How to decentralize identity management - an outline
Let’s go through what’s going on in Figure 1 starting with the first user node on the left. See the key terms below if you get lost
A user makes a personally identifying transaction (pid-tx), which represents the node’s consent to a release of pid to a provider with the assistance of an intermediary called a certifier.
The protocol pushes a notice to the provider requesting access to the user’s pid, and a set of possible certifiers of the pid.
Provider’s are entities wishing to obtain access to the pid_tx content. Certifiers are entities in possession of the ability to testify that the pid_tx was in fact issued by, owned by, or generated by the user.
The providers that received the user pid_tx notification should issue an acknowledgement transaction, which acknowledges the presence of their user’s alleged pid in the pid-tx. In the event that there is only one user, the provider will reference only one transaction. In the event that there are many, the provider will reference at most K pid_txs. The provider’s transaction is a representation of their commitment to compensate at a certain amount any possible certifiers for the validation of a user’s pid_tx.
In the presence of an acknowledgement transaction, the protocol should prompt certifiers that received the pid_tx notification to issue their own acknowledgement transaction acknowledging the presence of a user’s pid_tx for which they can offer validation, and the provider’s commitment to fulfil an obligation to the certifier upon receipt of valid pid.
The protocol should subscribe the user to providers and certifiers that approve the user’s original pid_tx. Upon notification of an outstanding negotiation on the pid_tx, the protocol should prompt the user to issue a new consent transaction that approves the certifier’s and the provider’s acknowledgement transactions. The user’s consent transaction represents the user’s consent to the transfer between a provider and a certifier of information pertaining to the user’s identity.
If the user approves of the provider’s and certifier’s acknowledgement transactions, then the protocol should prompt the provider to initiate finalization with a negotiation transaction that approves the certifier’s acknowledgement transaction and the user’s consent transaction. Next, the protocol should prompt to make a certification transaction, which approves of the user’s consent transaction and the provider’s negotiation transaction.
If the certifier makes a certification transaction, then the protocol should prompt the provider to make a closing transaction, which approves the user’s consent transaction and the certifier’s certification transaction.
User - a node in the network that wishes to reveal personally identifying data (pid)
Provider - a node in the network that wishes to obtain a user’s pid.
Certifier - a node in the network that both the user and the provider trust to provide reliable metadata on the user.
Personally identifying transaction (pid-tx) - a transaction representing the identity of the node
Acknowledgement transaction - a transaction representing the acknowledgement by an entity of a pid-tx by either an approver or a certifier.
Outstanding negotiation - the state of affairs in which an approver and a certifier have both issued acknowledgement transactions, and the user is notified and prompted to provide a consent transaction.
Consent transaction - a transaction representing the user’s consent to an outstanding negotiation on the user’s pid_tx.
Negotiation transaction - a transaction made by a provider representing the provider’s acceptance of the certifier as an authority for the provider’s target pid_tx.
Certification transaction - a transaction made by a certifier representing the certifiers acceptance of the terms of the provider’s acknowledge transaction, negotiation transaction, and the user’s pid_tx.
Closing transaction - a transaction made by a provider representing the provider’s acknowledge of receipt of the pid.