Users regularly publish fresh, up-to-date attributes which can be retrieved by requesting parties without direct user interaction -- even if the user is offline! Access to attributes is controlled through an ecryption based access control layer.

To access attributes, requesting parties request authorization from the user thrugh the use of OpenID Connect. If access is granted, the relying party is given the necessary decryption key material. The user may at any time revoke this access or modify the authorization decision.

Relying parties retrieve encrypted identity data from the decentralised directory. It is able to decrypt all those attributes that the user has authorized it to access using the respective key.