Unified Security Model: The aid|lid couplet successfully unifies all desirable identifier properties into a single coherent system—security from the AID component, human meaningfulness from the LID component, and verifiable connection through the authorization mechanism.

Historical Context

The Zooko's Triangle Problem

Traditional identifier systems have struggled with fundamental trade-offs. Zooko's triangle (named after Zooko Wilcox-O'Hearn) posits that identifier systems can achieve at most two of three properties:

1. Human-meaningful: Easy for humans to remember and use
2. Secure: Resistant to impersonation and spoofing
3. Decentralized: No central authority required

Historically, systems chose different compromises:

• DNS/CA systems: Human-meaningful and somewhat decentralized, but not truly secure (vulnerable to DNS hijacking, BGP attacks, CA compromise)
• Public key identifiers: Secure and decentralized, but not human-meaningful (long cryptographic strings)
• Blockchain name systems: Attempted all three but with significant limitations in scalability and true decentralization

Problems with Human-Meaningful Identifiers

Human-meaningful identifiers suffer from two fundamental limitations:

Scarcity: Human-meaningful names are inherently limited resources, leading to:

• Name squatting and domain speculation
• Race conditions during registration
• Competition for desirable names
• Namespace conflicts across different systems

Lack of Inherent Security: Human-meaningful identifiers possess no cryptographic security properties:

• Insecure by default
• Vulnerable to impersonation and spoofing
• Dependent on external security mechanisms
• Cannot provide cryptographic verification

Traditional solutions attempted to secure human-meaningful identifiers through external infrastructure (Certificate Authorities, DNS security extensions), but these approaches introduced centralization, cost, and new attack vectors.

KERI's Approach

The aid|lid Couplet Model

KERI resolves Zooko's triangle not by compromising on any property, but by recognizing that the properties can be separated into complementary identifier types that work together. The aid|lid couplet model provides:

Primary Identifier Layer (AID):

• Self-certifying cryptographic identifiers
• Provides security through cryptographic one-way functions
• Enables decentralized control via private key management
• Forms trust domains for associated statements
• Not human-meaningful but universally verifiable

Secondary Identifier Layer (LID):

• Human-meaningful identifiers (usernames, domain names, etc.)
• Provides application-specific usability
• Secured within the AID's trust domain
• Can be displayed without cryptographic encumbrance
• Legitimized through verifiable authorization

Authorization Bridge:

• End-verifiable cryptographic authorization
• Binds the LID to the AID's trust domain
• Represented by the pipe operator (|) in the aid|lid notation
• Enables the LID to inherit security properties from the AID

Trust Domain Establishment

An AID creates a trust domain through its self-certifying properties and associated Key Event Log. Within this trust domain:

1. Cryptographic Root-of-Trust: The AID provides a verifiable cryptographic foundation
2. Non-Repudiable Statements: All statements within the trust domain are cryptographically attributable
3. Verifiable Authorizations: The AID controller can issue verifiable authorizations for LIDs
4. Context Provision: The trust domain provides interpretive context for LIDs

Legitimization Process

The process of legitimizing a human-meaningful identifier involves:

Authorization Creation: The AID controller creates a cryptographically signed authorization that binds a specific human-meaningful identifier to their AID. This authorization is itself a verifiable statement within the AID's trust domain.

Trust Domain Association: The human-meaningful identifier becomes associated with the AID's trust domain through this authorization. The identifier is now a legitimized identifier (LID) rather than an unsecured human-meaningful string.

Verification Path: Verifiers can cryptographically verify the authorization chain from the LID back to the AID, and from the AID to its cryptographic root-of-trust in the KEL.

Context-Dependent Display: In contexts where the AID's trust domain is established (through prior verification or system design), the LID can be displayed alone without the AID being visually present. The security guarantees remain because the trust domain context provides the cryptographic foundation.

Separation from Traditional PKI

Unlike traditional PKI systems that attempt to secure human-meaningful identifiers through Certificate Authorities:

No Central Authority Required: The AID's self-certifying properties eliminate the need for trusted third parties to establish the binding between identifier and keys.

Portable Security: The aid|lid couplet is not locked to any specific infrastructure. The security travels with the identifiers through the cryptographic binding.

End-Verifiable: Validators can verify the entire chain from LID to AID to cryptographic root-of-trust without trusting intervening infrastructure.

Rotation Resilience: KERI's pre-rotation mechanism ensures that key rotations don't break the security chain, unlike traditional PKI where certificate reissuance creates vulnerability windows.

Practical Implications

Use Cases

Human-Friendly Credential Systems: ACDC credentials can use LIDs for human-readable subject identifiers while maintaining cryptographic security through the underlying AID infrastructure. For example, a professional credential might display "Dr. Jane Smith" (LID) while being cryptographically bound to her AID.

Organizational Hierarchies: The vLEI ecosystem uses aid|lid couplets to represent legal entities with both their human-meaningful legal names (LIDs) and cryptographically verifiable LEI credentials (secured by AIDs).

Application-Specific Naming: Different applications can use different LIDs for the same AID, providing context-appropriate human-meaningful identifiers while maintaining a single cryptographic identity foundation.

Cross-Domain Identity: A single AID can legitimize multiple LIDs across different domains (professional, personal, pseudonymous), each appropriate to its context while sharing the same security foundation.

Benefits

Unified Security and Usability: The aid|lid model eliminates the traditional trade-off between security and usability. Users get human-meaningful identifiers with cryptographic security guarantees.

Flexible Display Options: Systems can choose to display just the LID (when trust domain is established), just the AID (when cryptographic verification is primary), or both (when explicit binding needs to be shown).

Namespace Flexibility: Different applications can use different LID namespaces without affecting the underlying AID security. The same AID can have a username LID in one system, a domain name LID in another, and a legal name LID in a third.

Verifiable Authorization Chains: The authorization mechanism creates auditable trails of how LIDs are legitimized, supporting compliance and governance requirements.

Scalability: The model scales to arbitrary numbers of LIDs per AID and arbitrary numbers of AIDs in a system, without centralized coordination.

Trade-offs and Considerations

Complexity for Implementers: Systems must implement both AID infrastructure and LID authorization mechanisms. This is more complex than simple username systems but provides significantly stronger security.

User Education: Users must understand that their "real" identifier is the AID, with LIDs being authorized aliases. This conceptual model differs from traditional username-based systems.

Authorization Management: Controllers must manage which LIDs are authorized for their AIDs, including revocation when LIDs should no longer be valid. This requires KEL and potentially TEL infrastructure.

Context Establishment: For LIDs to be displayed without AIDs, the system must establish trust domain context. This requires careful UX design to ensure users understand the security model.

LID Uniqueness: While AIDs are globally unique through cryptographic derivation, LIDs may have namespace collisions. Systems must handle cases where the same LID is legitimized by different AIDs in different contexts.

Integration with KERI Infrastructure

The aid|lid model integrates with KERI's broader infrastructure:

KEL Foundation: The AID's Key Event Log provides the cryptographic foundation for the trust domain that legitimizes LIDs.

ACDC Credentials: ACDCs can include LIDs in their attribute sections while maintaining cryptographic binding to AIDs in their identifier fields.

OOBI Discovery: Out-of-band introductions can associate both AIDs and their legitimized LIDs, enabling discovery through human-meaningful names.

Witness Infrastructure: Witnesses that maintain KELs for AIDs indirectly support the LID authorization infrastructure by ensuring the availability of the trust domain foundation.

Delegation Hierarchies: Delegated AIDs can legitimize LIDs within their delegated authority scope, creating hierarchical naming structures with cryptographic security at each level.

Governance and Policy

The aid|lid model enables sophisticated governance approaches:

Authorization Policies: Organizations can define policies for which types of LIDs can be legitimized by which AIDs, supporting role-based access control and organizational hierarchies.

Revocation Mechanisms: LID authorizations can be revoked through TEL infrastructure, enabling dynamic management of human-meaningful identifier associations.

Audit Trails: The cryptographic authorization chain creates immutable audit trails of LID legitimization, supporting compliance and forensic analysis.

Multi-Stakeholder Governance: Different stakeholders can legitimize different LIDs for the same AID, supporting federated identity scenarios where multiple authorities have legitimate interests in naming.

Conclusion

The legitimized human-meaningful identifier concept represents a fundamental advance in identifier system design. By separating security concerns (handled by AIDs) from usability concerns (handled by LIDs) and connecting them through verifiable authorization, KERI's aid|lid model achieves what Zooko's triangle suggested was impossible: identifiers that are simultaneously human-meaningful, secure, and decentralized.

This approach enables practical identity systems where users work with familiar, human-readable identifiers while maintaining the strongest possible cryptographic security guarantees. The model's flexibility supports diverse use cases from personal identity to organizational hierarchies to cross-domain federated identity, all built on a unified cryptographic foundation.

Performance Considerations

The aid|lid model requires:

• Efficient caching of AID verification results to avoid repeated KEL verification
• Optimized authorization credential lookup mechanisms
• Consideration of offline verification scenarios
• Balance between security verification and user experience latency