Technical Alignment for WEB-ID Global Guard — Zero-Data Identity Infrastructure #14
Description
Hi Lukas , great connecting with you.
I’m currently building WEB-ID Global Guard, a decentralized identity infrastructure designed to eliminate fake accounts, email spoofing, online impersonation, digital extortion, and anonymous threats — all without storing any personal data.
The architecture is based on:
Client-side encrypted identity vaults (no server data storage)
Zero-Knowledge Proof authentication
Pairwise Decentralized Identifiers
Invisible time-based authentication codes (locally computed)
WebAuthn passkeys for passwordless login
Short-lived unlinkable session tokens
Distributed verification without central identity databases
Every user has a global identity code, but platforms only receive proof that a user is “real” — not who they are.
Identity remains fully private, unless a crime is legally verified and a court order is issued.
The core mission:
Trust without data — real identity, without sharing or storing personal details.
Technical alignment question
Before going deeper, I want to check whether your experience aligns with this type of infrastructure.
In 8–10 sentences, tell me how you would architect:
A zero-stored-data login system using WebAuthn + ZKPs
A method to generate unlinkable pairwise identifiers across multiple services
A server validation layer that verifies identity without ever receiving raw credentials, personal data, or visible authentication secrets
A strategy to ensure token freshness, replay-attack resistance, and unlinkability
No pitch required — just your technical approach.
If the answer aligns with the architecture vision, we can talk partnership or deeper collaboration.
Reference note (important)
BTW — I recently studied an older but valuable AWS proof-of-concept by aaronbrighton that successfully implemented passwordless authentication using WebAuthn/FIDO2 with Amazon Cognito + Lambda Custom Challenges, without using a traditional Node.js backend.
This confirms two things:
Cognito can act as a Relying Party for WebAuthn.
WebAuthn flows can be implemented serverlessly via Lambda Triggers and SimpleWebAuthn.
This implementation isn’t production-ready, and Cognito has field limitations (e.g., restricted authenticator data length and max keys per identity), but it’s extremely useful as a conceptual reference for challenge/response flows, registration, and authenticator activation.
For WEB-ID Global Guard, Cognito makes sense as a federated access layer, but core identity, encrypted vaults, ZKP validation, and unlinkable DID logic must stay independent, outside Cognito.
If this is interesting and your background fits those problem spaces, I’d love to explore how we can build the core identity engine and onboarding MVP together.
Cheers,
Georges Malki
Founder – WEB-ID Global Guard
georges.malki@outlook.com