Antti, thanks for your question. I’ll jump in here and see if I can provide a couple of diagrams that may help per your request.
In the first example listed below, this diagram represents how someone (an Identity Owner) could use Sovrin to securely log in to any site using a simple Sovrin client application on their smartphone with passwordless biometric authentication. Here, the identity owner would simply click the “Login with Sovrin” button listed on the website, whereby the site would then send a push notification to the owner’s smartphone via their Sovrin agent of choice, eliciting a fingerprint challenge to authenticate the user and log him/her into the website. This is all done securely, privately, using public and private keys to ensure the owner is indeed the correct identifier wishing to log in to the website.
In this second diagram, notice how an identity owner could easily establish a new connection to a given website in much the same way, either by way of scanning a QR code or via a URL that contains an onboarding token.
While simplified, these diagrams hopefully help show the relationships between Identity Owner, Current or New Connections, Owner Agents, and the Sovrin Network. If you haven’t already had the chance, we also highly recommend reviewing the Getting Started Guide, as well as The Technical Foundations of Sovrin for a full review of how these various components interact with one another.
Again - thank you for your post. We value your feedback and would love to hear if this is helpful to you.