Identity Authority (IA)
An Identity Authority (IA) is a service that verifies a user's ownership of a legacy account (like Discord, X, or Email) and issues cryptographic proof of that ownership on the Nostr network.
Role of an IA
An IA bridges the gap between traditional social platforms and the permissionless Nostr network.
When a user wants to link their Discord account to their Nostr public key, they cannot simply claim it — other network participants need proof. An IA provides this by:
- Facilitating the login flow (OAuth or OTP) with the provider.
- Generating encrypted evidence of the verification.
- Signing a cryptographic attestation and publishing it to the network.
Trust Model
The protocol operates on a Federated Trust Model:
- Zapf is an open protocol — anyone can run an independent IA server. There is no central gatekeeper.
- Wallet clients and apps choose which IAs they trust to accurately verify identities.
For example, if an independent developer runs a "Community IA", users of a different wallet could configure it to trust that Community IA.
Multi-IA Stacking
By linking verifications from multiple sources (like Discord and X), users build an un-spoofable, portable identity that stays with them across the entire internet.
A user's Identity Connection can embed proofs from multiple different IAs, all attesting to the same legacy account. This provides resilience: if one IA goes offline or is compromised, the identity remains verifiable via the others.
The Evidence Sharing mechanism allows users to take the verification evidence generated by one IA and present it to another IA without having to re-authenticate with the provider (for OAuth-based providers).
IA Responsibilities
To be a fully compliant IA, the service must:
- Maintain high uptime for its public relay.
- Actively manage revocations if an identity changes hands or expires.
- Enforce strict identifier normalization (e.g., lowercasing emails) to prevent spoofing.