Decentralised identity directory
The decentralised GNU Name System (GNS) gives users full and exclusive authority over their attributes by sharing them over user-owned namespaces.
Cryptographic access control
Users regularly publish fresh, up-to-date attributes which can be retrieved and read only by authorized relying parties parties without direct user interaction -- even if the user is offline!
Identity and attribute management
Users regularly publish fresh, up-to-date attributes which can be retrieved by requesting parties without direct user interaction -- even if the user is offline! Access to attributes is controlled through an ecryption based access control layer.
To access attributes, requesting parties request authorization from the user thrugh the use of OpenID Connect. If access is granted, the relying party is given the necessary decryption key material. The user may at any time revoke this access or modify the authorization decision.
Relying parties retrieve encrypted identity data from the decentralised directory. It is able to decrypt all those attributes that the user has authorized it to access using the respective key.