Zero custodial risk. Total custody.
You retain ownership of identity and keys at all times. SymmetriQ never holds credentials and never sees key material.
Hardware-bound keys
HSM, TPM 2.0 or Secure Enclave. Private keys never leave silicon.
Strong auth chain
Azure AD MFA → Keycloak policy → SymmetriQ signing policy.
Cryptographic audit
Tamper-evident log of every decision, exportable for SOC 2 and ISO 27001.
Quantum-safe roadmap
Signature agility for NIST PQC algorithms when chains adopt them.
No credential custody
Authentication remains at Azure AD; passwords never reach SymmetriQ.
Separation of duties
Identity admins, policy authors and key custodians are distinct roles.
What the model defeats.
Lost or stolen private keys
Keys never leave hardware.
Insider misuse
Policy + quorum + audit + revocation.
Compromised endpoint
MFA, device compliance signals, server-side signing.
Rogue contract calls
On-chain verifier rejects non-DID-signed transactions.
Repudiation
Cryptographic, tamper-evident audit trail.
Stale access after offboarding
Real-time revocation propagated to every consumer.
FIPS 140-2/3
SOC 2 · ISO 27001
W3C DID Core
OIDC · SAML · OAuth 2.0