What data? How is it stored?
What is happening with my data?
Last updated
What is happening with my data?
Last updated
idOS is a place to store your identity data and credentials in a self-sovereign and decentralized way. The data is stored across multiple distributed nodes and is encrypted using the user's public keys.
Users decide which data is stored in their idOS profile. In general, any data can be stored in idOS, but the main initial use cases that idOS will support at launch are:
KYC/AML (verified)
Proof-of-personhood (verified)
Linked wallet addresses (verified)
User inputs, like social profiles, gaming achievements, participation certificates, etc. (verified/unverified)
Users are in full control and can choose to add data to their idOS profile using the User Data Dashboard for unverified data. For verified data such as identity data (KYC/AML, Proof-of-personhood), Identity verification providers are needed to verify the data and potentially support the user in the process of adding it to idOS.
At the idOS' inception, Fractal ID will be the first issuer to provide W3C-compliant Verifiable Credentials. More issuers, like identity verification providers, will be able to leverage the idOS tech stack in the upcoming months.
By default, all identity data is user-encrypted before being added to idOS. idOS distributes all encrypted data among its Node providers and uses a consensus mechanism to harmonize the dataset state. Following the idOS table structure, the following guidelines show the encryption state of the data being added to idOS:
Table | Encryption guidelines |
---|---|
Identity verification providers are service providers that confirm the validity of information added to idOS and/or issue Verified Credentials. Identity verification providers usually provide onboarding flows to allow users to input data that is later manually and/or technically reviewed. idOS is built to support Identity verification providers that perform KYC/AML and Proof-of-personhood checks in the beginning. These providers have their own data management processes and may choose to delete or store the user data on central premises. Data minimization is highly encouraged when picking an identity verification provider to add data to the idOS.
During the idOS beta phase, Fractal ID will be the only identity verification provider available due to a temporary lack of other providers interoperable with idOS. idOS is permissionless and we encourage other identity providers to become interoperable with the idOS. During the introduction phase, Fractal ID will temporarily keep users' data in its central systems. This data redundancy acts as a safety net during idOS' infancy. Afterwards, Fractal ID will delete the main content (actual user information) for all new users automatically and for existing idOS users on request through the Fractal ID's user dashboard. Fractal ID will keep user contact information to be able to notify users (e.g. when their credential has expired), metadata like timestamps, and process logs.
For more information on decentralization and data handling, please check the idOS' path to progressive decentralization.
idOS is an open-source, self-sovereign and gradually permissionless system. This gives participants far-reaching abilities to perform actions that are highly discouraged:
Users might choose to upload data to idOS that is not encrypted and visible to all node providers
dApps might implement the User Data Dashboard and amend it in a way that intercepts the user's data
dApps might amend the access grant SDK to not encrypt data again after it's shared with them
We have opted against limiting the user's rights or only allowing curated dApps to participate in the idOS in favor of a more open, self-sovereign system. We will closely monitor these risk factors together with all Node providers and keep making the idOS better and safer for users. As with any decentralize tech in web3, please beware when connecting and interacting with services that connect to the idOS.
humans
no field should be encrypted
attributes
key and/or value should be encrypted if they hold sensitive content
wallets
no field should be encrypted
credentials
only the content field should be encrypted