--- title: "About the Institute" description: "The Institute of Provenance is organized as a 501(c)(6) nonprofit standards and research organization that operates the root certificate authority, governs the XION standard, and publishes applied research." url: https://instituteofprovenance.org/about source: Institute of Provenance --- # About the Institute The Institute of Provenance is organized as a 501(c)(6) nonprofit standards and research organization that operates the root certificate authority, governs the XION standard, and publishes applied research in digital provenance and data attribution. ## Our Role The Institute exists for one reason: to be the entity that every participant in the content trust ecosystem can rely on to never have a commercial motive to compromise the root. We do not sell software. We do not compete with anyone building on the standard. We hold the root certificate authority, govern the XION specification, publish applied research, and administer the trust hierarchy that makes verifiable digital provenance possible. The Institute defines _what_ content trust means. Implementers deliver _how_ you use it. ## Guiding Principles ### Neutral by Design Organized as a 501(c)(6) standards and research organization with no commercial products. The root of trust must be held by an entity whose only incentive is the integrity of the ecosystem. ### Open Standard, Protected Name The XION patent and trademark exist not to restrict adoption, but to ensure the standard remains coherent and interoperable. The Institute governs the specification; implementations are open. ### Offline Root, Short-Lived Leaves The root CA is never exposed to online systems. Leaf certificates are valid for hours, not years. Even a worst-case key compromise is measured in hours, not decades. ### Self-Verifying Artifacts Every signed artifact carries its own proof. You do not need to call home, check a database, or trust a third party. The math verifies itself. ## The Trust Hierarchy The Institute operates a hierarchical certificate system purpose-built for content attribution. At the top is the **Institute of Provenance Root CA**, a self-signed Ed25519 certificate managed with strict key ceremony procedures and never connected to a network. Certified Orbital operators receive **intermediate certificates** signed by the Root CA, allowing them to issue short-lived leaf certificates to content creators and services within their organizations. Each intermediate is scoped to certificate issuance and record authority functions. **Leaf certificates** are typically valid for hours to a single day. They are issued on-demand and used for content signing. Short lifetimes mean that even in a worst-case key compromise, the blast radius is contained. Revocation state is maintained in a Sparse Merkle Tree, enabling cryptographic proofs that a certificate has or has not been revoked, without trusting the server. ## What the Institute Governs ### Root Certificate Authority The self-signed Ed25519 root that anchors the entire certificate hierarchy. Managed offline with formal key ceremony procedures. ### XION Specification XI Object Notation, the patent-pending content format that embeds cryptographic trust blocks directly in digital artifacts. ### Certified Orbital Program The process by which organizations receive intermediate certificates and become authorized operators in the trust network. ### Cryptographic Primitives The mandated set of algorithms: Ed25519 for signatures, BLAKE3 for content hashing, X.509 for certificate wrapping, and Sparse Merkle Trees for verifiable state. ### Trust Block Schema The structure of the embedded proof: content hash, signature, public key, key ID, full certificate chain, timestamp, and signing context. ### Interoperability Requirements Ensuring that any system, from any implementer, can produce, verify, and consume XION artifacts. The standard is not defined by a single implementation.