I’ve published the first public demo of OpenVPT.
The goal of this demo is simple:
to show how a platform can verify that an account belongs to a real person
and meets an age requirement — without learning who that person is.
This demo simulates the full OpenVPT flow:
platform → issuer → token → verification
What the demo shows
The demo walks through a realistic verification scenario:
- The platform creates a verification request (audience, nonce, state)
- An issuer issues a cryptographically signed OpenVPT token
- The platform verifies the token locally using the issuer’s public key
No identity data is shared at any point.
The platform only learns:
- that the user is a verified person
- that the user belongs to a specific age group (e.g. 16+, 18+)
Nothing more.
What the demo intentionally does NOT do
This demo is a conceptual and technical demonstrator.
It is NOT:
- a production-ready identity provider
- a digital wallet implementation
- a governance or trust framework
It exists to demonstrate the OpenVPT standard mechanics — not to prescribe who issues tokens or how trust is regulated.
Why this matters
Most platforms do not need identity.
They need assurance.
OpenVPT is designed as a privacy-preserving middle layer between full anonymity and full legal identity.
It allows platforms to:
- reduce bots and fake accounts
- enforce age restrictions
- stay compliant with privacy principles
without collecting personal data they don’t need.
Who I’m looking for feedback from
I’m especially interested in feedback from:
- Trust & Safety teams
- Identity and security architects
- Platform product managers
- People working with eIDAS 2.0 / EUDI Wallets
You can explore the demo here:
👉 https://openvpt.dev/demo
The draft specification is available on GitHub:
👉
https://github.com/openvpt/openvpt-standard
This is a Public Working Draft — feedback is welcome.