Integration Overview
The Document Vault supports institutional integration, allowing authorized organizations to request, verify, and access user documents through a structured workflow. This section covers how institutions interact with the vault and what integration options are available.
What Institutions Can Do
Institutions integrated with the Hadinet Document Vault can:
- Request document access from users for verification purposes (e.g., KYC compliance).
- Verify document attestations by checking on-chain records for authenticity and attestation status.
- Receive time-limited access to specific documents when users approve access requests.
- Integrate verification results into their own compliance and onboarding workflows.
Integration Architecture
┌─────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Institution │ │ Hadinet │ │ User's Vault │
│ Application │────>│ Platform │────>│ (TEE + IPFS) │
│ │ │ │ │ │
│ 1. Request │ │ 2. Route │ │ 3. User sees │
│ document │ │ request │ │ request │
│ access │ │ to user │ │ │
│ │<────│ │<────│ 4. User approves│
│ 6. Receive │ │ 5. Grant access │ │ or denies │
│ document │ │ via TEE │ │ │
└─────────────────┘ └──────────────────┘ └──────────────────┘
Institution Registration
Before integrating with the Document Vault, institutions must register with the Hadinet platform. The general process involves:
- Register on the Hadinet platform: Provide organizational details and intended use case.
- Obtain credentials: Receive authentication credentials and a registered institutional DID.
- Agree to data handling terms: Acknowledge and agree to Hadinet's data sovereignty and privacy requirements.
Institutional DID
Each registered institution receives a did:key identifier that is:
- Published on-chain as a verified institutional identity.
- Displayed to users when access requests are made, so users can verify who is requesting their documents.
- Used for all authentication and access grant records.
Access Request Flow
1. Institution Requests Access
The institution submits an access request specifying:
- The user's DID or wallet address
- The document type needed (e.g., "identity", "financial")
- The purpose of the request (displayed to the user)
- The requested access duration
2. User Receives Request
The user sees the access request in their vault interface, including:
- The institution's verified name and DID
- The document type requested
- The stated purpose
- The requested access duration
3. User Decides
The user can:
- Approve: Grant time-limited access to the requested document.
- Deny: Reject the request. The institution is notified but given no further information.
4. Access Granted (If Approved)
If approved:
- The TEE makes the document accessible to the institution for the specified duration.
- An on-chain access grant record is created.
- The institution is notified and can retrieve the document.
5. Document Retrieval
The institution retrieves the document through the Hadinet platform. The TEE handles decryption on behalf of the institution using their registered credentials.
Compliance Considerations
Institutions using the vault must comply with:
- User consent: Access is granted only through explicit user approval. There is no bulk access or administrative override.
- Data minimization: Request only the document types necessary for your use case.
- Retention limits: Document access is time-limited. Do not cache or store decrypted documents beyond the access window.
- Audit trail: All access events are recorded on-chain and visible to the user.
Next Steps
- Verification Workflows -- Detailed verification workflow documentation.
- Compliance -- Regulatory compliance considerations.