Implementing pseudonymity, key-management, non-repudiation and data minimisation features in isolated procedures is trivial. However, integrating all of them in one consistent architecture has several challenges to tackle. This work proposes data structures to represent Self-Sovereign Identities and to handle those features in a consolidated architecture. Key-management is constructed using secret sharing principles, capable of recovering from a lost or compromised key to a new one without losing track of the original account. Pseudonymity and data minimisation is established using anonymous profiles, showing different views of the same identity. Non-repudiation is contemplated in the profile disclosure process. Profiles are protected against tampering with the use of digital signatures and blockchain cryptographic constructions. All profiles and registries are controlled with a single asymmetric key pair that can be provided by a smart card. Flexible structures are defined that can be used to register claims, attestations, authorisation grants, user consents, or any other activities. All definitions take into consideration the rules of the General Data Protection Regulation (GDPR).

中文翻译：

---

RAIAP：隔离的匿名配置文件上的可更新身份验证

在隔离的过程中实现假名，密钥管理，不可否认和数据最小化功能很简单。但是，将所有这些集成到一个一致的体系结构中要解决几个挑战。这项工作提出了表示自我主权身份并在统一体系结构中处理这些功能的数据结构。密钥管理是使用秘密共享原则构建的，能够从丢失或受到破坏的密钥恢复到新密钥，而又不会丢失对原始帐户的跟踪。伪匿名和数据最小化是使用匿名配置文件建立的，匿名配置文件显示相同身份的不同视图。简档公开过程中考虑了不可否认性。配置文件受到保护，以防止篡改数字签名和区块链密码结构的使用。所有配置文件和注册表都由智能卡可以提供的单个非对称密钥对控制。定义了灵活的结构，可用于注册索赔，证明，授权，用户同意或任何其他活动。所有定义都考虑到了通用数据保护条例（GDPR）的规则。