Hosted onseed.hyper.mediavia theHypermedia Protocol

Develop Seed Hypermedia

Develop Seed Hypermedia

/Projects/Design Project: Identity System/Identity Notes BCN
Identity Notes BCN

Alex Burdiyan & Gabo H Beaumont

16 December 2025, 15:01

    We have App Nodes and Server Nodes. We also have Clients, basically web browsers. We are shaping the relationships among Clients, Server Nodes, and the rest of the Hypermedia Network.

    Unit 1. Server Keys.

      We introduce Server Keys and a new Contact Blob. This new Contact Blob can be a capability or a new Blob kind called attestation.

        Server Key

        1

          Server Account. (Are we sure it is not a Peer Key?)

        Contact Blob

          Contact Blob is distributed to the network. Every interested node will now know about the UserID and Session Key.

          1
            SIGNED BY SERVER
<server key> attests that UserID owns <session Key>

        Session Key

          Session Key is Public/Private Key stored on the User's Browser.

      Q: Is this an Edge Name?

      Q: Is data signed on a Site linked to your Web Identity?

      Multiple attestations for one key is ok.

    Unit 2. Account creation and Sign in.

      User can add or lose as devices as needed. The Service Server will add the new Session Keys to its UserID, after validating the user with an email magic link or a Passkey.

      Account creation:

        Email + Magic-link

        Email + Passwd.

        Social (Google, X, Bsky, etc..)

        Appkey

      Sign in Flow:

        Generate Web Crypto in browser.

        Sign Proof with Key

        Server attests key + User ID

      Q: Who is controlling the software at the time of signing?

    Unit 3. Merging Accounts.

    1

    Unit 4. Upgrade Web Identity to App Identity

      Desktop or Mobile is just another server, but w/o domain.

      Q. How to upgrade web identity to App Id.

      Desired Outcome:

      content
App Key ID = userid@gabo.es
Signed by: key of gabo.es
Key of the <APP>

      Q. How to distinguish sign in as X versus x+y?

      Q. Revocations.

      Q. Eject from Web ID.

    Unit 5. Revocations

      Attack surface:

        User's device is compromised or lost.

        The code that user's device is running is compromised.

          The server is malicious, from the start.

          The server gets hacked.

    Unit 6. Email - Multidevice Schemas

      Is every single node, both desktop or server, an IDP?

      I wish so much that I could embed exaclidraws!

      I wish so much that I could embed exaclidraws!

    Unit 7. Diagram

      Do we need Profiles to have versions? Profile have no version, no Tsid. Are Profile Blobs of the key.

Powered by Seed Hypermedia