-
Notifications
You must be signed in to change notification settings - Fork 6
control authority
In identity systems Control Authority is who controls what and that is the primary factor in determining the basis for trust in them. The entity with control authority takes action through operations that affect the
- creation (inception)
- updating
- rotation
- revocation
- deletion
- and delegation of the authentication factors and their relation to the identifier.
How these events are ordered and their dependence on previous operations is important. The record of these operations is the source of truth for the identity system.
In the 2022 implementation of KeriPy two rotations were required to change control authority.
In new rotation rules, you can rotate to new keys that aren't in the prior next key digests. You just need to reach the appropriate thresholds of prior-next-threshold and current-signing-threshold. So you now only need one rotation to change control authority.
Note: This change was the forcing function to require dual indexed codes in CESR.