iXBRL Data Value Attestation Schema

The vLEI ecosystem defines a comprehensive JSON Schema for iXBRL attestation credentials, identified by SAID EMhvwOlyEJ9kN4PrwCpr9Jsv7TxPhiYveZ0oP3lJzdEi. This schema specification demonstrates how KERI's cryptographic primitives can be applied to traditional business reporting standards.

Schema Structure

The iXBRL attestation credential follows the standard ACDC format with these top-level fields:

• v: Version string for ACDC format compatibility
• d: Self-addressing identifier (SAID) providing content integrity
• i: Issuer identifier (AID) of the attesting party
• ri: Credential status registry reference for revocation checking
• s: Schema SAID pointing to the credential schema definition
• a: Attributes block containing the attestation data
• e: Edge block for credential chaining to parent credentials

Attributes Section Detail

The attributes section (SAID: EDj-Pm8CNw80aA5djaobjhM__eFeAZIIkgo1-nfkB7M1) contains:

Report-Level Fields:

• dt: Signed date-time in ISO format indicating when attestation was made
• rd: Cryptographic digest of the entire signed iXBRL report

Facts Array (f): The most technically significant component is the facts array, where each object represents a signed fact from the iXBRL report:

• d: Digest of the fact value itself
• c: Context identifier within the iXBRL taxonomy
• co: Concept identifier defining what is being attested
• n: Namespace URI for the concept
• u: Unit of measure (if applicable)
• v: The actual value being attested

This granular structure enables attestations to specific data points within complex financial reports, rather than requiring attestation of entire documents. This supports selective disclosure principles where only relevant facts need be disclosed to specific verifiers.

Credential Chaining Architecture

In the vLEI implementation, XBRL attestation credentials chain to either:

1. OOR (Official Organizational Role) credentials - for official representatives of the Legal Entity
2. ECR (Engagement Context Role) credentials - for functional context roles

This chaining creates a verifiable chain of proof-of-authorship that links:

1. The Legal Entity (via LEI credential)
2. The Legal Entity vLEI Credential issued by a QVI
3. The authorized representative's role credential (OOR or ECR)
4. The specific XBRL report attestation

Each link in this chain is cryptographically verifiable back to KERI's root-of-trust, enabling end-to-end verifiable financial and regulatory reporting without relying on centralized certificate authorities.

Implementation and Testing Infrastructure

Demo Scripts

The KERIpy implementation includes demonstration scripts for the complete vLEI ecosystem, with issue-xbrl-attestation.sh specifically designed to issue all credentials in the chain proceeding down to an XBRL data attestation. This script demonstrates the practical integration of XBRL attestations within the KERI infrastructure.

Current Implementation Constraints:

• All participants in the credential chain must use single-signature AIDs
• Multi-signature configurations are not yet supported in the test setup
• Requires running witness infrastructure (kli witness demo)
• Depends on vLEI server components for credential verification

SEC Registration Pilot

The integration of XBRL with KERI infrastructure has been demonstrated in production-like environments through the SEC registration pilot system. This pilot showcases:

Load Testing Capabilities:

• Orchestration of complete KERI ecosystem on developer machines
• Multiple bank simulations using pre-configured AIDs and credentials
• Automated workflow testing through Jest:
  • Login using ECR credentials
  • Report submission with XBRL attestations
  • Credential verification through the vLEI infrastructure

Infrastructure Components:

• KERIA agent: Cloud-based KERI agent infrastructure
• Witness network: For key event witnessing
• vLEI server: Credential verification services
• Registry pilot API: Report submission endpoints
• Verifier service: Credential validation logic

This pilot demonstrates that XBRL attestations can be integrated into regulatory workflows, providing cryptographic proof of report authenticity and authorized submission.

Governance and Schema Management

vLEI Schema Registry Requirements

The vLEI Technical Requirements specification establishes normative requirements for XBRL attestation schemas within the broader credential ecosystem:

SAID-Based Schema Identification:

• Cryptographic strength of approximately 128 bits for digest algorithms
• Universal uniqueness across all schemas and versions
• Strong collision resistance ensuring content integrity
• CESR encoding for interoperability
• IETF-SAID specification compliance

JSON Schema Compliance: All vLEI credential schemas, including XBRL attestations, must:

• Conform to JSON Schema draft-07 or later
• Include schema SAIDs for cryptographic verifiability
• Support version control through SAID-based identification
• Enable immutable but composable schema definitions

Registry Functions: The schema registry for vLEI credentials provides:

• Centralized namespace management for GLEIF-governed schemas
• SAID-based schema retrieval and verification
• Version history and schema evolution tracking
• Interoperability guarantees across QVI implementations

Use Cases and Ecosystem Value

Fraud Prevention

The integration of XBRL with KERI's cryptographic infrastructure addresses the organizational fraud problem documented in vLEI research. Organizations lose approximately 5% of annual revenues to fraud, potentially representing $4.4 trillion globally. XBRL attestations backed by vLEI credentials provide:

• Non-repudiable attribution of financial data to specific authorized individuals
• Cryptographic proof that prevents impersonation
• Audit trails traceable to Legal Entity identifiers
• Elimination of analog verification processes

Regulatory Reporting

XBRL attestations enable:

• Automated compliance verification
• Reduced friction in cross-border reporting
• Real-time report validation
• Integration with existing regulatory systems while adding cryptographic verifiability

Interoperability

By combining XBRL's established business reporting taxonomy with KERI's decentralized key management infrastructure, the system achieves:

• Standards-based data exchange (XBRL)
• Cryptographic verifiability (KERI/ACDC)
• Decentralized trust (autonomic identifiers)
• Privacy-preserving disclosure (graduated disclosure)

Technical Architecture Integration

ACDC Foundation

XBRL attestations leverage the full ACDC specification, inheriting:

SAIDs and Content Addressing:

• Each attestation is self-addressing through its digest
• Report digests bind attestations to specific document versions
• Fact digests enable granular verification of individual data points

Graph Structure: ACDCs form labeled property graph fragments. XBRL attestations represent nodes in this graph with:

• Edges to parent role credentials (OOR/ECR)
• Edges to the attested report (via digest reference)
• Potential edges to related attestations

Graduated Disclosure:

• Compact disclosure: Presenting only SAIDs of attestations without revealing values
• Selective disclosure: Revealing specific attested facts while keeping others private
• Full disclosure: Complete attestation with all fact values

CESR Encoding

XBRL attestation credentials are encoded using CESR, providing:

• Text and binary domain interoperability
• Self-framing primitives for stream processing
• Composable encoding for complex credential structures
• Efficient serialization for network transmission

Key Event Log Integration

XBRL attestations are anchored to the issuer's KEL through:

• Signature attachments from the issuer's current key state
• Interaction events or rotation events containing attestation anchors
• Transaction Event Log (TEL) entries for issuance and revocation state

This anchoring ensures that:

• Attestations can be verified against current key state
• Revocation state is independently verifiable
• Historical attestations remain verifiable even after key rotation

Advanced Features and Future Directions

Percolated Discovery

The vLEI ecosystem employs percolated discovery for XBRL attestation verification, enabling:

• Bootstrap discovery via OOBI (Out-Of-Band Introduction)
• Speedy endpoint resolution without centralized registries
• Zero-trust verification model
• Scalable credential verification infrastructure

Multi-Tenant Architecture

The KERIA (KERI Agent in the cloud) architecture supports:

• Multiple habitats for different organizational roles
• Isolated keystores per AID
• REST API interfaces for credential operations
• Multi-signature threshold schemes (in development)

Chain-Link Confidentiality

XBRL attestations can leverage chain-link confidentiality to:

• Impose contractual restrictions on downstream disclosure
• Link confidentiality obligations across the disclosure chain
• Protect sensitive financial data while enabling verification
• Support regulatory compliance requirements

Community and Standards Development

KERI Community Coordination

Development of XBRL integration has been coordinated through:

• Bi-weekly KERI Community meetings chaired by Samuel M. Smith
• Implementation reports from KERIpy, KERIA, and SignifyTS teams
• Trust Over IP Foundation collaboration
• KERIWorld Slack workspace coordination

Standards Evolution

Key developments include:

• CESR specification updates for credential encoding
• ACDC specification refinements for attestation use cases
• IPEX (Issuance and Presentation Exchange) protocol development
• KRAM (KERI Request Authentication Method) for API security

GLEIF Partners Program

The May 2025 launch of GLEIF's Partners Program aims to accelerate adoption of both LEI and vLEI technologies, bringing together:

• Data and technology vendors
• Financial institutions
• Corporates
• Certification authorities
• Trust service providers

This program specifically targets advancing secure and transparent business interactions, with XBRL attestations representing a key technical capability for achieving these goals.

Conclusion

The integration of XBRL with KERI infrastructure represents a convergence of established business reporting standards with cutting-edge cryptographic identity and credential technologies. By applying KERI's autonomic identifier architecture and ACDC's verifiable data structure to XBRL reports, the vLEI ecosystem enables a new paradigm for organizational financial reporting:

• Cryptographically verifiable attribution of financial data
• Decentralized trust without dependence on certificate authorities
• Privacy-preserving through graduated disclosure mechanisms
• Standards-based leveraging existing XBRL taxonomies
• End-to-end verifiable from Legal Entity to specific data points

This represents a fundamental shift from trust-based to verification-based business reporting, with potential to significantly reduce fraud, improve regulatory compliance, and enable more efficient business processes globally.