Documentation

ACTIONS

Make transactions occur: they execute within the context of autonomous organizational security domains called REALMS.

ACTION DOCUMENT

What is sent to an ACTION ENDPOINT at a CONTROLLER. The ACTION DOCUMENT embeds the MANDATE and any parameters needed to perform the ACTION.

ACTION DESCRIPTORS

Are how SERVICES are published through CONTROLLERS and REALMS: they can be published as a QR code, NFC tag, or an URL or an element published on a website. The app use the ACTION DESCRIPTOR to create an ACTION that is sent to a CONTROLLER.

ACTION ENDPOINT

One of the three functions that the CONTROLLER provides in order for an ACTION to be performed. It typically is a URL where the ACTION DOCUMENT is sent, but Bluetooth or NFC can also be used to receive an ACTION.

BLOCKCHAIN

Is a public ledger in which REVOCATIONS can be recorded for future anonymous lookups: no central authority needs to store this information. The INTEGRITY platform can rely on any BLOCKCHAIN.

BRICKCHAIN

Is the decentralized identity protocol on which the INTEGRITY platform relies.

CERTIFICATE

Is a cryptographic document that relies on a SIGNATURE, to indicate that a certain key in our system can be trusted more than others - it is a stamp of approval. A SERVICE using a certified key embeds this proof in any issued DOCUMENT to attest this proof. A CERTIFICATE is typically issued by the Integrity INFRASTRUCTURE REALM to a KYC service provider, a Realm or a Revocation service. See the background document and the document on proposed changes.

CERTIFICATE CHAIN

A longer chain of CERTIFICATIONS. A key that has been certified may be reused to issue other CERTIFICATIONS, thus creating a longer certfication chain.

CERTIFICATION

The process of obtaining a CERTIFICATE.

CONTROLLER

The backend software that is used to expose a SERVICE to the USER. On BRICKCHAIN, a CONTROLLER requires three functional endpoints: (i) for the REALM binding, (ii) for the ACTION DESCRIPTOR and (iii) for performing ACTIONS.

CONTROLLER DESCRIPTOR

A DOCUMENT published by a CONTROLLER with metadata about itself. The descriptor lists available API endpoints such as URLs to the adminUI, the bindURI, and the label and the key of the CONTROLLER. Used by the REALM software to build the admin UI for the REALM.

DATA WALLET

The decentralized device where the USER stores all his personal information. The INTEGRITY MOBILE APP plays this role and removes the need for remote and central repository.

DOCUMENT

A set of information that the BRICKCHAIN protocol relies on to distribute TRUST. During a transaction, a DOCUMENT is always signed by an ENTITY.

ENTITY

Something that has a separate and distinct existence and that can be identified in a context. An End-User is one example of an ENITTY. (Source: OpenID Connect).

FACT

The attribute, or claim, of an ENTITY, i.e. of a public user ID. A given set of FACTS can be used by a service to define an IDENTITY. When trust is needed, service may rely on VALIDATED FACTS.

IDENTITY

A set of FACTS (i.e. attributes) related to an Entity. Verifying an IDENTITY means that VALIDATED FACTS have been issued by a KYC service, or has been valitated by an IDP.

IDP

Abbreviation standing for Identity Provider. IDPs can be divided in two categories. (i) The Primary Identity Providers are the governments and their agencies. They issue official IDENTITY documents such as passports, ID cards, driving licenses or social security numbers. (ii) But Secondary Identity Providers have also emerged: a RELYING PARTY now leverage banks and mobile operators to issue reliable identities. When a SERVICE needs to verify the IDENTITY of a USER, a KYC solution may be used. INTEGRITY is the decentralized platform where all these actors can communicate.

INFRASTRUCTURE REALM

Is the umbrella REALM that every INTEGRITY USER joins by default. It hosts a set of essential functions, such as KYC or IDP services. The VALIDATED FACTS that they deliver can be used and leveraged by anyone on the platform: it represents INTEGRITY’s root authority.

INTEGRITY

Is a decentralized identity platform that enables simple and secure exchange of personal data attributes (Facts). See What is Integrity to learn more.

KYC

Stands for Know Your Customer and it designates two things: (i) a service or solution that validates identities by checking their accuracy and (ii) the process and obligation of doing so for certain economic actors, such as banks, e-payment systems or sensitive content publishers. INTEGRITY is a decentralized platform where KYC requestors can leverage KYC providers who deliver the VALIDATED FACTS necessary to properly identify a given ENTITY.

MANDATES

Give the user the capacity to act in a certain ROLE, on behalf of a REALM.

INTEGRITY MOBILE APP

Is the main interface for the USER: it also serves as a decentralized DATA WALLET.

PROFILE

Is the part where the USER FACTS are visible, within the Integrity App.

REALMS

Represent the organizations on the INTEGRITY platform: they are what the user connects to, in order to get access to certain ROLES that are granted through MANDATES. REALMS are one of the three core elements of the INTEGRITY platform, with the mobile app and the SERVICES. An individual may create a REALM to represent an automated home while a business will create one to represent its brand or organization. In each case, the REALM is the unit from which the ROLES are distributed.

REALM DESCRIPTOR

Is a DOCUMENT describing all public metadata about a REALM: name, description, public key, API endpoints etc. This information is displayed in a more user friendly way to the USER in the INTEGRITY APP. To put it another way, the REALM DESCRIPTOR is the the document that a REALM uses to identify itself.

RELYING PARTY

A service that relies on a third party to identify and authenticate a user. INTEGRITY is a platform where any IDENTITY scheme can be created and deployed: the RELYING PARTY can choose which FACTS to require from the user.

RECEIPTS

Are DOCUMENTS that contain receipt details for an ACTION performed on INTEGRITY. They may be used to ensure accountability via an activity history. A RECEIPT can contain links that enables further interaction with the SERVICE.

REVOCATION

Is the operation through which BRICKCHAIN repudiates the SIGNATURE that authenticates a DOCUMENT. Once completed, the SIGNATURE bound to the DOCUMENT becomes invalid. To ensure privacy, REVOCATION lookups happen on a BLOCKCHAIN.

ROLE

Is one or more properties that a USER gets within an organization. Typically, the individual with an admin ROLE can create and define permissions for each ROLE. A ROLE forms a group of users who have the same rights / permissions. A ROLE is given to a user in the form of a MANDATE.

SCOPE REQUEST

The process through which FACTS are asked to a USER.

SERVICES

Are provided by a CONTROLLER which is loosely coupled to a realm. The controller and the realm are bound by a simple cryptographic handshake where the parties gain mutual trust through their public keys. This configuration allows each element to operate in totally separate network topologies.

SIGNATURE

The mathematical operation which produces the proof that (i) the author of a certain document is authenticated, that (ii) the transmitted message can not be repudiated and that (iii) its contents were not altered during the delivery (integrity). The SIGNATURE is a technical mean and it differs from the CERTIFICATE which designates a document endorsed by a certain authority, via a SIGNATURE.

TRUSTED REALMS

Are certified by a certificate authority that the user consider trusted.

USER

Is the human participant who protects and manages IDENTITIES on INTEGRITY.

VALIDATED FACTS

Are FACTS issued by a trusted authority, such as the INFRASTRUCTURE REALM or a KYC service provider.