Data Flow Diagrams (Textual)

These are step-by-step flows for the main operations.

You can later turn each into a visual diagram (sequence diagram, swimlane, etc.).

Flow 1 – Create Identity

Actors: User, Identity Agent, Device Key Manager, Identity Service, Vault, Identity Registry.

1. User opens Identity Agent and taps Create Identity.
2. Device Key Manager generates:
   • master / control keypair
   • recovery keypair (or recovery bundle).
3. Agent sends a signed CreateIdentity request to Identity Service:
   • public keys
   • minimal bootstrap attributes (e.g. alias, locale)
   • consent / policy version.
4. Identity Service:
   • normalizes attributes
   • builds attribute tree root (or asks Vault)
   • computes identity commitment.
5. Identity Service stores initial identity record (in DB) and:
   • writes LivreID + commitment to Identity Registry (on-chain or anchored).
6. Service instructs Vault to initialize an encrypted vault for this identity.
7. Agent receives:
   • LivreID / internal ID
   • initial status (active)
   • any onboarding metadata.

Result: a new identity with a live commitment, empty or minimal attributes, and a dedicated vault.

Flow 2 – Add / Update Attributes

Actors: User/Issuer, Agent, Identity Service, Vault, Proof Engine (optional).

1. User or trusted issuer initiates Update Attributes.
2. Agent collects new attributes (e.g. country_of_residence) + any supporting credential.
3. Agent sends signed UpdateAttributes request to Identity Service.
4. Identity Service:
   • checks policies (who can set this attribute, under what conditions)
   • forwards encrypted attribute payload to Vault.
5. Vault:
   • stores encrypted value
   • updates attribute Merkle tree
   • returns new attributes_root + inclusion proofs.