Julian Waters-Lynch
Atrium · Functional local prototype

Pseudonymous participation, without losing accountability.

Atrium is identity infrastructure for bounded institutions: courses, journals, research communities, DAOs, and AI-agent delegation contexts where people need continuity and protection at the same time.

A participant can be verified once, appear through a context-specific pseudonym, and leave signed provenance that survives restart. Real identity stays shielded by default; reveal requires an explicit governance process.

Paper to product

The submitted paper gives the design logic; the product makes it operable.

Atrium grows out of Accountable Pseudonymity: Identity Regimes as Organisational Design, a manuscript submitted to the Journal of Organization Design. The product is not anonymous accounts or decentralized identity. It is institutional middleware for deciding what an organization legitimately needs to know at each boundary: what can be verified, what remains shielded, what must be remembered, and what process can justify disclosure.

Institutional fit

Bounded contexts before internet identity.

Start with courses, journals, and peer review, where eligibility, continuity, shielding, and sanction procedures are already real institutional problems.

Technical posture

Keys and signed records, not blockchains.

The useful primitives are scoped keypairs, bounded credentials, tamper-evident logs, and reviewable approvals. The system does not need a public chain to be auditable.

Governance layer

Governance starts with evidence, not identity.

Serious cases begin with content, context, and signed records. Identity reveal is exceptional, justified, logged, reviewable, and reversible where possible.

Interface model

Two surfaces: participation and infrastructure.

Participants see a calm pseudonymous layer. Institutional operators see the bounded context underneath: policies, claims, logs, integrations, and governed cases.

Seminar Pilot

Student · Instructor · Governance
Course identity setupvisible: pseudonym
Seminar discussionsigned post
Peer-review submissionscoped reviewer
Moderation queuecontent first
Reveal requestgoverned only

Atrium Operator

Operations · Config · Institution
Platform overviewbounded contexts
Identity regime builderv0.4 diff
Pseudonym policyanti-correlation
Credentials matrixselective disclosure
Governance open caseco-signed action
Selective disclosure

The identity surface changes by role.

Claim or surface Peer Instructor Moderator Governance Vault
Course pseudonym Visible Visible Visible Visible Mapped
Verified enrollment Not shown Yes/no Yes/no Evidence Source
Legal identity Shielded Shielded Shielded Governed reveal Stored
Signed action history Scoped Context only Context only Evidence packet No content body
Provenance

Tamper evidence without a public chain.

Events are append-only, signed by the acting authority, and chained to prior records. External systems receive references and snapshots, not identity mappings or raw private bodies by default.

event 0142 action.post.created
actor: psn_ctx_sem204_7f3a
sig: ed25519:7d9a...12bf
prev: h:9f44...a833
hash: h:0b18...d2c1

event 0143 credential.presented
claim: enrolled:SEM204
disclosed_to: runtime
hash: h:408d...aa91

snapshot 0012 co-signed
period: week_07
root: merkle:bb71...098f
Build status

The architecture is specified; the local regime now runs end to end.

Current build package

The local Atrium v0 lab now exercises the seven-layer regime: proofing, vault mapping, context-bound pseudonyms, credentials, signed runtime actions, hash-chained provenance, and governed reveal.

Proofing Vault Pseudonyms Credentials Runtime Provenance SQLite persistence Reveal

Next useful prototype

The next step is extracting the lab into an open-source atrium-core package: normalized storage, encrypted vault fields, versioned governance policies, real auth adapters, and CI tests for restart, anti-correlation, and governed reveal.