Cornerstone ID — Schema Documentation¶

Table of Contents¶

1. About this Document
1.1 Version History
2. Schema Overview
2.1 Attribute Summary
3. Schema Definition
3.1 Attributes
4. Data Source Requirements
4.1 Identity Verification Sources
4.2 Evidence Requirements
4.3 Data Currency
5. Status Management
6. Design Rationale
7. Governance
8. Implementation References

1. About this Document¶

This document defines the Cornerstone ID schema — a structured data model for the foundational person-level identity credential in the Cornerstone Network. It is intended for governance reviewers, schema implementers, credential issuers, and verifier application developers evaluating whether this schema meets their requirements.

The Cornerstone ID schema captures verified identity attributes for an individual, serving as the base credential that all other Cornerstone credentials reference via cornerstone_id. It contains only what it uniquely attests to — verified identity — with no role, property, employment, or derived data.

1.1 Version History¶

Ver.	Date	Notes	Author(s)
1.0	18-Mar-2026	Rewritten as schema documentation; governance body perspective	Mathieu Glaude
0.9	26-Feb-2026	JSON-LD format; replaced `birthdate_dateint` with ISO 8601 `birthdate`; removed `fsa_code`; added `verified_phone` and `cornerstone_user_id`	Mathieu Glaude

↑ Back to top

2. Schema Overview¶

The Cornerstone ID schema defines the data structure for the foundational identity credential in the Cornerstone Network. Every participant holds a Cornerstone ID, which is referenced by all other credentials in the ecosystem via the cornerstone_id attribute. This schema captures only verified identity — no role, property, employment, or derived data is included. Selective disclosure is handled via BBS+ data integrity cryptosuites at the credential layer.


Schema:	Cornerstone ID v1.0
Format:	W3C Verifiable Credentials (JSON-LD)
Governance Body:	Cornerstone Network
Schema URI:	`https://trustinfrastructure.com/cornerstone/schemas/cornerstone-id.json`

2.1 Attribute Summary¶

#	Name	Attribute	Data Type	Required
001	Given Names	`given_names`	String	Yes
002	Family Name	`family_name`	String	Yes
003	Date of Birth	`birthdate`	String (date)	Yes
004	Verified Email	`verified_email`	String	Yes
005	Verified Phone	`verified_phone`	String	Yes
006	Postal Address	`postal_address`	JSON object	No
007	Cornerstone User ID	`cornerstone_user_id`	String (UUID)	Yes
008	Identity Evidence	`identity_evidence`	String / URI	Yes

↑ Back to top

3. Schema Definition¶

3.1 Attributes¶

Given Names (001)

Attribute	`given_names`
Description	Legal given names, may include middle names.
Data Type	String
Required	Yes
Examples	`John Michael`

Family Name (002)

Attribute	`family_name`
Description	Legal family name / surname.
Data Type	String
Required	Yes
Examples	`Smith`

Date of Birth (003)

Attribute	`birthdate`
Description	Date of birth in ISO 8601 format. Replaces the earlier `birthdate_dateint` integer format used for AnonCreds ZK proofs.
Data Type	String (YYYY-MM-DD)
Required	Yes
Examples	`1985-06-21`

Verified Email (004)

Attribute	`verified_email`
Description	Email address verified via OTP during onboarding.
Data Type	String
Required	Yes
Examples	`john.smith@example.com`

Verified Phone (005)

Attribute	`verified_phone`
Description	Phone number verified through Interac or SMS OTP.
Data Type	String
Required	Yes
Examples	`+1-604-555-0123`

Postal Address (006)

Attribute	`postal_address`
Description	Residential or mailing address from the identity verification source. Includes `street_address`, `locality`, `region`, `postal_code`, `country`.
Data Type	JSON object
Required	No
Examples	`{"street_address": "123 Main St", "locality": "Vancouver", "region": "BC", "postal_code": "V6B 1A1", "country": "CA"}`

Cornerstone User ID (007)

Attribute	`cornerstone_user_id`
Description	Platform-generated opaque identifier. Does NOT encode role information.
Data Type	String (UUID)
Required	Yes
Examples	`550e8400-e29b-41d4-a716-446655440000`

Identity Evidence (008)

Attribute	`identity_evidence`
Description	UUID or URI referencing the identity verification evidence record — includes verification source(s), author, and date. Retained five years for regulatory compliance.
Data Type	String / URI
Required	Yes
Examples	`urn:uuid:a1b2c3d4-e5f6-7890-abcd-ef1234567890`

↑ Back to top

4. Data Source Requirements¶

Credentials issued under this schema are expected to draw from the following authoritative sources.

4.1 Identity Verification Sources¶

Only high-assurance identity verification sources are accepted:

Interac Bank Verification Service — Canada-wide, high-assurance through banking relationships
BC Person Credential — British Columbia provincial digital identity credential

If a holder verifies through multiple sources, the evidence array contains multiple objects documenting each source.

4.2 Evidence Requirements¶

Each evidence object in the credential's evidence array must include:

Field	Description	Required
`type`	Type of evidence (e.g., "IdentityProofing")	Yes
`method`	Verification method (e.g., "InteracBankVerification")	Yes
`verificationDate`	ISO 8601 timestamp of verification	Yes
`matchFields`	Array of verified fields (e.g., ["name", "dob"])	Yes
`recordLocator`	Reference to stored evidence record (UUID or URI)	Yes
`verifier`	Entity performing verification (e.g., "Interac Corp.")	Yes

Forbidden in evidence: Assurance level indicators, role or persona indicators, property or employment references, derived predicates.

4.3 Data Currency¶

A credential reflects the state of identity verification at issuance time.
Identity changes (name change, contact updates) require revocation and re-issuance.
Expiration period: 3–5 years after issuance (per operational policy).
Evidence is retained for five years in compliance with FINTRAC requirements.

↑ Back to top

5. Status Management¶

This schema requires credentials to implement W3C Bitstring Status List v1.1 for lifecycle management, with separate bitstrings for revocation and suspension.

Event	Action	Status Handling
Identity verified	Issue credential	Index set to 0 (valid)
Account closed	Revoke	Revocation bit = 1 (permanent)
Fraud detected	Revoke	Revocation bit = 1 (permanent)
Investigation pending	Suspend	Suspension bit = 1 (reversible)
Investigation cleared	Reinstate	Suspension bit = 0
Identity change (name)	Revoke + re-issue	Old revoked; new credential index = 0
Verification source expired	Revoke + re-issue	Old revoked; new credential index = 0

Cascade rule: The Cornerstone ID is the foundational credential referenced by all others. When revoked, the platform operationally reviews and revokes all dependent credentials: Home Credentials, Professional Credentials, Accreditation Credentials, Portfolio Issuer Credentials, and PAACs.

↑ Back to top

6. Design Rationale¶

birthdate (ISO 8601) replaces birthdate_dateint: The integer format (YYYYMMDD) supported AnonCreds ZK predicate proofs. Since this ecosystem uses W3C JSON-LD format exclusively, selective disclosure is handled via BBS+ data integrity cryptosuites. Standard ISO 8601 dates are appropriate.

fsa_code removed: Forward Sortation Area existed for AnonCreds geographic predicates. In JSON-LD with BBS+ selective disclosure, verifiers can derive FSA from postal code when needed.

Email+Phone OTP verification path removed: Only two high-assurance sources are accepted — Interac Bank Verification and BC Person Credential — simplifying the assurance model.

Foundational credential principle: Following the vLEI model, the most mature production credential ecosystems use minimal foundational identity credentials. The Cornerstone ID contains only what it uniquely attests to — verified identity — enabling all other credentials to reference it rather than duplicating identity claims.

Forbidden data: This schema explicitly excludes property/homeownership data, employment/professional data, role/persona information, predicates, assurance level indicators, and financial data. These belong in domain-specific credential schemas.

↑ Back to top

7. Governance¶

Governance Body: Cornerstone Network
Schema Owner: Cornerstone Network
Review Cycle: Annual, or upon breaking schema changes
Change Process: Schema updates follow a change-managed governance process to ensure interoperability across all adopting organizations
Evidence Retention: Five years (FINTRAC compliance)

Schema Versioning¶

Level	Change Type	Example
Major (v1 → v2)	Breaking changes	Removing attributes, changing data types
Minor (v1.0 → v1.1)	Backward-compatible additions	New optional attributes
Patch (v1.0.0 → v1.0.1)	Non-breaking fixes	Documentation updates

↑ Back to top

8. Implementation References¶

Reference	Value
Technical Format	W3C Verifiable Credentials Data Model (JSON-LD)
Schema URI	`https://trustinfrastructure.com/cornerstone/schemas/cornerstone-id.json`
Context URLs	`https://www.w3.org/ns/credentials/v2` `https://trustinfrastructure.com/cornerstone/contexts/cornerstone-id-v1.0.json`
Schema Registry	`https://trustinfrastructure.com/cornerstone/schemas/`
Governance Doc	`https://openpropertyassociation.ca/credential-governance/cornerstone-id/`

Required Envelope Fields¶

Credentials issued under this schema must include: - issuer — DID of the issuing organization (must be Cornerstone Network DID) - validFrom and validUntil — temporal bounds (3–5 year expiration) - credentialSchema — reference to this schema - credentialStatus — revocation and suspension bitstring entries - evidence — at least one evidence object documenting the identity verification

Credential Relationships¶

Relationship	Credential
Prerequisites	None (foundational credential)
Referenced by	Home Credential, Professional Credential, Accreditation Credential, Portfolio Issuer, PAAC

↑ Back to top