Identity FURPS

Functionality

An account is bound to at least one cryptographic key whose private part is controlled by the holder.
An account has a stable, long-lived address that does not change when keys rotate or are revoked.
An account carries an append-only operation log of credential changes.
An account can be created without permission from any third party.
An account can hold one or more keys.
A new key can be added to an account
A key can be revoked from the account.
Given an account address, anyone can query for the associated keys.
Single-key compromise must not permit irreversible account takeover.

Account creation is resistant to trivial Sybil attacks.
An account allows for associating externally owned identifiers (EoIs) to be used as alternative addresses.
An account supports programmable validation policies, defined by the holder, that govern which mutations are accepted (i.e., full provenance log implementation)

The basic identity protocol (accounts, address format, operation log, contact discovery flow) is published in a specification.
The registry interface (lookup, write authorisation) is published in a specification.
The identity library is implemented in Rust.
The identity library is available via C-bindings.
The identity library is integrated into a working Logos Chat module deployed to Logos Core.
The registry is implemented on the Logos Blockchain (as an LEZ program or as a dedicated Identity Zone).
The registry backend choice on the Logos Blockchain (LEZ program vs dedicated Identity Zone) is evaluated and documented.

A registry lookup of an account’s current state completes within a bounded time under typical network conditions.
Account creation completes within a few seconds on a typical client.