Attestations are the core functionality for how the Shyft Network provides assurances around KYC data and the methodologies for sharing that data between VASPs.
When a Trust Anchor (that is, an entity the network inherently trusts without the need to derive it) has data about a user that’s available for sharing, that data is kept confidential, and only an attestation is published declaring that the information in question exists. The attestation is pseudonymous (attached to a users network address rather than any more recognizable form of their identity), and generally restricted to metadata about the information it contains. The metadata is encrypted with a user-controlled key, so that users can restrict access to the metadata, to entities that they consent to share it with. This degree of user control also makes it harder for an attacker to use social engineering or data mining attacks to obtain private information.
The attestation structure is also flexible. A certification body can easily use it to publish an attestation that a trust anchor is in compliance with a particular standard for the protection of confidential data, or an industry group could certify that they meet other standards for the accuracy of the records they provide.