Guishan: There is no concept of a “banned identity” in Sovrin, so I am not certain how to answer your question. I also don’t know what you mean by “proof of authority.”
The nodes that participate in consensus are known to the community, and the keys that they use to sign their communication with one another are matched to public keys for those nodes that are stored on the public “pool ledger” (a subset or table within the overall ledger). A node is created by a steward (which is an identity with a specific role on the ledger), and a steward is created by action of the Sovrin Trustees (also an identity with a specific role on the ledger). Each steward can add exactly one node to the consensus pool. Thus, a new node can be installed at any time, but it can’t participate in consensus unless its public key and IP address are added to the global pool ledger by a sponsoring steward. Unless that happens, the other nodes won’t talk to it–and even if it did manage to talk to them, it would be signing its communication with keys that the other nodes don’t recognize.
If a node is known to be hacked, the steward that sponsored it can remove it from the consensus pool. This does not “ban” the node; it just means the other nodes stop talking to it as they make consensus decisions.