One of the most fundamental features Sovrin provides is a trusted way to determine the public key associated with a particular identifier. A secure and privacy-protective authentication mechanism can be implemented simply by having the identity owner sign a challenge with their private key to prove they really control the identifier in question. This is essentially what happens in the “Trust Ping” section of the Getting Started guide (just after Alice establishes her link with Faber College).
In a more realistic scenario, an identity owner may wish to authenticate to a website with which they have previously registered, and they’ll have a Sovrin client app on their smartphone which uses biometrics to unlock the secure enclave where their keys are stored. The website pushes the challenge to the identity owner’s agent (see The Technical Foundations of Sovrin for an overview of where agents fit in to the architecture), which in turn sends a push notification to the smartphone app prompting the identity owner to present their biometric and approve the authentication request. This diagram illustrates how that flow works:
I’d love to hear any ideas or suggestions you might have on how to optimise either the user experience or the backend integration.