Digital identity protocols share subscriber attributes recorded by trusted providers. Relying parties trust these providers to manage the integrity of subscriber accounts. Tim Bouma advocates for complementary protocols to verify these accounts directly:

Technologies like Nostr, decentralized data stores, and append-only logs offer a new design space—where records can be made transparent, portable, and tamper-evident. These protocols don’t just issue credentials; they enable a new form of accountability rooted in traceable action.

A successful example is Certificate Transparency: trusted WebPKI providers append each issued certificate to a tlog: a transparency log. Subscribers monitor for unauthorised changes, auditors monitor for standards compliance, and relying parties enforce tlog inclusion.

This approach works well for public data. Protecting personal data is more challenging.