Introduction

Platform Architecture

View as Markdown

System Architecture

IDA is a multi-layered decentralized identity platform. The architecture separates concerns into client applications, platform services, the ADI blockchain layer, and decentralized storage.

Component Overview

1. Client Layer

ComponentTechnologyPurpose
Holder WalletReact Native / FlutterKey management, credential storage, presentations
Issuer PortalReact + TypeScriptSchema management, credential issuance, analytics
Verifier PortalReact + TypeScriptProof requests, verification, trust framework config
AI Agent SDKJavaScript, Python, GoAgent DID creation, delegation, MCP/A2A integration

2. API Gateway

The API Gateway (Kong or Envoy) provides:

  • Authentication: API key, OAuth 2.0, DID Auth
  • Rate limiting: Per-tenant and per-endpoint throttling
  • Load balancing: Round-robin across service instances
  • WebSocket support: Real-time event streaming
  • MCP server endpoint: For AI agent tool access
  • A2A Agent Card serving: /.well-known/agent.json

3. Service Layer

DID Service

Manages the full lifecycle of Decentralized Identifiers:

  • Create: Generate key pairs, construct DID Document, register on-chain
  • Resolve: Fetch DID Document from the ADI blockchain via Universal Resolver
  • Update: Modify service endpoints, rotate keys, add authentication methods
  • Deactivate: Permanently deactivate a DID (GDPR right-to-erasure)
  • Key Management: Ed25519, secp256k1, P-256 key generation and rotation

VC Service

Handles the full Verifiable Credential lifecycle:

  • Schema Management: Define, version, and publish credential schemas
  • Issuance: Create and sign VCs with issuer’s DID
  • Verification: Check signature, schema compliance, expiry, revocation status
  • Presentation: Generate and verify Verifiable Presentations
  • Selective Disclosure: BBS+ based attribute-level disclosure
  • Revocation: On-chain revocation via Revocation Registry

Agent Service

Provides DIDComm v2 messaging infrastructure:

  • Connection Protocol: Establish pairwise DID connections
  • Credential Offer/Request: Protocol for issuing and requesting VCs
  • Message Routing: Cloud agent mediation for offline delivery
  • Encryption: X25519 key agreement + XChaCha20-Poly1305

AI Agent Identity Service

First-class identity for autonomous AI agents:

  • Agent DID Management: Create/manage did:adi:agent:* identifiers
  • Delegation Chains: Issue scoped delegation VCs (human -> agent -> sub-agent)
  • Capability Tokens (IBCT): Generate/verify invocation-bound tokens
  • Trust Scoring: On-chain reputation from verification history
  • Agent Cards: A2A-compatible agent metadata publication
  • MCP-I/A2A Integration: Protocol bridges for AI agent interoperability

4. Data Layer

StorePurposeData
PostgreSQLOff-chain indexingDID metadata, VC indices, audit logs
RedisCachingDID resolution cache, session data, rate limits
NATS / RabbitMQMessagingAgent-to-agent messages, event streaming

5. ADI Blockchain Layer

Four smart contracts form the on-chain trust infrastructure:

ContractPurposeKey Operations
DID RegistryDID Document registrationregister, resolve, update, deactivate
Schema RegistryCredential schema definitionscreateSchema, getSchema, listSchemas
Revocation RegistryCredential revocation statusrevoke, isRevoked, batchRevoke
Agent Trust RegistryAgent identity and reputationregisterAgent, updateScore, decommission

6. Decentralized Storage

IPFS (or ADI’s native storage layer) stores:

  • Full DID Documents (referenced by on-chain hash)
  • Credential schema definitions
  • Revocation lists (StatusList2021)
  • Agent Cards and capability attestations

Data Flow: Issue and Verify a Credential

Data Flow: AI Agent Delegation

Security Architecture

LayerMechanism
TransportTLS 1.3 for all API communications
AuthenticationDID Auth (challenge-response), OAuth 2.0, API keys
Encryption at restAES-256 for stored credentials and keys
DIDComm encryptionX25519 + XChaCha20-Poly1305
Key storage (server)HSM-backed key management
Key storage (mobile)Secure Enclave / TEE
SignaturesEd25519Signature2020, BBS+ for selective disclosure
Agent tokensEdDSA-signed JWT (single-hop), Biscuit with Datalog (multi-hop)
AuditImmutable, cryptographically signed action logs

Technology Stack

LayerTechnology
BlockchainADI Chain
Smart ContractsSolidity / ADI VM
BackendGo / Rust
API GatewayKong / Envoy
Message QueueNATS / RabbitMQ
DatabasePostgreSQL + Redis
StorageIPFS
Web PortalsReact + TypeScript + Tailwind
Mobile WalletReact Native / Flutter
Cryptographylibsodium, BBS+, Biscuit
CI/CDGitHub Actions + ArgoCD
MonitoringPrometheus + Grafana
OrchestrationKubernetes