Bounded contexts before internet identity.
Start with courses, journals, and peer review, where eligibility, continuity, shielding, and sanction procedures are already real institutional problems.
Atrium · Working name
Pseudonymous participation, without losing accountability.
Atrium is identity infrastructure for bounded institutions: courses, journals, research communities, DAOs, and AI-agent delegation contexts where people need continuity and protection at the same time.
A participant can be verified once, appear through a context-specific pseudonym, and leave signed provenance. Real identity stays shielded by default; reveal requires an explicit governance process.
Paper to product
The paper gives the design logic; the product makes it operable.
Atrium grows out of Identity Regimes as Organization Design, a manuscript on accountable pseudonymity in digital organizations. The product is not anonymous accounts or decentralized identity. It is institutional middleware for deciding what an organization legitimately needs to know at each boundary: what can be verified, what remains shielded, what must be remembered, and what process can justify disclosure.
Keys and signed records, not blockchains.
The useful primitives are scoped keypairs, bounded credentials, tamper-evident logs, and reviewable approvals. The system does not need a public chain to be auditable.
Governance starts with evidence, not identity.
Serious cases begin with content, context, and signed records. Identity reveal is exceptional, justified, logged, reviewable, and reversible where possible.
Interface model
Two surfaces: participation and infrastructure.
Participants see a calm pseudonymous layer. Institutional operators see the bounded context underneath: policies, claims, logs, integrations, and governed cases.
Seminar Pilot
Student · Instructor · GovernanceCourse identity setupvisible: pseudonym
Seminar discussionsigned post
Peer-review submissionscoped reviewer
Moderation queuecontent first
Reveal requestgoverned only
Atrium Operator
Operations · Config · InstitutionPlatform overviewbounded contexts
Identity regime builderv0.4 diff
Pseudonym policyanti-correlation
Credentials matrixselective disclosure
Governance open caseco-signed action
Selective disclosure
The identity surface changes by role.
| Claim or surface | Peer | Instructor | Moderator | Governance | Vault |
|---|---|---|---|---|---|
| Course pseudonym | Visible | Visible | Visible | Visible | Mapped |
| Verified enrollment | Not shown | Yes/no | Yes/no | Evidence | Source |
| Legal identity | Shielded | Shielded | Shielded | Governed reveal | Stored |
| Signed action history | Scoped | Context only | Context only | Evidence packet | No content body |
Provenance
Tamper evidence without a public chain.
Events are append-only, signed by the acting authority, and chained to prior records. External systems receive references and snapshots, not identity mappings or raw private bodies by default.
event 0142 action.post.created actor: psn_ctx_sem204_7f3a sig: ed25519:7d9a...12bf prev: h:9f44...a833 hash: h:0b18...d2c1 event 0143 credential.presented claim: enrolled:SEM204 disclosed_to: runtime hash: h:408d...aa91 snapshot 0012 co-signed period: week_07 root: merkle:bb71...098f
Build status
The architecture is specified; the first pilot should stay small.
Current build package
The local product folder specifies the seven infrastructure layers, backend build plan, test plan, design package, and a frontend bridge mapping operator screens back to system contracts.
Next useful prototype
A local v0 should implement one bounded context: create a course, verify a roster participant, issue a course pseudonym, post signed content, append provenance events, and open a governed review case without exposing identity by default.