The IDHub client helps users to generate, manage, and interact with their aggregated identities. The client also syncs with the parachain to submit the latest state of the user's ID graph and issue verifiable credentials.

When a 3rd party dApp wants to access the user's identity data, it must make a request to the IDHub client and get the user's authorization before it gets the data. The Litentry blockchain will only allow returning identity data to the identity owner, it is up to the user to decide whether to give the data to a 3rd party.

The IDHub client allows the user to interact with the IDHub dashboard, IDgraph, VCs, and the Identity score.

The client interacts with the parachain & sidechain - where calls made to the parachain are encrypted and opaque to invoke confidentiality. The content of the operation is only visible to the Client and the sidechain TEE (SGX, SGX workers/nodes, and SGX runtime).

Different types of calls can be executed by the client based on the operation destination. They include:

• Untrusted Call: The client interacts with the parachain node via untrusted calls, sending transactions or queries.

• Trusted call: The client interacts with the TEE enclave directly.

• Direct Invocation: Client calls extrinsic in SGX runtime (same as a trusted call).

• Indirect invocation: Client encrypts SGX runtime call, sends to Teerex Pallet in parachain. The worker node syncs blocks, identifies call_work extrinsic, parses call from parachain, and dispatches them to SGX runtime.