5 files changed, 40 insertions, 10 deletions
diff --git a/identity/bare.go b/identity/bare.go
index 5aaa0166..c54277a0 100644
--- a/identity/bare.go
+++ b/identity/bare.go
@@ -169,6 +169,11 @@ func (i *Bare) Commit(repo repository.Repo) error {
 	return nil
 }
 
+func (i *Bare) CommitAsNeeded(repo repository.Repo) error {
+	// Nothing to do, everything is directly embedded
+	return nil
+}
+
 // IsProtected return true if the chain of git commits started to be signed.
 // If that's the case, only signed commit with a valid key for this identity can be added.
 func (i *Bare) IsProtected() bool {
diff --git a/identity/common.go b/identity/common.go
index 00feaa2d..2f2b9042 100644
--- a/identity/common.go
+++ b/identity/common.go
@@ -29,7 +29,6 @@ func UnmarshalJSON(raw json.RawMessage) (Interface, error) {
 	err := json.Unmarshal(raw, &aux)
 	if err == nil && aux.Id() != "" {
 		return aux, nil
-		// return identityResolver.ResolveIdentity(aux.Id)
 	}
 
 	// abort if we have an error other than the wrong type
diff --git a/identity/identity.go b/identity/identity.go
index 725362f9..a0800bcd 100644
--- a/identity/identity.go
+++ b/identity/identity.go
@@ -241,15 +241,7 @@ func (i *Identity) AddVersion(version *Version) {
 func (i *Identity) Commit(repo repository.Repo) error {
 	// Todo: check for mismatch between memory and commited data
 
-	needCommit := false
-	for _, v := range i.versions {
-		if v.commitHash == "" {
-			needCommit = true
-			break
-		}
-	}
-
-	if !needCommit {
+	if !i.NeedCommit() {
 		return fmt.Errorf("can't commit an identity with no pending version")
 	}
 
@@ -313,6 +305,23 @@ func (i *Identity) Commit(repo repository.Repo) error {
 	return nil
 }
 
+func (i *Identity) CommitAsNeeded(repo repository.Repo) error {
+	if !i.NeedCommit() {
+		return nil
+	}
+	return i.Commit(repo)
+}
+
+func (i *Identity) NeedCommit() bool {
+	for _, v := range i.versions {
+		if v.commitHash == "" {
+			return true
+		}
+	}
+
+	return false
+}
+
 // Merge will merge a different version of the same Identity
 //
 // To make sure that an Identity history can't be altered, a strict fast-forward
@@ -379,6 +388,10 @@ func (i *Identity) Merge(repo repository.Repo, other *Identity) (bool, error) {
 func (i *Identity) Validate() error {
 	lastTime := lamport.Time(0)
 
+	if len(i.versions) == 0 {
+		return fmt.Errorf("no version")
+	}
+
 	for _, v := range i.versions {
 		if err := v.Validate(); err != nil {
 			return err
@@ -391,6 +404,11 @@ func (i *Identity) Validate() error {
 		lastTime = v.time
 	}
 
+	// The identity ID should be the hash of the first commit
+	if i.versions[0].commitHash != "" && string(i.versions[0].commitHash) != i.id {
+		return fmt.Errorf("identity id should be the first commit hash")
+	}
+
 	return nil
 }
 
diff --git a/identity/identity_stub.go b/identity/identity_stub.go
index 6788ce33..e91600b0 100644
--- a/identity/identity_stub.go
+++ b/identity/identity_stub.go
@@ -80,6 +80,10 @@ func (IdentityStub) Commit(repo repository.Repo) error {
 	panic("identities needs to be properly loaded with identity.ReadLocal()")
 }
 
+func (i *IdentityStub) CommitAsNeeded(repo repository.Repo) error {
+	panic("identities needs to be properly loaded with identity.ReadLocal()")
+}
+
 func (IdentityStub) IsProtected() bool {
 	panic("identities needs to be properly loaded with identity.ReadLocal()")
 }
diff --git a/identity/interface.go b/identity/interface.go
index 1d534eb8..55877c02 100644
--- a/identity/interface.go
+++ b/identity/interface.go
@@ -30,6 +30,10 @@ type Interface interface {
 	// the Id is properly set.
 	Commit(repo repository.Repo) error
 
+	// If needed, write the identity into the Repository. In particular, this
+	// ensure that the Id is properly set.
+	CommitAsNeeded(repo repository.Repo) error
+
 	// IsProtected return true if the chain of git commits started to be signed.
 	// If that's the case, only signed commit with a valid key for this identity can be added.
 	IsProtected() bool