Disclosure of Identity Attributes

Disclosure of Identity Attributes is the ability for a moderator to ask a someone to disclose an attribute of their real identity.

When a person signs in to PubHubs hub through the Yivi verified credentials system, initially they are allocated a pseudonymous user identifier, for example @123-321:testhub.matrix.host. From this pseudonym, not even an operator or moderator of the hub can discover the user's real identity.

A moderator may wish to ask a user to confirm their real identity, to some degree. Through Yivi it is possible to ask a user to reveal a cryptographic proof 1 of one or more of their identity attributes. Some common attributes are one's real name, physical address, or email address. An attribute could also be something like "age is at least 18 years".

The initial implementation of the feature is described below, followed by ideas for further work.

Disclosure Flow

A moderator asks someone to disclose an attribute of their real identity. The recipient provide the requested attribute, using Yivi to attach a cryptographic proof.

The disclosure UI can be seen in an interactive UI prototype . (Press the "play" button to start interactive mode.)

  1. the moderator is concerned about a user (pseudonym 'bad-apple3'), and starts the disclosure request


  2. moderator chooses: a user, a message, a set of attributes


  3. on submitting the form, a private room with the recipient is created or opened, and a request message is sent into that room


  4. a Yivi signing session is started in the recipient's view (in this early demo screen-shot, it appeared in the moderator's view)

    1d 1d2

  5. the recipient uses Yivi to provide the requested attributes, with which Yivi signs a (pre-filled) reply message


  6. the reply, signed with the requested attributes, is received by the moderator in the private room


There is also an alternative way for the moderator to initiate the process: by clicking an action button next to any message that the person sent in a hub room. The user who sent that message is then pre-populated in the initial dialogue.

Improvement Ideas

Some initial ideas about improvements to the flow:

  • Alternative ways to initiate the process, such as a context-menu item on clicking on the user's avatar or pseudonym.

  • The recipient user should receive a more gentle notification than suddenly seeing a pop-up dialogue of any kind. Perhaps a notification consistent with other notifications, though perhaps indicating a greater "urgency", from which they can then access the full details of the request when they are ready.

  • An overview or "dashboard" for the moderators to keep track of such requests and responses.

  • A way for moderators or administrators to set up their preferred default disclosure request message(s) and attribute(s), in advance, so the moderator does not have to think about these things when under the pressure of resolving an incident.

See Also

  1. A proof that such an attribute has been attested by some mutually trusted authority.