Skip to main content
Uniplex defines three trust profiles that let you scale security based on your needs.

Overview

ProfileWhen to UseKey Requirements
L1 BaselineDev/test, low-risk readsSelf-issued allowed (if enabled)
L2 StandardProductionTrusted issuers + theft/replay protections
L3 StrictHigh assurance / multi-tenantAll L2 + no implicit trust + hardened controls

L1 Baseline

The simplest profile for getting started. 
from uniplex import Gate, TrustProfile

gate = Gate(profile=TrustProfile.L1)
Checks performed:
  • ✓ Signature verification
  • ✓ Expiration check
  • ✓ Issuer policy
  • ✓ Permission check
Use for:
  • Local development
  • Testing
  • Low-risk read operations
L1 allows self-issued passports if explicitly enabled. Do not use L1 in production for sensitive operations.

L2 Standard

The production-ready profile with anti-theft protections. 
from uniplex import Gate, TrustProfile

gate = Gate(
    profile=TrustProfile.L2,
    policy={
        "allowed_issuers": ["issuer:acme"]
    },
    require_pop=True
)
Additional checks:
  • ✓ Nonce/replay protection
  • ✓ Target verification (canonicalized)
  • ✓ Resource scope check
  • ✓ Revocation check (optional)
Use for:
  • Production APIs
  • Internal tools
  • Most real-world deployments

L3 Strict

The highest assurance profile for sensitive environments. 
from uniplex import Gate, TrustProfile

gate = Gate(
    profile=TrustProfile.L3,
    policy={
        "allowed_issuers": ["issuer:acme"]
    },
    require_pop=True
)
Additional checks:
  • ✓ Proof of Possession (PoP)
  • ✓ Mandatory revocation checks
  • ✓ Delegation chain verification
  • ✓ Canonical JSON required
Use for:
  • Multi-tenant environments
  • Financial transactions
  • Healthcare/compliance workloads

Choosing a Profile

Migration Path

Start with L1 in development, then move up:
  1. L1 — Get your integration working
  2. L2 — Add trusted issuers and anti-theft protections
  3. L3 — Add PoP and strict revocation for sensitive operations
from uniplex import Gate, TrustProfile

# Start here
gate = Gate(profile=TrustProfile.L1)

# Move to production
gate = Gate(profile=TrustProfile.L2)

# High assurance
gate = Gate(profile=TrustProfile.L3)