Identity and Verification

Overview

Identity within Soulverse is established through verifiable credentials issued by trusted sources. These credentials attest to specific attributes or qualifications without requiring the holder to disclose underlying personal data.

Verification confirms that a credential is valid, current, and issued by an authorized source. It does not require access to centralized identity databases or direct communication with the credential issuer at the time of verification.

Credential structure

Credentials contain claims about the identity holder, issued by an entity with authority to make such claims. The structure includes the claim itself, metadata about issuance, and cryptographic proof of authenticity.

Claims are specific and scoped. A credential attests to particular attributes rather than establishing complete identity. Multiple credentials can be combined to establish identity sufficient for a given context.

Metadata includes the issuer, issuance date, expiration, and any conditions under which the credential remains valid. This information supports verification without requiring additional context.

Verification process

Verification confirms three aspects: the credential was issued by the claimed issuer, it has not been altered since issuance, and it remains valid according to its defined lifecycle.

Cryptographic signatures ensure authenticity and integrity. The verifier checks that the signature corresponds to the issuer's public key and that the credential content matches the signed data.

Validity checks confirm that the credential has not expired, has not been revoked, and meets any conditions specified in its metadata. These checks occur without requiring direct issuer contact.

Privacy considerations

The identity holder controls when and to whom credentials are presented. Presentation does not require disclosure of information beyond what is necessary for the specific verification.

Selective disclosure allows holders to reveal only specific claims from a credential rather than the complete set. Zero-knowledge proofs can demonstrate that conditions are met without revealing the underlying data.

Verification does not create linkable identifiers across different contexts unless the holder chooses to present the same credential to multiple verifiers. Systems can be designed to minimize correlation.

Issuer responsibility

Issuers are responsible for verifying the accuracy of claims before credential issuance. The trust model depends on verifiers trusting issuers to perform appropriate diligence.

Issuers maintain revocation mechanisms to invalidate credentials when conditions change. Revocation must be verifiable without requiring real-time issuer queries.

The issuer defines the scope and limits of each credential type. Clear specification of what a credential does and does not attest to prevents misinterpretation.

System integration

Systems integrate identity verification by requesting appropriate credentials at points where authorization is required. The system specifies what types of credentials and claims are acceptable.

Verification results indicate whether presented credentials satisfy requirements. The system determines what actions to permit based on verification outcomes.

Integration does not require systems to become credential issuers or to store identity data. Systems verify credentials presented to them and make decisions based on verified claims.

Trust framework

Trust in verification depends on trust in credential issuers. Governance mechanisms establish which issuers are recognized and for what types of credentials.

Recognition can be hierarchical, with root trust anchors delegating authority to subsidiary issuers. It can also be distributed, with different systems recognizing different issuers.

The trust framework does not require global consensus on issuer recognition. Systems determine which issuers they trust based on their own requirements and risk tolerance.