Identity Library Architecture

This document explains the design and implementation of the SEA™ Identity Library.

Dual-State Identity Model

SEA™ implements a two-stage identity lifecycle per SDS-050:

1
2
3
4
5
6
7
8
9
┌─────────────────┐    attest()     ┌─────────────────┐
│   ifl:hash      │ ───────────────>│   ifl:token     │
│  (pre-mint)     │                 │  (attested)     │
└─────────────────┘                 └─────────────────┘
   │                                   │
   │ Deterministic                     │ Federated
   │ Offline-capable                   │ Ledger-backed
   │ Content-addressed                 │ Time-stamped
   │ Unstable until frozen             │ Immutable

Pre-Mint Identity (ifl:hash)

Format: ifl:hash:<sha256-hex>

Properties:

• Computed from canonical artifact form using SHA-256
• No network access required
• Same artifact always produces same hash
• Changes if artifact definition evolves

Algorithm:

1
2
3
4
5
function computePreMintIdentity(artifact: SemanticArtifact): string {
  const canonical = normalizeCanonical(artifact);
  const hash = sha256(canonical);
  return `ifl:hash:${hash}`;
}

Canonical Normalization

Per SDS-050 §1.1.1:

1. Field ordering: Alphabetical
2. Number normalization: Consistent precision
3. Unicode normalization: NFC form
4. Timestamp normalization: UTC

Attested Identity (ifl:token)

Format: ifl:token:<ledger-id>:<sequence-number>

Properties:

• Ledger-backed and immutable
• Includes attestation timestamp
• Cryptographically signed by authority
• Full lineage from pre-mint to attestation

Invariants

File Structure

1
2
3
4
libs/sea/domain/src/lib/identity/
├── hash-id.ts       # Core identity functions
├── hash-id.spec.ts  # Unit tests
└── index.ts         # Module exports

Related Specifications

• SDS-050: Semantic Identity & Provenance
• ADR-003: Foundational Isomorphic Architecture