Admin Flow
How operators manage passports through their lifecycle
This page explains the administrative operations available to authorized operators, including minting passports, appending events, verification, transfers, and revocation.
1. Roles & Permissions
Asset Issuer
Can mint new passports and bind initial attributes.
Verifier Node
Neutral verification entity. Can sign verification events with cryptographic attestation.
CER Institute
Authority-backed verifier operating under formal standards. Adds institutional weight to verifications.
Custodian
Current holder of an asset. Can grant viewer access and initiate transfers.
Viewer
Consent-granted access to view passport data. Time-limited and scope-limited.
Admin Operator
System administrator. Can manage status, handle disputes, and process revocations.
2. Minting a Passport
Who Can Mint
Only authorized Asset Issuers can mint new passports. Issuers are registered nodes with cryptographic credentials managed through the system's allowlist.
Required Fields
- Asset type (diamond, vehicle, machinery, etc.)
- Schema version
- Initial attributes (type-specific)
- Issuer signature
{
"action": "mint_passport",
"issuer": "issuer_node_a1b2c3",
"assetType": "diamond",
"schemaVersion": "1.0",
"attributes": {
"carat": 2.15,
"cut": "excellent",
"color": "D",
"clarity": "VVS1"
},
"signature": "sig_ecdsa_..."
}
// Output:
{
"passportId": "psp_7f8a9b2c4d6e",
"status": "active",
"mintedAt": "2025-01-21T10:30:00Z"
}3. Appending Events
Who Can Append
Different event types require different authorization levels:
- Provenance:Asset Issuer only
- Verification:Verifier Node or CER Institute
- Service:Authorized service nodes
- Transfer:Current custodian (with consent)
- Status:Admin Operator only
Append-Only Guarantee
4. Verification
The system supports two verification modes. Both produce signed attestations, but with different authority claims.
Verifier Node
Default Mode- Neutral, decentralized verification
- Cryptographic signature attestation
- No institutional authority claims
- Open verifier registration
{
"verifier": {
"nodeId": "verifier_node_001",
"type": "verifier_node"
},
"attestation": {
"verified": true,
"grade": "pass"
},
"signature": "sig_ecdsa_..."
}CER Institute
Authority-Backed- Operates under formal standards
- Adds institutional weight
- Same cryptographic signing
- Curated registration process
{
"verifier": {
"nodeId": "cer_institute_igi",
"type": "cer_institute",
"authority": "IGI Certified"
},
"attestation": {
"verified": true,
"grade": "certified",
"certificateRef": "IGI:LG12345"
},
"signature": "sig_ecdsa_..."
}Important Clarification
5. Transfer / Custody Change
No PII Stored
Transfers use node references only. No names, addresses, or personal data.
Consent Required
Current custodian must explicitly authorize every transfer.
Access Control
New custodian receives passport; viewers must re-request access.
{
"action": "transfer_custody",
"passportId": "psp_7f8a9b2c4d6e",
"from": {
"nodeRef": "custodian_a1b2"
},
"to": {
"nodeRef": "custodian_c3d4"
},
"consentProof": "consent_signed_...",
"timestamp": "2025-01-22T14:00:00Z"
}6. Revocation
When Allowed
- Asset destroyed or lost permanently
- Legal requirement for data deletion
- Discovered to be fraudulent
- Owner-requested removal (with authorization)
What Gets Deleted
- - Detailed attribute values
- - Full event content
- - Any linked metadata
What Remains
- - Passport ID (tombstoned)
- - Existence proof hash
- - Event count and hashes
- - Revocation timestamp
Cannot Fully Erase
7. Audit & Logs
Every administrative action is logged in an immutable audit trail:
- ✓Who performed the action (node ID)
- ✓What action was taken
- ✓When it occurred (timestamp)
- ✓Cryptographic signature
No Silent Changes