The MCPF standard defines a practical trust vocabulary for MCP ecosystems: identities, issuers, credentials, registries, and revocation.
An MCP server is addressable by a DID. DIDs enable verification of controller keys and rotation over time.
VCs describe facts you can rely on: ownership, hosting environment, audit status, assurance level, “allowed capabilities”, and more.
A registry lists servers, manifests, issuers, and revocations — allowing clients to discover and filter by policy.
Trust must be reversible. The framework includes patterns for revoking credentials and marking servers as deprecated or blocked.
The authoritative spec is maintained in GitHub repositories under the MCPTrustFramework organization.
Want to contribute? Start with issues and pull requests, and keep changes backward-compatible whenever possible — stability is a feature.