Do you authenticate identities in the HAT? How would an SSI verify or allow third party verification of data in the HAT?