Skip to content

Use cases

Three product narratives. One trust spine.

Supply chain trust, workforce federation, and European trust infrastructure are three stories on the same platform. Each pillar below is a section, not a separate product. The architecture underneath is shared.

Pillar A — Supply chain trust

Verifiable provenance from origin to scan.

Problem

Buyers and regulators ask where a product came from, who handled it, and whether anyone in the chain has been pulled. Today the answer is a PDF, a portal login, or silence.

Why now

EUDR, EU DPP, EU Battery, and the CRA push the question from policy paper to enforced fact. SBOM disclosure under CRA Article 13 is a deadline, not a memo.

Why Thoryn

One credential model spans goods and software. Status List 2021 propagates revocation in seconds. Audit replay holds up years later against the issuer key that signed the original.

How it shows up

  • Utilities

    Grid operators verify contractor credentials and equipment provenance before any field intervention. One scan, full chain back to the manufacturer.

  • Software vendors

    Sign your SBOM under your own Vault key. When a CVE lands, downstream verifiers see the revoked status in seconds, not next quarter.

  • Defence

    Track parts and software through subcontractor tiers without trusting any single supplier's word. Audit replays years later against historical keys.

  • Regulated manufacturing

    EUDR, EU DPP, and EU Battery readiness on one credential model. Buyer-side scan returns segregation evidence, not mass-balance allocation.

"When the next XZ lands, will your supply chain show 'unknown' or 'revoked'?"

Pillar B — Workforce federation

Connect once. Bring every employer with you.

Problem

A site lets 40 employers' crews through the gate. Each employer wants to keep its own identity store. No-one wants a shared user table, and nightly CSV sync was never an answer.

Why now

Multi-employer work patterns are the norm in utilities, ports, defence subcontracting, and agriculture. Entra and Okta were built for one-employer workforces and stop where federation starts.

Why Thoryn

OIDC + RFC 8693 token exchange across federation members. Tokens carry verified employer claims. No shared user table, no sync window, no per-tenant glue code.

How it shows up

  • DSO contractors

    Multi-employer crews verify training and qualifications at the gate. One federation hub; every employer keeps its own identity store.

  • Ports and airports

    Contractor and visitor identities resolve against the employer's IdP at scan time. No shared credential store, no nightly batch sync.

  • Defence contractors

    Cleared personnel move between primes without re-onboarding. Token exchange under RFC 8693 carries clearance claims across federation boundaries.

  • Hospitality, agriculture, logistics

    Seasonal and contracted staff log in via the agency that hired them. Workforce churn no longer means user-table churn.

"Connect once. Federate trust."

Pillar C — European trust infrastructure

The network underneath the EU credential stack.

Problem

A wallet relying-party must speak EUDIW today, ETSI Trusted Lists tomorrow, and OpenID Federation the day after. Most teams stitch this in three sprints and break it in four.

Why now

eIDAS 2.0 and the EUDI wallet are landing across member states. Ministries, QTSPs, and reference deployments need verifier and issuer surfaces that pass conformance now, not next year.

Why Thoryn

Vault Transit signing, Status List 2021 publication, and historical JWKS replay are platform primitives, not add-ons. Hosted on EU-sovereign infrastructure with no CLOUD Act exposure.

How it shows up

  • Ministries (EUDI relying party)

    Accept EUDIW credentials at any citizen-facing service. Conformant with ARF 1.4+ and tested against the NL plus EU reference wallets.

  • Qualified trust services

    QTSPs and TSPs run a Vault-signed credential pipeline against EU Trusted Lists. Revocation propagates through Status List 2021.

  • Long-tail audit infrastructure

    Auditors replay any verification years later against the historical JWKS. The audit chain remains valid through every key rotation.

  • Standards-body reference deployments

    Reference relying-party and issuer endpoints for OpenID Federation 1.0 and OID4VCI conformance suites. Run on EU-sovereign infrastructure.

"We build the network underneath."

Also on the same spine

Four more places programmable trust shows up.

These four read as evidence of the platform working in adjacent sectors. They are not separate routes; the platform underneath is the same one the three pillars describe.

  • Justice

    Body-cam AI-proof evidence

    Each clip carries a signed provenance chain from capture to court. Tampering or model-laundering invalidates the signature on the way in.

  • Higher Ed

    Microcredentials cross-border

    Diplomas and modules verify against the issuing university's key, in any member state. The trust registry handles cross-border resolution.

  • Public Sector

    Wallet relying-party for citizens

    Stand up an EUDIW-conformant verifier in a week. Selective disclosure enforced at the protocol layer; PII never leaves the user's wallet.

  • Defence

    Drone HBOM + Remote ID

    Hardware bill of materials plus signed Remote-ID identity per airframe. Verifiers correlate physical and credential identity in one pass.

Ready to pick a pillar?

Run the sandbox to see verification, signing, and replay in one session. Or talk to us about the pilot that fits your shape first.

Open the sandboxTalk to us