feat(approach|use-case): add resilient identity continuity approach and use case

[rymnc]

What are you adding?

• Vendor/Protocol
• Enterprise Use Case
• Update to existing content
• Other

Description

closes part of #136

This pull request introduces comprehensive documentation for the "Resilient Identity Continuity" use case and its corresponding approach. It defines the requirements, challenges, and solutions for maintaining on-chain identity proofs when the original credential issuer is unavailable or adversarial. The update includes both a high-level use case description and a detailed technical approach, covering architecture, recovery mechanisms, sybil resistance, and trade-offs.

Key additions and changes:

Use Case Definition and Context:

• Adds a new use case document (use-cases/resilient-identity-continuity.md) outlining the need for identity proofs that survive issuer failure, detailing business context, actors, core problems, and requirements. It also summarizes related work, open questions, and links to standards and prior art.

Technical Approach and Architecture:

• Introduces a detailed approach document (approaches/approach-resilient-identity-continuity.md) that:
  • Explains the shift of trust from issuers to on-chain state and describes how credential survival, recovery, and verification can work without issuer participation.
  • Compares multiple architectural strategies (on-chain commitment via distributed OPRF, distributed re-issuance, TEE-based credential vault), outlining their trade-offs, maturity, and vendor recommendations.
  • Details implementation phases, sybil resistance layers, recovery mechanisms, and verification patterns, with tables comparing approaches and summarizing vendor/tooling options.

Open Questions and Future Considerations:

• Both documents enumerate open questions around social recovery, recovery-enrollment binding, attribute freshness, forward secrecy, and predicate privacy, highlighting areas for further research and design. [1] [2]

Links to Related Work and Standards:

• Extensive references to related patterns, standards (e.g., RFC 9497, W3C VC Data Model), frameworks, and prior art are provided for further exploration and context. [1] [2]

Checklist

• I've checked this doesn't duplicate existing content
• All links work
• Info is accurate

Summary by CodeRabbit

Release Notes

• Documentation
  • Introduced "Resilient Identity Continuity" use case documentation defining requirements and approaches for maintaining identity verification capabilities when issuers become unavailable, adversarial, or offline
  • Expanded "Private Identity" approach documentation with issuer-independent threat modeling, including new enrollment architecture, recovery mechanisms, and universal verification via on-chain trust anchors

[coderabbitai]

Warning

Rate limit exceeded

@rymnc has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 35 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 21 minutes and 35 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0d51ab60-51d1-46c5-b592-0ae2b4c8dc77

📥 Commits

Reviewing files that changed from the base of the PR and between dfd93aa and 081a050.

📒 Files selected for processing (2)

• approaches/approach-private-identity.md
• use-cases/resilient-identity-continuity.md

Walkthrough

Added new "Resilient Identity Continuity" use case documentation that specifies an issuer-hostile threat model for on-chain identity attribute proofs. Expanded the existing "Private Identity" approach documentation to include issuer-independent enrollment via distributed OPRF and updated planning phases. Updated CHANGELOG to reflect these additions.

Changes

Cohort / File(s)	Summary
New Use Case Documentation use-cases/resilient-identity-continuity.md	Introduced new use case defining issuer-hostile threat model, actor roles (holder, identity source, enrollment operator, verifier, auditor/regulator, governance operator), four core problems, explicit requirements per problem, and recommended approach mapping (on-chain credential anchoring, layered sybil resistance, threshold + social recovery, universal verification). Includes open questions and references to related standards and prior art.
Approach Expansion & Changelog approaches/approach-private-identity.md, CHANGELOG.md	Expanded Private Identity approach from cooperative-issuer to issuer-hostile model with new architectural section (F) on distributed OPRF-based enrollment, on-chain incremental Merkle tree commitment, and verification without issuer/registry contact. Updated constraints, persona TLDRs, planning phases (added Phase 3: Issuer-Independent Enrollment), comparison tables, and open questions. Changed Anon Aadhaar signature verification detail from DKIM to RSA. Added issuer-hostile example scenarios, new standards links (OPRF, hashToCurve), and OPRF vendor recommendation entry. CHANGELOG updated with single entry referencing new use case and approach.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding a new use case and approach for resilient identity continuity, and is specific and clear.
Description check	✅ Passed	The description covers required template sections, provides a clear summary of additions and changes, and lists completed checklist items for deduplication, links, and accuracy verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/resilient-private-identity

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@approaches/approach-resilient-identity-continuity.md`:
- Around line 1-241: The document "Approach: Resilient Identity Continuity"
exceeds the 2000-word guideline; shorten it to under 2000 words by trimming
non-essential bulk (move vendor recommendation tables, long vendor lists,
detailed PoC links, extensive example scenarios, and large prior-art lists into
a separate appendix or external resources), condense architecture sections into
concise summaries (keep core problem, constraints, approach A/B/C, and TLDRs),
and add a short "Read more" link to the moved content; update any front-matter
or header note to reflect the new word count and where the extended material now
lives so the file (Approach: Resilient Identity Continuity) complies with the
"Word limits" rule.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: c04574b6-fdd5-44c7-aa5c-cb63fa7117ed

📥 Commits

Reviewing files that changed from the base of the PR and between c6cfe37 and 83c91ef.

📒 Files selected for processing (2)

• approaches/approach-resilient-identity-continuity.md
• use-cases/resilient-identity-continuity.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (2)

use-cases/**/*.md

⚙️ CodeRabbit configuration file

use-cases/**/*.md: This is a use case card.

Structure & frontmatter: Validate against the template at use-cases/_template.md.
Rules and scope are in use-cases/README.md.

Check that primary_domain matches one of the domains listed in domains/README.md.
Use cases should stay on a single page — flag if the content is excessively long or duplicates linked docs.

Warn if section ## 2) Additional Business Context contains anything that looks like confidential
information (specific organization names, pilot scopes, committed volumes) — these belong in context/ files.

Files:

• use-cases/resilient-identity-continuity.md

approaches/**/*.md

⚙️ CodeRabbit configuration file

approaches/**/*.md: This is an approach card.

Structure: Validate against the template at approaches/_template.md.
File naming and conventions are in approaches/README.md. Filename must start with approach- in kebab-case.

Approach cards MUST link to both the use case they address and the patterns they combine.
Flag if no pattern or use case cross-references are present.

Word limits: warn > 2000, error > 3000.

Files:

• approaches/approach-resilient-identity-continuity.md

🧠 Learnings (1)

📓 Common learnings

Learnt from: rymnc
Repo: ethereum/iptf-map PR: 116
File: patterns/pattern-private-set-intersection-dh.md:38-40
Timestamp: 2026-03-18T09:22:00.023Z
Learning: In the ethereum/iptf-map repository, pattern documentation (e.g., patterns/pattern-private-set-intersection-dh.md) is intentionally kept high-level and concise. Avoid suggesting granular implementation-level steps (e.g., explicit point-validation sub-steps) inside the Protocol section of pattern docs; prefer lightweight callouts in a separate Security Notes or Caveats section if the concern must be mentioned at all.

🪛 GitHub Check: vale

use-cases/resilient-identity-continuity.md

[warning] 70-70: [vale] use-cases/resilient-identity-continuity.md#L70
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

approaches/approach-resilient-identity-continuity.md

[warning] 70-70: [vale] approaches/approach-resilient-identity-continuity.md#L70
[IPTF.Marketing] Avoid marketing language: 'unique'. Use neutral, factual terms.

---

[warning] 167-167: [vale] approaches/approach-resilient-identity-continuity.md#L167
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 168-168: [vale] approaches/approach-resilient-identity-continuity.md#L168
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 183-183: [vale] approaches/approach-resilient-identity-continuity.md#L183
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 195-195: [vale] approaches/approach-resilient-identity-continuity.md#L195
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 214-214: [vale] approaches/approach-resilient-identity-continuity.md#L214
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 229-229: [vale] approaches/approach-resilient-identity-continuity.md#L229
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

[Meyanis95]

TLS proving is already mapped. It'd be cool to add zk-wrappers as a pattern (signature verification in a ZKP).

[rymnc]

zk wrappers in follow up pr

[Meyanis95]

In general best to add it now, as it's in scope. i.e., defining a building block that is part of the approach.
I think it should at least lead to an open issue, otherwise we will lose track of it.

[rymnc]

#148

[Meyanis95]

Same here, social recovery is a strong primitive that we could map as a pattern.

[rymnc]

follow up pr :)

[Meyanis95]

Same comment as above

[rymnc]

#149

[Meyanis95]

Not sure, we should keep this mention here.

[rymnc]

addressed in 44f2bce. its part of the template

[Meyanis95]

Same feedback as in group chat.
I think this approach could be consolidated with the existing approach-private-identity, that way the survive track will not be a side track but will harden current approach doc assumptions.

[rymnc]

addressed in dfd93aa

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

approaches/approach-private-identity.md (1)

1-383: ⚠️ Potential issue | 🟠 Major

Approach card exceeds hard word limit and currently fails CI.

This file is 3461 words; split or trim content to get under 3000 words (e.g., move deep scenario details/trade-off expansions to a linked companion doc).

As per coding guidelines, approach cards have an error threshold above 3000 words.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@approaches/approach-private-identity.md` around lines 1 - 383, The approach
card "Approach: Private Identity" exceeds the 3000-word limit and fails CI;
reduce the document to under 3000 words by trimming or relocating verbose
sections. Specifically, remove or move deep scenario descriptions (Scenario
1–7), extensive vendor/links lists, long "More Details" and "Trade-offs" tables,
and large example blocks into a companion document, condense the "Overview",
"Key Constraints", "TLDR for Different Personas" and "Architecture and Design
Choices" to concise bullets, and ensure the resulting content (headers like "A.
Registry-Based Membership Proofs", "F. Issuer-Independent Enrollment via
Distributed OPRF", "Open Questions") remains a focused summary under 3000 words
so CI will pass.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@approaches/approach-private-identity.md`:
- Line 158: The markdown contains marketing/superlative phrasing in the table
row and other flagged lines (e.g., the cells "One enrollment per source
credential" and "Source credentials are unique and unforgeable"); replace those
terms with neutral, factual alternatives (for example: "One enrollment per
source credential" -> "One enrollment per source credential (per-source
binding)" or "One enrollment per source credential" -> "Single enrollment
associated with each source credential" and "Source credentials are unique and
unforgeable" -> "Source credentials are tied to issuance and protected against
forgery" or similar neutral wording) and apply the same tone change to the other
flagged occurrences that match the same phrasing patterns so the prose lint and
repository tone requirements are satisfied.

In `@use-cases/resilient-identity-continuity.md`:
- Line 70: Replace the phrase "with only the on-chain trust anchor and a ZK
proof. No external calls." with neutral wording such as "with the on-chain trust
anchor and a ZK proof, without external service calls" in the sentence
describing verification in issuer-hostile settings; update the sentence in the
paragraph containing "Verification in existing private identity systems often
requires contacting a registry operator or issuer for revocation checks or
credential status" so it reads that verification must work "with the on-chain
trust anchor and a ZK proof, without external service calls."
- Around line 90-97: The "Open Questions" section currently uses a numbered
list; update the section headed "## 6) Open Questions" so each item is a
bullet-form question (use leading "-" or "*" per markdown) and append a
reference link for each question (e.g., "[link text](URL)") pointing to relevant
issue/PR or spec; ensure the header remains "Open Questions" and convert each of
the five numbered entries into separate bullet questions (preserve wording like
"minimum guardian set size for social recovery" and "production path for private
predicate parameters") with a short descriptive link for context attached to
each bullet.
- Line 26: Convert the dense inline actor sentence into an explicit bulleted
"Actors" list in the use-case card: replace the single-line string that
currently lists Holder, Identity Source, Enrollment Operator, Verifier, Auditor
/ Regulator, and Governance Operator with a markdown section titled "Actors"
followed by separate bullet entries for each actor (Holder, Identity Source,
Enrollment Operator, Verifier, Auditor / Regulator, Governance Operator),
ensuring each actor is its own list item and keeping the existing descriptions
(e.g., "Holder (identity owner: enrolls once, proves attributes at will)")
intact so the template structure and readability requirements are met.
- Line 3: Update the YAML frontmatter key primary_domain in
use-cases/resilient-identity-continuity.md from the incorrect value "identity"
to the canonical domain "Identity & Compliance" (matching domains/README.md and
other use-cases like private-identity.md and private-registry.md) so the file
references the correct domain.

---

Outside diff comments:
In `@approaches/approach-private-identity.md`:
- Around line 1-383: The approach card "Approach: Private Identity" exceeds the
3000-word limit and fails CI; reduce the document to under 3000 words by
trimming or relocating verbose sections. Specifically, remove or move deep
scenario descriptions (Scenario 1–7), extensive vendor/links lists, long "More
Details" and "Trade-offs" tables, and large example blocks into a companion
document, condense the "Overview", "Key Constraints", "TLDR for Different
Personas" and "Architecture and Design Choices" to concise bullets, and ensure
the resulting content (headers like "A. Registry-Based Membership Proofs", "F.
Issuer-Independent Enrollment via Distributed OPRF", "Open Questions") remains a
focused summary under 3000 words so CI will pass.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9e6a36b8-0700-41fc-a645-5e46228018bd

📥 Commits

Reviewing files that changed from the base of the PR and between 83c91ef and dfd93aa.

📒 Files selected for processing (3)

• CHANGELOG.md
• approaches/approach-private-identity.md
• use-cases/resilient-identity-continuity.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (3)

CHANGELOG.md

⚙️ CodeRabbit configuration file

CHANGELOG.md: Entries must go under [Unreleased], include a markdown link to the changed file,
reference the PR number (#NNN), and use a semantic prefix (feat(pattern):, feat(vendor):, fix:, docs:, etc.).

Files:

• CHANGELOG.md

approaches/**/*.md

⚙️ CodeRabbit configuration file

approaches/**/*.md: This is an approach card.

Structure: Validate against the template at approaches/_template.md.
File naming and conventions are in approaches/README.md. Filename must start with approach- in kebab-case.

Approach cards MUST link to both the use case they address and the patterns they combine.
Flag if no pattern or use case cross-references are present.

Word limits: warn > 2000, error > 3000.

Files:

• approaches/approach-private-identity.md

use-cases/**/*.md

⚙️ CodeRabbit configuration file

use-cases/**/*.md: This is a use case card.

Structure & frontmatter: Validate against the template at use-cases/_template.md.
Rules and scope are in use-cases/README.md.

Check that primary_domain matches one of the domains listed in domains/README.md.
Use cases should stay on a single page — flag if the content is excessively long or duplicates linked docs.

Warn if section ## 2) Additional Business Context contains anything that looks like confidential
information (specific organization names, pilot scopes, committed volumes) — these belong in context/ files.

Files:

• use-cases/resilient-identity-continuity.md

🧠 Learnings (3)

📚 Learning: 2026-03-18T09:22:00.023Z

Learnt from: rymnc
Repo: ethereum/iptf-map PR: 116
File: patterns/pattern-private-set-intersection-dh.md:38-40
Timestamp: 2026-03-18T09:22:00.023Z
Learning: In the ethereum/iptf-map repository, pattern documentation (e.g., patterns/pattern-private-set-intersection-dh.md) is intentionally kept high-level and concise. Avoid suggesting granular implementation-level steps (e.g., explicit point-validation sub-steps) inside the Protocol section of pattern docs; prefer lightweight callouts in a separate Security Notes or Caveats section if the concern must be mentioned at all.

Applied to files:

• CHANGELOG.md
• approaches/approach-private-identity.md

📚 Learning: 2026-03-19T10:42:51.310Z

Learnt from: rymnc
Repo: ethereum/iptf-map PR: 120
File: patterns/pattern-private-set-intersection-circuit.md:5-7
Timestamp: 2026-03-19T10:42:51.310Z
Learning: In the ethereum/iptf-map repository, the frontmatter fields `layer` (enum: L1, L2, offchain, hybrid), `privacy_goal` (string, maxLength 200), and `assumptions` (string or array of strings) are all explicitly defined as valid properties in `scripts/schemas/pattern.json`. Do not flag these as invalid or non-schema fields in pattern documents under the `patterns/` directory.

Applied to files:

• CHANGELOG.md

📚 Learning: 2026-03-20T05:29:10.507Z

Learnt from: rymnc
Repo: ethereum/iptf-map PR: 120
File: patterns/pattern-private-set-intersection-circuit.md:19-23
Timestamp: 2026-03-20T05:29:10.507Z
Learning: In ethereum/iptf-map pattern reviews, distinguish between **censorship** (operator blocks user inputs from being processed — affects CR score) and **liveness** (operator withholds output after protocol participation — does not directly affect CR score). For garbled-circuit PSI patterns, the garbler withholding the output decoding table is a liveness concern, not censorship; do not flag it as a CR justification gap.

Applied to files:

• CHANGELOG.md

🪛 GitHub Actions: CI Quality Gates

approaches/approach-private-identity.md

[error] 1-1: Content too long: 3461 words (max 3000). approach/private pattern validation failed.

🪛 GitHub Check: vale

approaches/approach-private-identity.md

[warning] 158-158: [vale] approaches/approach-private-identity.md#L158
[IPTF.Marketing] Avoid marketing language: 'unique'. Use neutral, factual terms.

---

[warning] 251-251: [vale] approaches/approach-private-identity.md#L251
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 252-252: [vale] approaches/approach-private-identity.md#L252
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 304-304: [vale] approaches/approach-private-identity.md#L304
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 316-316: [vale] approaches/approach-private-identity.md#L316
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

---

[warning] 360-360: [vale] approaches/approach-private-identity.md#L360
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

use-cases/resilient-identity-continuity.md

[warning] 70-70: [vale] use-cases/resilient-identity-continuity.md#L70
[IPTF.Marketing] Avoid marketing language: 'only'. Use neutral, factual terms.

🔇 Additional comments (2)

CHANGELOG.md (1)

9-9: Changelog entry format is compliant.

This line meets the repository changelog requirements (section placement, semantic prefix, linked files, and PR reference).

As per coding guidelines, CHANGELOG.md entries must be under [Unreleased], include markdown links to changed files, reference (#NNN), and use a semantic prefix.

approaches/approach-private-identity.md (1)

3-3: Required cross-references are present and clear.

The approach links back to use cases and explicitly references combined patterns, matching approach-card conventions.

As per coding guidelines, approach cards must link to the addressed use case and the patterns they combine.

Also applies to: 135-137, 379-379