Human proofs + lemma.id demo
One lemma.id. A different private ID on every site.
A lemma.id is a passkey-protected proof wallet. No identity check is required to start — credentials stay on your device, and lemma.id keeps only the minimal derived linkage needed for issuance, recovery, and revocation. This walkthrough covers site-private PPIDs, signed presentations, human-proof escalation, temporary doubt, and persistent site revocation.
Stuck or mixing old state? Use Clear demo data above, close demo site tabs, then start again.
1. Create your lemma.id
A passkey-protected proof wallet. This proves continuity with this wallet — not a unique human. Sites ask it for signed presentations at whatever assurance level their policy requires.
Your lemma.id is a proof container only you control. Sites can't read it; all they can do is ask it for site-private proofs.
Passkeys and seeds never leave your device. Routine site checks run locally; lemma.id does not observe your browsing on relying sites.
2. Mint site-private PPIDs
Same lemma.id, but each hostname gets a different private ID. The presale demo binds that PPID to a one-code-per-fan ledger — fresh passkey required at code unlock. Open the Heroku demos below to see the contract on separate origins.
This is the whole integrator loop: the site declares the assurance it requires, your lemma.id mints a site-private proof, and the site verifies it offline. Neither site sees your real identity, and neither can see the other site's ID.
SaaS trial demo site
Same lemma.id. Different private IDs.
Ticketing and Trials receive different identifiers, even though both proofs come from the same lemma.id.
Proof receipt
3. Inspect signed presentations
Each site receives a signed presentation your backend can verify offline. This is what relying sites store and re-check — not government ID, email, or cross-site identifiers.
Verify both sites in step 2 to inspect their presentations here.
View complete presentation JSON
{}
Backend verify summary
4. Escalate to human proof
Raise ticketing policy from passkey to ishuman. A valid passkey presentation becomes insufficient; after IDV the same PPID returns with stronger assurance.
Ticketing assurance policy
Policy escalation only — no doubt or revocation yet.
Complete human proof step-up
One identity check in the Lemma popup. Site-private IDs stay the same.
Passkey-only wallet
Valid presentation, but policy now requires human proof.
Would denyAfter human proof
Same PPID, stronger assurance tier.
Would acceptSame site-private ID after step-up
Assurance: —
5. Doubt and site revocation
Doubt is a temporary fresh-proof challenge. Revocation is a persistent site block. Trials stays independent throughout — there is no network-wide ban list.
Challenge with doubt (ticketing)
Creates a site-scoped doubt. The next verify returns doubt_required; resolve it with a deliberate fresh proof.
No active doubt on ticketing.
Revoke on ticketing
Persistent site block. Fresh verification does not clear site_blocked.
Check both sites again
Confirm ticketing enforcement is site-scoped and trials remains valid.
| Site | Result | Reason |
|---|---|---|
| Ticketing | — | — |
| Trials | — | — |
Advanced: operator tools & integrator reference
Manual verification, admin-gated SiteDoubt step-up, ops smoke checks, and operator debug. The main demo flow above covers the product story; this panel is for integration testing.
Manual site verification
Verify one site at a time or both together without leaving the hub.
Admin: legacy SiteDoubt step-up
Creates a SiteDoubt row via admin token. The main flow uses /api/demo/ishuman/site-doubt and client-side policy toggles instead.
Raise ticketing policy
Complete step-up
Same site-private ID after step-up (advanced)
Relying-site demos
Reserve a ticket or start a trial on separate origins. Each site verifies the signed presentation on its own backend.
Reset demo
Clear your lemma.id and demo caches so you can run the full flow again from a clean state.
Operations Check
Run the full lemma.id lifecycle and see pass/fail evidence for each operation. Passkey and IDV steps require manual interaction in this browser.
{}
Assurance tiers
passkey
- Continuity tier; not Sybil-resistant alone.
- Fast unlock; no IDV required.
- Site verifies a signed presentation offline.
Human proofs ishuman
- Enforcement tier: one verified human per account.
- Same PPID. The assurance tier changes, not the account.
- Completed via IDV when the site policy demands it.
Integration snippet
Start with passkey assurance for private continuity; raise to human proofs only when your site policy requires one verified human.
Last verify: —