Self-sovereign, Decentralised Identity Management and Personal Data Sharing

Overview


Decentralised identity directory
The decentralised GNU Name System (GNS) gives users full and exclusive authority over their attributes by sharing them over user-owned namespaces.
Cryptographic access control
Users regularly publish fresh, up-to-date attributes which can be retrieved and read only by authorized relying parties parties without direct user interaction -- even if the user is offline!

Principles

Identity and attribute management
Users regularly publish fresh, up-to-date attributes which can be retrieved by requesting parties without direct user interaction -- even if the user is offline! Access to attributes is controlled through an ecryption based access control layer.
Authorization
To access attributes, requesting parties request authorization from the user thrugh the use of OpenID Connect. If access is granted, the relying party is given the necessary decryption key material. The user may at any time revoke this access or modify the authorization decision.
Attribute retrieval
Relying parties retrieve encrypted identity data from the decentralised directory. It is able to decrypt all those attributes that the user has authorized it to access using the respective key.