Policies define how the identity works and how it can be used.

policy_leaf = H(
policy_id,
scope,
condition,    // compact form, e.g. CEL / DSL / bytecode hash
effect
)

policies_root = MerkleRoot(
sorted_by(policy_id, [policy_leaf_1, policy_leaf_2, ...])
)

Policies are stored as:

policy = {
rule_type,
target,
conditions,
proof_requirements
}

Policies are:

• cryptographically verifiable
• enforced locally by the OS
• never visible to apps
• part of the abstract identity state

Policies define who is allowed to ask for what.

Policy {
policy_id
scope           // attribute | proof | app | jurisdiction
condition       // machine-readable rule
effect          // allow | deny | require_consent | require_mfa
}

Instead of apps seeing raw data, they request proofs that are gated by policies.

Examples:

• “Bank X can request: age >= 18, residency.country = PT.”
• “Game Y can request: age >= 16 only with explicit user consent.”
• “Employer Z can verify: has_degree[type=BSc] from specific institutions.”

Policies live in a Policy Tree inside the Vault:

policies_root = MerkleRoot([
    leaf(policy_1),
    leaf(policy_2),
    ...
])

Each policy entry can include: