Platform architecture.
WRK is workforce identity infrastructure. The platform is composed of seven cooperating layers — from canonical identity to federation, assurance, and autonomous workforce identity — designed to be consumed by enterprises, workforce software platforms, and access ecosystems.
▸L01/Identity Core
Canonical identityPersistent, globally unique workforce identity.
Every participant in a workforce ecosystem is issued an immutable canonical identity. Humans, organizations, devices, and autonomous agents each carry a permanent reference that systems can resolve, attach metadata to, and federate against.
▸L02/Namespace Engine
Custom enterprise IDsEnterprises issue their own identity formats.
Organizations need their own numbering and naming systems. WRK provides a namespace engine where customers define identity formats and attach them as display aliases to the canonical identity beneath.
One human = one canonical identity = many namespace aliases. Aliases always map back to canonical. Canonical never changes.
▸L03/Identity Assurance
Trust tiersEvery identity carries a verified assurance level.
Trust, assurance, and identity continuity across workforce ecosystems.
Identities created across organizations are reconciled to a single canonical record. Three tiers let enterprises balance speed with trust — from operational namespace identities to biometrically deduplicated identities at the network level.
Basic
Namespace identity created and managed by the customer. Useful for low-risk operational populations.
Verified
Document verification and administrator validation. The canonical identity is reconciled across organizations.
Biometrically Assured
Face-based deduplication powered by AI.CAM. Prevents duplicate humans across the entire WRK network.
When the same human is created across organizations — say, a contractor working a port and a factory — assurance workflows reconcile their identities into one canonical record. Aliases are preserved; the underlying identity is unified.
▸L04/Federation APIs
Workforce softwareIdentity from any workforce platform.
Workforce software platforms consume WRK identity through a federation API surface. Issue, look up, verify, suspend, and transfer identities — all from inside the software your customers already use.
▸L05/Access Federation
Operational systemsIdentity into access and attendance.
Operational systems that gate physical and digital workplaces can consume WRK identity as the canonical reference for who is allowed where. One identity, every system, every site.
▸L06/Verification
Portable trustTrust that travels with the worker.
Verification workflows let any party confirm a workforce identity, its assurance tier, and its current operational state — without rebuilding the verification stack for every system.
- · Document verification workflows
- · Administrator validation
- · Network-wide deduplication
- · Continuous status checks
- · Audit trail of identity events
▸L06.5/Workforce Continuity
Cross-layer outcomeCanonical identity. Namespace aliases. Assurance tiers. One outcome.
The layers above don't operate in isolation. Together they produce workforce continuity — identity that persists across organizations, sites, engagements, and employers, even as aliases and assurance levels change around it.
Continuity is not a feature. It is the result of running canonical identity, namespaces, and assurance as a single infrastructure layer.
▸L07/Autonomous Workforce Identity
Forward-lookingIdentity for autonomous and digital workers.
Autonomous agents are entering the workforce. Procurement agents, support agents, dispatch agents, inspection agents. Each needs an identity that can be governed, audited, scoped, and revoked.
WRK extends its identity model to autonomous and digital workers — same canonical infrastructure, same federation, with a clear owner organization and explicit permissions.