docs/volume-vi/sdip.md

# Sovereign Digital Identity Passport (SDIP)

## Overview

SDIP is the global cryptographic identity passport for Sovereign Central Banks, private banks, individuals, institutions, and smart contracts. It is issued by the DBIS Sovereign Identity Fabric (SIF) and extends the GBIG system from Volume V.

## Passport Structure

```typescript
SDIP = {
  entity_type: SCB | Bank | Person | Contract,
  sovereign_issuer: SCB,
  root_cert: HSM_SIGNATURE,
  pq_signature: DILITHIUM_SIGNATURE,
  expiry: YYYY-MM-DD,
  revocation_status: ACTIVE/REVOKED,
  attributes: {...}
}
```

## Trust Levels

- **TL0**: Anonymous/Unverified
- **TL1**: Verified KYC/Bank
- **TL2**: Sovereign Verified
- **TL3**: SCB/High Authority
- **TL4**: DBIS Governance-Level Access

## Lifecycle

1. Identity verification
2. Key generation inside PQ-HSM
3. Passport issuance
4. Continuous trust scoring
5. Expiration/renewal
6. Revocation

## API Endpoints

### Issue Passport
```http
POST /api/v1/sdip/issue
```

### Verify Passport
```http
GET /api/v1/sdip/verify/:passportId
```

### Get Passport
```http
GET /api/v1/sdip/:passportId
```

### Get Passports by Entity
```http
GET /api/v1/sdip/entity/:entityId
```

### Calculate Trust Score
```http
GET /api/v1/sdip/:passportId/trust-score
```

### Renew Passport
```http
POST /api/v1/sdip/:passportId/renew
```

### Revoke Passport
```http
POST /api/v1/sdip/:passportId/revoke
```

### Get Expiring Passports
```http
GET /api/v1/sdip/expiring?daysAhead=30
```

## Usage Example

```typescript
import { sdipService } from '@/core/identity/sdip';

// Issue passport
const passport = await sdipService.issuePassport({
  entityType: 'SCB',
  entityId: 'entity-id',
  sovereignIssuer: 'OMNL',
  trustLevel: 'TL3',
  validityYears: 1,
});

// Verify passport
const verification = await sdipService.verifyPassport(passport.passportId);

// Calculate trust score
const trustScore = await sdipService.calculateTrustScore(passport.passportId);
```

## Database Models

- `SovereignDigitalIdentityPassport`: Passport records with PQ signatures
- `SDIPRevocation`: Revocation records
Initial commit 2025-12-12 15:02:56 -08:00			`# Sovereign Digital Identity Passport (SDIP)`

			`## Overview`

			`SDIP is the global cryptographic identity passport for Sovereign Central Banks, private banks, individuals, institutions, and smart contracts. It is issued by the DBIS Sovereign Identity Fabric (SIF) and extends the GBIG system from Volume V.`

			`## Passport Structure`

			```typescript
			`SDIP = {`
			`entity_type: SCB \| Bank \| Person \| Contract,`
			`sovereign_issuer: SCB,`
			`root_cert: HSM_SIGNATURE,`
			`pq_signature: DILITHIUM_SIGNATURE,`
			`expiry: YYYY-MM-DD,`
			`revocation_status: ACTIVE/REVOKED,`
			`attributes: {...}`
			`}`
			```

			`## Trust Levels`

			`- TL0: Anonymous/Unverified`
			`- TL1: Verified KYC/Bank`
			`- TL2: Sovereign Verified`
			`- TL3: SCB/High Authority`
			`- TL4: DBIS Governance-Level Access`

			`## Lifecycle`

			`1. Identity verification`
			`2. Key generation inside PQ-HSM`
			`3. Passport issuance`
			`4. Continuous trust scoring`
			`5. Expiration/renewal`
			`6. Revocation`

			`## API Endpoints`

			`### Issue Passport`
			```http
			`POST /api/v1/sdip/issue`
			```

			`### Verify Passport`
			```http
			`GET /api/v1/sdip/verify/:passportId`
			```

			`### Get Passport`
			```http
			`GET /api/v1/sdip/:passportId`
			```

			`### Get Passports by Entity`
			```http
			`GET /api/v1/sdip/entity/:entityId`
			```

			`### Calculate Trust Score`
			```http
			`GET /api/v1/sdip/:passportId/trust-score`
			```

			`### Renew Passport`
			```http
			`POST /api/v1/sdip/:passportId/renew`
			```

			`### Revoke Passport`
			```http
			`POST /api/v1/sdip/:passportId/revoke`
			```

			`### Get Expiring Passports`
			```http
			`GET /api/v1/sdip/expiring?daysAhead=30`
			```

			`## Usage Example`

			```typescript
			`import { sdipService } from '@/core/identity/sdip';`

			`// Issue passport`
			`const passport = await sdipService.issuePassport({`
			`entityType: 'SCB',`
			`entityId: 'entity-id',`
			`sovereignIssuer: 'OMNL',`
			`trustLevel: 'TL3',`
			`validityYears: 1,`
			`});`

			`// Verify passport`
			`const verification = await sdipService.verifyPassport(passport.passportId);`

			`// Calculate trust score`
			`const trustScore = await sdipService.calculateTrustScore(passport.passportId);`
			```

			`## Database Models`

			- `SovereignDigitalIdentityPassport`: Passport records with PQ signatures
			- `SDIPRevocation`: Revocation records