Identity Management Pallet (IMP)
The Identity Management Pallet (IMP) is a powerful tool designed to facilitate the management of users’ web2 and web3 identities. There are two types of IMP. One is located on the Parachain and it is the user portal with no storage functionality. It has extrinsics and events (normal and error events) and all input and output data are encrypted by user’s shielding key. The second one is on the Trusted Execution Environment (TEE). It maintains the storage of users’ shielding keys and IdGraphs and runs the actual identity verification business logic.
The pallet located in the TEE (enclave) is integrated in SGX-runtime, and the extrinsics are called by the enclave. When requesting identity linking (Web2 <> Web3, or cross-chain wallets linking) or verifiable credential generation in the IdentityHub, all data involved to complete the request will be stored and computed in the TEE environment. This includes the request itself, the relationship between different wallets, data fetched from a specific wallet that supports the claim in a VC, etc.
The TEE is secured by an isolated, cryptographic electronic structure that is resistant to malicious attacks and unauthorized access. The hardware manufacturer guarantees that no one — not even the system administrator or the operating system — has access to the keys or can read the memory stored within the TEE. This makes it a great choice for executing confidential tasks. Check here for more information about the TEE.
The IMP provides a set of functionalities that enable users to create, manage, and revoke identities, as well as perform various other operations related to identity management. With the Identity Management Pallet, users can easily manage their identities, control access to their data, and ensure the security and integrity of their information. This technology transforms users’ identities, enabling individuals and organizations to take greater control of their digital identities in a more secure and decentralized manner.