

FailureSeverityAction
Missing attestationCriticalAbort
Missing federation profileCriticalAbort
Missing redaction profileCriticalAbort
Missing target ECOCriticalAbort
Invalid source DIDCriticalAbort
Signature verification failedCriticalReject import
DAL reference invalidCriticalReject or review
Replay reference missingWarningPolicy-dependent
EGFS unavailableWarningQueue export
AFLE unavailableWarningQueue export
Redaction failureCriticalAbort
Policy incompatibilityCriticalReject or review

The engine must fail closed for external exports and inbound verification failures.


26. Observability Metrics

MetricDescription
tg_federation_export_totalFederation packages exported.
tg_federation_import_totalFederation packages imported.
tg_federation_verified_totalSuccessfully verified imports.
tg_federation_rejected_totalRejected federation packages.
tg_federation_conflict_totalFederation conflicts.
tg_federation_redaction_totalRedaction operations.
tg_federation_export_latency_secondsExport latency.
tg_federation_import_latency_secondsImport verification latency.
tg_federation_queue_depthPending federation operations.

27. Performance Targets

MetricTarget
Export package creation latency< 150 ms
Import verification latency< 250 ms
Redaction latency< 100 ms
Signature preparation latency< 100 ms
Throughput5,000 federation packages/min per worker pool
Replay determinism100% for canonical payloads
Availability99.95%

28. Security Requirements

The engine must:

  • verify all inbound identities;
  • verify inbound signatures;
  • enforce redaction before export;
  • prevent raw payload leakage;
  • validate target ECO permissions;
  • enforce federation profiles;
  • bind packages to DAL references;
  • record MEID and CMI in all outputs;
  • reject unverifiable inbound packages;
  • log all import/export operations;
  • support key rotation and DID verification method updates.

29. Compliance Alignment

FrameworkFederation Exchange Contribution
CSRDEnables verifiable cross-organization assurance evidence.
ESRSSupports supply-chain data quality and traceability.
ISSB / IFRS S1-S2Supports investor-grade external sustainability data assurance.
ISO 14064-1Supports GHG evidence exchange and verification.
ISO 27001Supports secure exchange, identity, and access controls.
EU AI ActPrevents AI from overriding federation verification.
W3C DID / VCSupports decentralized identity and verifiable credentials.
Gaia-XSupports federated trust and data sovereignty patterns.

30. Developer Implementation Notes

Developers should implement the Federation Exchange Engine as a policy-driven exchange gateway.

Recommended design:

  • federation profile resolver;
  • target audience resolver;
  • redaction engine;
  • federation package builder;
  • DID resolver;
  • signature verifier;
  • DAL proof verifier;
  • AFLE adapter;
  • EGFS transport adapter;
  • import verification workflow;
  • conflict detector;
  • queue and retry manager;
  • AII telemetry publisher;
  • DSAIL feedback publisher.

The engine must keep transport concerns separate from assurance payload concerns.


31. Summary

The TrustGate Federation Exchange Engine makes TrustGate assurance artifacts portable across the ZAYAZ federation.

It ensures that trust attestations, Carbon Passport references, DAL proofs, replay references, and assurance bundles can be exchanged between ECO entities while preserving identity, integrity, replayability, governance, and privacy.

No TrustGate assurance artifact should be exchanged across ECO boundaries unless it has been processed by this engine or an equivalent FAGF-authorized federation workflow.




GitHub RepoRequest for Change (RFC)