Recap: identity, registry, delegations, aliases (GeoMail)

A readable backbone: root identity, roles/capabilities, devices, national reservation, temporary IDs, and aliases/addresses.

1) The three notions not to mix

Root identity (person/org): stable, unique, managed by the town hall (registry + encrypted proofs).
Roles/functions (mayor, police, teacher, etc.): capabilities (rights) signed with scope + TTL, not a new identity.
Devices (K/H/M/S/USB): terminals linked to a root identity, multiple devices allowed.

2) Two identifier layers

Canonical ID (machine): unambiguous, not guessable (for example a public-key hash) used for signature, dedup, verification.
Human national ID: readable format such as CVCV-123456, unique at national level.

The network shows the human ID; security relies on the canonical ID.

3) National uniqueness with 30-day reservation

A town hall (Station K) can create a reservation for a human ID.
If no other town hall contests or duplicates during 30 days, the ID is locked.
Offline periods and LuckyBlock delays mean temporary conflicts may happen; they are resolved when data converges.

4) Local temporary IDs

Station K may issue a local temporary ID while waiting for the national reservation.
Example format: LID:<issuer_person_id>:<counter> (example LID:13:00421).
Once the national ID is locked we keep the mapping (LID -> national ID -> canonical ID).

5) Delegations

Avoid concatenating IDs: rely on a signed delegation.
Delegation = delegator -> delegatee + purpose + constraints + expires_at.
Examples: proxy voting, deliveries, employee acting for a company, child under parental responsibility.

6) Aliases and addresses (GeoMail)

Aliases/addresses are not unique: they are routing/UI hints.
# = individual context, @ = business/org context.
. separates subfields (Region.Subregion.City), / separates onion layers (hops).
Geo precision stays coarse (street block), opt-in with short TTL.

See also: docs/identity/Readme-alias-and-addressing.md.

7) Storage and blockchain (lightweight)

Heavy content (attachments, long text, encrypted payloads) remains off-chain (docs/files).
The blockchain anchors hashes plus short metadata (ANCHOR_MESSAGE, ANCHOR_ADDRESS_EVENT).
Every transport (USB/backhaul/radio) drops into the same inbox (spool) before the pipeline processes it.