diff --git a/Makefile b/Makefile index 33f5aa4..e1914ad 100644 --- a/Makefile +++ b/Makefile @@ -39,8 +39,8 @@ populate-remote-sandbox: ## Generate random DIDs in remote sandbox (RR_SCHEMA, R zenroom -z client/v1/sandbox/create-identity-pubkeys.zen \ > /tmp/new-id-pubkeys.json 2>/dev/null @jq --arg value $$(($$(date +%s%N)/1000000)) '.timestamp = $$value' /tmp/new-id-pubkeys.json > /tmp/new-id-pubkeys-tmp.json && mv /tmp/new-id-pubkeys-tmp.json /tmp/new-id-pubkeys.json - zenroom -z client/v1/sandbox/pubkeys-request.zen \ - -a /tmp/new-id-pubkeys.json -k /tmp/controller-keyring.json \ + zenroom -a /tmp/new-id-pubkeys.json -k /tmp/controller-keyring.json \ + -z client/v1/sandbox/pubkeys-request.zen \ > /tmp/pubkeys-request.json 2>/dev/null ./restroom-test -s ${RR_SCHEMA} -h ${RR_HOST} -p ${RR_PORT} -u v1/sandbox/pubkeys-accept.chain -a /tmp/pubkeys-request.json | jq . @@ -77,4 +77,4 @@ update-npm: clean: ## Clean all NodeJS dependencies $(info Cleaning all dependencies - need a new install-deps) @rm -rf node_modules package-lock.json - @rm -rf restroom/node_modules restroom/package-lock.json + @rm -rf restroom/node_modules restroom/package-lock.json \ No newline at end of file diff --git a/README.md b/README.md index bac2280..83b40e8 100644 --- a/README.md +++ b/README.md @@ -18,39 +18,35 @@ Users need not to run a DID, but can use our official instance at https://did.dy To run a local instance however, make sure npm is installed and use: ``` make install-deps -make setup-local make run-local ``` -To generate DID documents one needs a registered EDDSA public key to be listed as admin did, i.e: `did:dyne:operator` +To generate DID documents one needs registered ECDH and EDDSA public keys to be listed inside an admin DID document, i.e: `did:dyne:DID-spec.A` or `did:dyne:admin`. -To run simple tests one can generate a fake key: `zenroom -z private_contracts/fake_keygen.zen > client_keyring.json` +To run simple tests one can generate a fake keyring: +``` +zenroom -k client/v1/did-setting.json -z client/v1/sandbox/sandbox-keygen.zen > sandbox-admin-keyring.json` +``` +that is associated to the DID document whose DID id [did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ](/data/sandbox/A/8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ). -This fake key is able to write inside `did:dyne:sandbox` for testing purposes (saved data will be lost once in a while!) +This fake keyring is able to write inside `did:dyne:sandbox` for testing purposes (saved data will be lost once in a while!) To test the creation of a DID document on the local running instance: ``` -make run-local +make generate-sandbox-did-local ``` ## DID document specs -We call "DID spec" any word following the `did:dyne:` namespace. DID specs are governed by specific [contracts subdirectories](/contracts) carrying the same name. +We call "DID spec" any word following the `did:dyne:` namespace. DID specs are governed by specific [contracts subdirectories](/api/v1) carrying the same name. -Our DID implementation makes available some base DID specs to enable authenticated operators (`did:dyne:operator`) to register generic DID documents (`did:dyne:generic`). +Any "DID spec" has one or more admins that have the permission to create, update or delete the DID document under their "DID spec". These admins can be recognized from their DID, indeed it will be of the from `did:dyne:DID-spec.A:` and they will govern all the DID documents whose DID starts with `did:dyne:DID-spec:`. -We have also project specific implementations that introduce ad-hoc schemas like `did:dyne:zenflows`) manages DIDs for the `did:dyne:ifacer` namespace. +For example `did:dyne:zenflows.A` manages DIDs for the `did:dyne:zenflows:` namespace. -So far we have: - -| did spec | admin spec | -|:--------:|:----------:| -| generic | operator | -| ifacer | zenflows | -| sandbox | (fake) | - -The special `did:dyne:elohim` spec is the one governing all admin specs and can create, update and delete admins. +The special `did:dyne:admin` spec is the one governing all admin specs and can create, update and delete admins. + diff --git a/data/sandbox/.keep b/data/sandbox/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/docs/README.md b/docs/README.md index 03c2428..257dce2 100644 --- a/docs/README.md +++ b/docs/README.md @@ -10,18 +10,18 @@ In this documentation, we will provide an overview of the decentralized identity Thank you for choosing our decentralized identity solution. We hope that it empowers you to take control of your own identity and personal data. -## Our W3C DID implementation supports: +## Supported fields +Our W3C DID implementation supports: * A list of API endpoints, as an array “serviceEndpoint”. -* Geolocation fiels as “Country” and “State” +* Geolocation fields as “Country” and “State” * Public keys for: * Secp256k1 ECDSA, widely used for single signatures * ED25519 EDDSA widely used for single signatures * BLS381 [“Reflow”](https://medium.com/think-do-tank/reflow-crypto-material-passports-for-the-circular-economy-d75b3aa63678) [[REFLOW]], for multisignature and advanced zero-knowledge proof operations * Dilithium2, for [quantum-proof signatures](https://medium.com/think-do-tank/quantum-proof-cryptography-e23b165b3bbd) * Ethereum public addresses (“blockchainAccountId”), following the eip155 standard -* The DID whose document contains the txId on Ethereum-based blockchain ganache where the DID document was stored, stored in the string “alsoKnownAs” -* The JWS signature of the DID Document operated by the [Controller](https://did.dyne.org/docs/) inside the "proof" +* The JWS signature of the DID Document operated by an admin inside the "proof" field in order to ensure data integrity. -To have more information about the specification of our DID method you can jump to the [Specification Section](specification.md?id=specification). +To have more information about the specification of our DID method you can jump to the [Specification Section](/specification#specification). -If you are more interested in understanding what type of keys we have used inside the DID document you can visit our [Security Vocabulary](security.md). +If you are more interested in understanding what type of keys we have used inside the DID document you can visit our [Security Vocabulary](/specification#dyne-org-s-w3c-did-security-vocabulary). diff --git a/docs/index.html b/docs/index.html index decd718..6c81d3b 100644 --- a/docs/index.html +++ b/docs/index.html @@ -264,6 +264,29 @@ publisher: 'IETF', id: 'multibase', }, + RFC3986: { + title: 'Uniform Resource Identifier (URI): Generic Syntax', + date: 'January 2005', + href: 'https://www.rfc-editor.org/rfc/rfc3986', + authors: [ + 'T. Berners-Lee', + 'R. Fielding', + 'L. Masinter' + ], + status: 'Internet Standard', + publisher: 'IETF' + }, + RFC5234: { + title: 'Augmented BNF for Syntax Specifications: ABNF', + date: 'January 2008', + href: 'https://www.rfc-editor.org/rfc/rfc5234', + authors: [ + 'D. Crocker, Ed', + 'P. Overell', + ], + status: 'Internet Standard', + publisher: 'IETF' + } }, }; diff --git a/docs/security.md b/docs/security.md index 213177f..1f20553 100644 --- a/docs/security.md +++ b/docs/security.md @@ -2,8 +2,8 @@ ## Classes -### EcdsaSecp256k1VerificationKey_b64 -This class represents a linked data signature verification key. It is implemented as stated [here](https://w3c-ccg.github.io/lds-ecdsa-secp256k1-2019/) with the only difference that accepts base 64 encoded public key with the proprerty [**publicKeyBase64**](#publickeybase64). +### ReflowBLS12381VerificationKey +This class represents a linked data signature verification key. See [reflow-BLS12381 paper](https://arxiv.org/pdf/2105.14527.pdf) for more details. **Status**: *Stable* @@ -14,15 +14,16 @@ This class represents a linked data signature verification key. It is implemente ```json { - "id": "did:example:123#key1", - "type": "EcdsaSecp256k1VerificationKey_b64", + "id": "did:example:123#reflow_public_key", + "type": "ReflowBLS12381VerificationKey", "controller": "did:example:123", - "publicKeyBase64": "BMryTzTcMC42F4dOWdXM5mVAZr0dvS0jV84oBt/SQBePhxH2p3/NilU9siTfdNWv7iPcViIPDtz3JxFiQY/Gu5s=" + "publicKeyBase58": "9kPV92zSUok2Do2RJKx3Zn7ZY9WScvBZoorMQ8FRcoH7m1eo3mAuGJcrSpaw1YrSKeqAhJnpcFdQjLhTBEve3qvwGe7qZsam3kLo85CpTM84TaEnxVyaTZVYxuY4ytmGX2Yz1scayfSdJYASvn9z12VnmC8xM3D1cXMHNDN5zMkLZ29hgq631ssT55UQif6Pj371HUC5g6u2xYQ2mGYiQ6bQt1NWSMJDzzKTr9y7bEMPKq5bDfYEBab6a4fzk6Aqixr1P3" } ``` -### ReflowBLS12381VerificationKey_b64 -This class represents a linked data signature verification key. See [reflow-BLS12381 paper](https://arxiv.org/pdf/2105.14527.pdf) for more details. + \ No newline at end of file diff --git a/docs/specification.md b/docs/specification.md index 5822603..2089b4a 100644 --- a/docs/specification.md +++ b/docs/specification.md @@ -2,7 +2,12 @@ ## Abstract -The first focus for the Dyne.org's DID method was to register [Zenswarm Oracles](https://github.com/dyne/zenswarm) identities, in a way that is both machine and human readable. We have introduced some new classes and properties to cover all the public keys that we are using inside the DID document, including also a **post quantum** public key. The DID Document and the DID are respectively stored and resolved by our [Controller](https://did.dyne.org/docs/), who also notarizes the DID Document on creation, update and removal on ganache blockchain, which will soon be replaced by planetmint. +The first focus for the Dyne.org's DID method was to register [Zenswarm Oracles](https://github.com/dyne/zenswarm) identities, in a way that is both machine and human readable. We have introduced some new classes and properties to cover all the public keys that we are using inside the DID document, including also a **post quantum** public key. The DID Document and the DID are respectively stored and resolved by our [Controller](https://did.dyne.org/docs/). + + + ### State of the document @@ -17,10 +22,10 @@ A DID that uses this method *MUST* begin with the following prefix: **did:dyne** ## Method Specific Identifier -Dyne DIDs have the following format: +Dyne DIDs is a URI conformant with [[RFC3986]] specification. The ABNF definition of our DIDs can be found in the following specification which uses the syntax provided in both [[RFC5234]] and [[RFC3986]] specifications: ``` dyne-did := did:dyne:: -idspec := *(ALPHA) +idspec := *(ALPHA) *1("." ALPHA) idchar := 1*44(base58char) base58char := "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9" / "A" / "B" / "C" / "D" / "E" / "F" / "G" / "H" / "J" / "K" / "L" / "M" / "N" / "P" / "Q" @@ -30,304 +35,180 @@ base58char := "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9" / "A" / "B" / ``` For the moment the main used prefix are: -- did:dyne:oracle: thawt represent a Zenswarm Oracle and inside each Zenswarm Oracle DID document is present the field "alsoKnownAs" with value did:dyne:ganache:..., this DID can be resolved and contains the DID of the Oracle and the transaction ids in which the DID document was store on chain during creation, update and removal. -- did:dyne:controller: is used only by the Controller to differentiate its DID from the others. +- did:dyne:sandbox: that is used for testing purposes. +- did:dyne:zenflows: that is used in our [zenflows project](https://github.com/interfacerproject/zenflows) to create the user identity. +- did:dyne:zenflows.A: that is used in our [zenflows project](https://github.com/interfacerproject/zenflows) to create the back-end identity. An example of Dyne.org's DID is: ``` -did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe +did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ ``` that is associated to the following DID document: ```json { "@context":[ "https://www.w3.org/ns/did/v1", - "https://dyne.github.io/W3C-DID/specs/EcdsaSecp256k1_b64.json", - "https://dyne.github.io/W3C-DID/specs/ReflowBLS12381_b64.json", - "https://dyne.github.io/W3C-DID/specs/SchnorrBLS12381_b64.json", - "https://dyne.github.io/W3C-DID/specs/Dilithium2_b64.json", - "https://w3id.org/security/suites/secp256k1-2020/v1", "https://w3id.org/security/suites/ed25519-2018/v1", + "https://w3id.org/security/suites/secp256k1-2019/v1", + "https://w3id.org/security/suites/secp256k1-2020/v1", + "https://dyne.github.io/W3C-DID/specs/ReflowBLS12381.json", { - "Country":"https://schema.org/Country", - "State":"https://schema.org/State", - "description":"https://schema.org/description", - "url":"https://schema.org/url" + "description":"https://schema.org/description" } ], - "Country":"IT", - "State":"NONE", - "alsoKnownAs":"did:dyne:ganache:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "description":"restroom-mw", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "proof":{ - "created":"1669312940937", - "jws":"eyJhbGciOiJFUzI1NksiLCJiNjQiOnRydWUsImNyaXQiOiJiNjQifQ..PLloczDxLJrDplw4_CaLoQAW1mZvH2dIQ3LsxZtF_C5ax5-hPXQ00ytTOUNQyr4HklnrstZPhKNC6SkvdM_SlQ", - "proofPurpose":"assertionMethod", - "type":"EcdsaSecp256k1Signature2019", - "verificationMethod":"did:dyne:controller:6zv2wcKFrki4DzkQTD7CMEakciwomDfwG8Po2BdAwF3P#key_ecdsa1" - }, - "service":[ - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-announce", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-announce", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#ethereum-to-ethereum-notarization.chain", - "serviceEndpoint":"http://172.104.233.185:28634/api/ethereum-to-ethereum-notarization.chain", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-get-identity", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-get-identity", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-http-post", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-http-post", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-key-issuance.chain", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-key-issuance.chain", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-ping.zen", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-ping.zen", - "type":"LinkedDomains" + "description":"fake sandbox-admin", + "id":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "proof": { + "created": "1671805668826", + "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOnRydWUsImNyaXQiOiJiNjQifQ..0RywWwpi-26gwNhPC4lBcTce80WMDDygtlYu8EzyXa-PZRrG64Bt46z-wp_QXhF-FIbtgf_zfIVHDBeR7sPGGw", + "proofPurpose": "assertionMethod", + "type": "EcdsaSecp256k1Signature2019", + "verificationMethod": "did:dyne:admin:DMMYfDo7VpvKRHoJmiXvEpXrfbW3sCfhUBE4tBeXmNrJ#ecdh_public_key" }, - { - "id":"did:dyne:zenswarm-api#sawroom-to-ethereum-notarization.chain", - "serviceEndpoint":"http://172.104.233.185:28634/api/sawroom-to-ethereum-notarization.chain", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-get-timestamp.zen", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-get-timestamp.zen", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-update", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-update", - "type":"LinkedDomains" - } - ], - "url":"https://swarm2.dyne.org:20004", "verificationMethod":[ { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_ecdsa1", - "publicKeyBase64":"BMBshJCfEXccpJ+KJ830Ro/niwEBvzU2Rt9lZIXn7wpGqARUWn53Z2dlgRR9nJfrtkwhSuybG7i7KYjpeaML9Oc=", - "type":"EcdsaSecp256k1VerificationKey_b64" + "controller":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "id":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ#ecdh_public_key", + "publicKeyBase58":"S1bs1YRaGcfeUjAQh3jigvAXuV8bff2AHjERoHaBPKtBLnXLKDcGPrnB4j5bY8ZHVu9fQGkUW5XzDa9bdhGYbjPf", + "type":"EcdsaSecp256k1VerificationKey2019" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_reflow1", - "publicKeyBase64":"DjXU13pWGlSbQdLA91FiSh+GE8VdTqYS/BhglCo5+XpVEVPIaFhgTTrTPJf7WcGFA/zjJU0gDzRFhNIXQ14gdBwIwhl4vVlczhXbiYOoqY9JCcNE84rQ45CO0htuJ5QKFcjUxnDAXARx+9N3NECJuuMHDRsQ5gnRdrrZISzYkzfj4rxTjFW0+oBRVg4IROmMDLBSoMsjRI/nFylMpdWrAL7y1VBNg/m9J/JTWDiDytT7ZCedVTJof1txfrZ1Rlge", - "type":"ReflowBLS12381VerificationKey_b64" + "controller":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "id":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ#reflow_public_key", + "publicKeyBase58":"9kPV92zSUok2Do2RJKx3Zn7ZY9WScvBZoorMQ8FRcoH7m1eo3mAuGJcrSpaw1YrSKeqAhJnpcFdQjLhTBEve3qvwGe7qZsam3kLo85CpTM84TaEnxVyaTZVYxuY4ytmGX2Yz1scayfSdJYASvn9z12VnmC8xM3D1cXMHNDN5zMkLZ29hgq631ssT55UQif6Pj371HUC5g6u2xYQ2mGYiQ6bQt1NWSMJDzzKTr9y7bEMPKq5bDfYEBab6a4fzk6Aqixr1P3", + "type":"ReflowBLS12381VerificationKey" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_schnorr1", - "publicKeyBase64":"GDS7kEM8ekwEMMbj2OwjSkZY5qMfyhyHHmHcJA/yiN5tQG2/8JJHffksLo+R3ItA", - "type":"SchnorrBLS12381VerificationKey_b64" + "controller":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "id":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ#bitcoin_public_key", + "publicKeyBase58":"rjXTCrGHFMtQhfnPMZz5rak6DDAtavVTrv2AEMXvZSBj", + "type":"EcdsaSecp256k1VerificationKey2019" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_dilithium1", - "publicKeyBase64":"d+Zxp+osTxJmSzKjYrSivU59O3tbNcEEcDeHPGr3CaZRIwQPnLY8hWUSb3IvK/NWmS8qF1WjITZO/eQGpibmmBzht1C+1XhTXHYX9SZ+Q1By0WpMKuDqoRdFaDEEMXtG2wY8hQYP3yzuiQfLfpmfn04hWzTgdRJdL6juaBfuPeq35RADyDaqtSFRIBtW8IigQndwc6fdk/eqHkEKgTVlsKAVrEfR6GLv7RbJqcTE3Z7s1Qp569EJPzUciBUX4DIJjWGS5z2l4Xef3otEYijdDDwKyEF4U98EJX67wF5TIOBw5hzsTRZRgXhpJhhY94D9DGuGIdspOv8gSI+AQ7pEGRVUtfLtWDqVDzwOSeY2rqGBkiBUUEyFZS6yGZzjRtVaW8YuyEwXlr7uOJfNg2sXBcvE4tZIYI1IT9BZNxCqcD5fnsKhVmpf45SLWDN+qSjtbZLOKKa+1/3lntS9DbU3nSbboXec0wpMiOoQIaAh9A0i80dRrpzGVOqEJ2Ar7q0PV/F3sOaHtdRujZ4eAlGIvXZrRAqTQ02HVmEO0fHIfVp/SvR5dkG4uz8IsmKUvfi73gPT4NdbTUjpDaMOkLAduw4MdoQs/99KKMTMCf9/aiTPW1Vz3frQudvXQ0C65vesowbLSsUNuRMcPI2GbHCn8yi1pEaKqrNP/6MegR0LyHHkgLSXnGZWOnEAAZa73IuZi1iC7nnyg56/N6MSURZeCzNa9E3ofRGUhboBLxa68/Z3dUul5E2pIL51MlMXzdaAUMhFosT4XtQBTuGdgDqHMP+hbyy7c/NXtXDgo6Ze4Csm8R9ABhcr/QsZQrmLKvuaMxDqA48XuWWNXqpLho8zHoR58aZWlQFFxyk7AmiN+hJbKiBkW8WxOe1qO8nJkUvjx4gcXhEqrJmtXlZzMZ8L43J4S5iExXKZ6qVgdsE2UZTpfqRSJEC/xaDJjiF8bt59qFVMhyUUy8Pk5tLN0C3zykC4LtSn5o0bcWRYQWuJkHcHRavaRYWef+XxphZyohkXZwE80IQG41YoCq4DAy/wBrpWLBQ7Z5WU3vqd8efGWXMJjjKI+6zb4ZQ2CTAwxIOcRNcBUplh/AEbGbKyIux0W2k9W7V7nDexWWXAy/DYvbUJxhpZ9msjCVijC+DSzwndPHQbDixXtnO/OPc1iT6/E28aiZGBLd20YaNAraRLJx2V0kofjsMpIsnMQCDu2Lp6WbLIaEk9mM3yJEahAcP2phmtA2ajdXn8XMByU1/Q6IvdxJx6zTybLaht4gnsOxvOnnqD3b1MtxuHeQEYGO4Kt5CqGoYwrY+45PCXc1J/0SRSNcih/WRWyDVwOcd5CP9wsIIAFYtQ6jV9NkZkly32CsNC9XUuwoTdwkJw1eo1U3v006JJI5RIBbqwr/LARPzzs/dh4fHooiAVHOJTsx1TyzmJkl9dMkEJvdC9CfMHUymkXG3SoDaypw9cogUjY4JWn5xxsWkPD2N/cbyYO4OjhI6YTicNB4NTK+slOJMzFtN7xoRtXxIZG/t8ILGcg/N4SfGLJugcybExaGh1dL6qUnNn+afEh6OEx3ZoGdQgmzeUMgDpGn7x3mMp8RqUsGmcyTWTqwKHN523UHk0DhBSCMuD5dd5D1o9KKGZjseBSpaVYpjM7ERGSq5KNjAN0HYJje9Is+HBm6l/dyLeB37KBIDTd9G+n9Ak12MqCMkMhbJb0owOtNFfw6FoILd1GeVb/Br1XV4GO11dc2rkN/iG4w==", - "type":"Dilithium2VerificationKey_b64" - }, - { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_eddsa1", - "publicKeyBase58":"2eFibJG2GaBxSfL7CUyt18cg14CsNxAD1FtsSMMTC3r7", + "controller":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "id":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ#eddsa_public_key", + "publicKeyBase58":"8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", "type":"Ed25519VerificationKey2018" }, { - "blockchainAccountId":"eip155:1717658228:0xbce1915aac95b986bbf54d05e52e0fe9abc90240", - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#fabchainAccountId", + "blockchainAccountId":"eip155:1:0xd3765bb6f5917d1a91adebadcfad6c248e721294", + "controller":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "id":"did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ#ethereum_address", "type":"EcdsaSecp256k1RecoveryMethod2020" } ] } ``` - -Below is an example of a DID Document resolved using the DID contained in *alsoKnownAs*: - +The informations about the DID document are store in the DidDocumentMetadata field outstide of the DID document, for example the above did document is associated with the following metadata: ```json { - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "timestamp-create":"1669312940937", - "txid-create":"7208d3f1853ec905ef0af5ff1c2556ec00321a6ca788fe6a55f518f14db652ba" + "created":"1671805668826", + "deactivated": "false" } ``` +Metadata includes information such as the timestamp (unix time) the document was created, the timestamp (unix time) it was last modified, and whether it has been deactivated or is still active. -The data stored in the transation represented by the transaction id *txid-create* can be retrieved by querying the resolve-txid API: - -```bash -curl -X 'POST' \ - 'https://did.dyne.org:443/api/did-resolve-txid' \ - -H 'accept: application/json' \ - -H 'Content-Type: application/json' \ - -d '{ - "data": {"txid":"7208d3f1853ec905ef0af5ff1c2556ec00321a6ca788fe6a55f518f14db652ba"}, - "keys": {} -}' -``` +If a DID document has been deactivated, *i.e.* **deactivated** field is set to true, it means that it is no longer active or available for use. This mean that the DID associated to the DID document can not be used anymore to prove the user identity under any circumstance. ## CRUD Operation Definitions -### DID Document Creation +CRUD operations refer to the four basic functions that are commonly used to manipulate data in a database or system. These operations are: +- **Create**: This operation is used to create new data, such as adding a new document or record to a database. +- **Read**: This operation is used to read or retrieve data from a database or system. Reading data does not modify or change the data in any way. +- **Update**: This operation is used to update or modify existing data in a database or system. +- **Delete**: This operation is used to delete or remove data from a database or system. -The first step to create a DID document is to retrieve a **token**, that is an eddsa keypair, from the DID controller. In this moment it can be obtained by quering the did-faucet API: +In this moment all the CRUD operations, execpt for the Reading operation, are permissioned. This means that Create, Update and Delete operations are restricted to certain users or groups of users. In other words, only users who have been granted permission can perform these operations. -```bash -curl -X 'GET' \ - 'https://did.dyne.org:443/api/did-faucet.chain' \ - -H 'accept: application/json' -``` +This permissioned system is set up following a linear hierarchy and the level of each user in this hierarchy is defined inside their own DID. There are mainly three levels: +- **admin**: there exist only one admin for all the system and its DID starts with did:dyne:admin:. It posses the master key needed to create second levels admins that are specific to their own specific identifier. +- **second-level admins**: there can be more than one second-level admin and its DID starts with did:dyne:idspec.A: where *idspec* can be any alphabetic string. They can create, update and delete any did document whose DID starts with did:dyne:idpsec:. The power of these second-level admins can also be reduced to a single operation using the following notation: + - did:dyne:idspec.C: can only create DID documents + - did:dyne:idspec.U: can only update DID documents + - did:dyne:idspec.D: can only delete DID documents +- **users**: their DID starts with did:dyne:idpsec: and they can not perform any operation on DID documents, excpet for reading. -The response will look like: +### DID Document Creation -```json -{ - "sent:": "sent:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "token": { - "eddsa": "HShhAKcbNHBAaWoDnXDB1r965sM5VLaemUeefCc79JeE", - "eddsa_public_key": "6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe" - } -} -``` +As stated before, this operation is permissioned, thus in order to create a DID document a secret keyring is needed. In order to create a second-level admin DID document the admin keyring is needed, while in order to create a user DID document a second-level admin keyring is needed. Once the user creates the DID document the latter has to be encoded into a string removing all new lines and withespaces (outside of the values of DID document) and escaping double quotes and backslashes. Finally an eddsa signature of this string is computed to certify that on receipt the DID document has not been tumpered with. + +In order to avoid reply attack a second signature is needed. This time the did document along with a timestamp are inserted into a dictionary, also in this case the dictionary is encoded into a string and finally eddsa signed. -At this point the DID document is created from the client, that will use the **eddsa public key** contained in the token as its *\* inside the [id](specification.md?id=Method-Specific-Identifier), and it will look like: +Thus at the end of the clinet side creation of the DID document, the client will end up with a DID document, a ecdh signature, a timestamp, a eddsa signature and the DID of signer. This should look like this: ```json { - "@context":[ + "did_document": { + "@context": [ "https://www.w3.org/ns/did/v1", - "https://dyne.github.io/W3C-DID/specs/EcdsaSecp256k1_b64.json", - "https://dyne.github.io/W3C-DID/specs/ReflowBLS12381_b64.json", - "https://dyne.github.io/W3C-DID/specs/SchnorrBLS12381_b64.json", - "https://dyne.github.io/W3C-DID/specs/Dilithium2_b64.json", - "https://w3id.org/security/suites/secp256k1-2020/v1", "https://w3id.org/security/suites/ed25519-2018/v1", + "https://w3id.org/security/suites/secp256k1-2019/v1", + "https://w3id.org/security/suites/secp256k1-2020/v1", + "https://dyne.github.io/W3C-DID/specs/ReflowBLS12381.json", { - "Country":"https://schema.org/Country", - "State":"https://schema.org/State", - "description":"https://schema.org/description", - "url":"https://schema.org/url" - } - ], - "Country":"IT", - "State":"NONE", - "alsoKnownAs":"did:dyne:ganache:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "description":"restroom-mw", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "service":[ - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-announce", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-announce", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#ethereum-to-ethereum-notarization.chain", - "serviceEndpoint":"http://172.104.233.185:28634/api/ethereum-to-ethereum-notarization.chain", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-get-identity", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-get-identity", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-http-post", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-http-post", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-key-issuance.chain", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-key-issuance.chain", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-ping.zen", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-ping.zen", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#sawroom-to-ethereum-notarization.chain", - "serviceEndpoint":"http://172.104.233.185:28634/api/sawroom-to-ethereum-notarization.chain", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-get-timestamp.zen", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-get-timestamp.zen", - "type":"LinkedDomains" - }, - { - "id":"did:dyne:zenswarm-api#zenswarm-oracle-update", - "serviceEndpoint":"http://172.104.233.185:28634/api/zenswarm-oracle-update", - "type":"LinkedDomains" + "description": "https://schema.org/description" } - ], - "url":"https://swarm2.dyne.org:20004", - "verificationMethod":[ - { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_ecdsa1", - "publicKeyBase64":"BMBshJCfEXccpJ+KJ830Ro/niwEBvzU2Rt9lZIXn7wpGqARUWn53Z2dlgRR9nJfrtkwhSuybG7i7KYjpeaML9Oc=", - "type":"EcdsaSecp256k1VerificationKey_b64" + ], + "description": "Alice", + "id": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "verificationMethod": [ + { + "controller": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "id": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV#ecdh_public_key", + "publicKeyBase58": "PFJZ6vu7p1bDMaAE28Shkgydd2NwPy8n1KZdH3yTSYYtyXVc8jSVoXZqu7GFK7UTozUvkGyZkDPcroKEVAThrFPF", + "type": "EcdsaSecp256k1VerificationKey2019" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_reflow1", - "publicKeyBase64":"DjXU13pWGlSbQdLA91FiSh+GE8VdTqYS/BhglCo5+XpVEVPIaFhgTTrTPJf7WcGFA/zjJU0gDzRFhNIXQ14gdBwIwhl4vVlczhXbiYOoqY9JCcNE84rQ45CO0htuJ5QKFcjUxnDAXARx+9N3NECJuuMHDRsQ5gnRdrrZISzYkzfj4rxTjFW0+oBRVg4IROmMDLBSoMsjRI/nFylMpdWrAL7y1VBNg/m9J/JTWDiDytT7ZCedVTJof1txfrZ1Rlge", - "type":"ReflowBLS12381VerificationKey_b64" + "controller": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "id": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV#reflow_public_key", + "publicKeyBase58": "DxNbADPkQnsJuTsu7E4orFYT175sios3Kuh3L5ssECgJeotUBaRtWqZuqk52QT97YTfNo4a5FZ5ibv3pX3BR4Ci5FPeXWV5J9U8Y4AnZHkP6iVRgfw2swnf6gtVBfFjoboKcn2UokDqq2wLE3cgzxU7zdAzV7rurPxpbeuQH7tXQbNSc7bwzJq8vjwP8bADtUQyfpqCGMNeP1VnacP2AHojBXfhRazAwWv7xcuthLpyp2q5Jh1pHZL4qSRKGPf6qNXyX8D", + "type": "ReflowBLS12381VerificationKey" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_schnorr1", - "publicKeyBase64":"GDS7kEM8ekwEMMbj2OwjSkZY5qMfyhyHHmHcJA/yiN5tQG2/8JJHffksLo+R3ItA", - "type":"SchnorrBLS12381VerificationKey_b64" + "controller": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "id": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV#bitcoin_public_key", + "publicKeyBase58": "dQz3xoUpQWkqVutfKyY1U1VwyACWUyBXaYExh7DZNv3p", + "type": "EcdsaSecp256k1VerificationKey2019" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_dilithium1", - "publicKeyBase64":"d+Zxp+osTxJmSzKjYrSivU59O3tbNcEEcDeHPGr3CaZRIwQPnLY8hWUSb3IvK/NWmS8qF1WjITZO/eQGpibmmBzht1C+1XhTXHYX9SZ+Q1By0WpMKuDqoRdFaDEEMXtG2wY8hQYP3yzuiQfLfpmfn04hWzTgdRJdL6juaBfuPeq35RADyDaqtSFRIBtW8IigQndwc6fdk/eqHkEKgTVlsKAVrEfR6GLv7RbJqcTE3Z7s1Qp569EJPzUciBUX4DIJjWGS5z2l4Xef3otEYijdDDwKyEF4U98EJX67wF5TIOBw5hzsTRZRgXhpJhhY94D9DGuGIdspOv8gSI+AQ7pEGRVUtfLtWDqVDzwOSeY2rqGBkiBUUEyFZS6yGZzjRtVaW8YuyEwXlr7uOJfNg2sXBcvE4tZIYI1IT9BZNxCqcD5fnsKhVmpf45SLWDN+qSjtbZLOKKa+1/3lntS9DbU3nSbboXec0wpMiOoQIaAh9A0i80dRrpzGVOqEJ2Ar7q0PV/F3sOaHtdRujZ4eAlGIvXZrRAqTQ02HVmEO0fHIfVp/SvR5dkG4uz8IsmKUvfi73gPT4NdbTUjpDaMOkLAduw4MdoQs/99KKMTMCf9/aiTPW1Vz3frQudvXQ0C65vesowbLSsUNuRMcPI2GbHCn8yi1pEaKqrNP/6MegR0LyHHkgLSXnGZWOnEAAZa73IuZi1iC7nnyg56/N6MSURZeCzNa9E3ofRGUhboBLxa68/Z3dUul5E2pIL51MlMXzdaAUMhFosT4XtQBTuGdgDqHMP+hbyy7c/NXtXDgo6Ze4Csm8R9ABhcr/QsZQrmLKvuaMxDqA48XuWWNXqpLho8zHoR58aZWlQFFxyk7AmiN+hJbKiBkW8WxOe1qO8nJkUvjx4gcXhEqrJmtXlZzMZ8L43J4S5iExXKZ6qVgdsE2UZTpfqRSJEC/xaDJjiF8bt59qFVMhyUUy8Pk5tLN0C3zykC4LtSn5o0bcWRYQWuJkHcHRavaRYWef+XxphZyohkXZwE80IQG41YoCq4DAy/wBrpWLBQ7Z5WU3vqd8efGWXMJjjKI+6zb4ZQ2CTAwxIOcRNcBUplh/AEbGbKyIux0W2k9W7V7nDexWWXAy/DYvbUJxhpZ9msjCVijC+DSzwndPHQbDixXtnO/OPc1iT6/E28aiZGBLd20YaNAraRLJx2V0kofjsMpIsnMQCDu2Lp6WbLIaEk9mM3yJEahAcP2phmtA2ajdXn8XMByU1/Q6IvdxJx6zTybLaht4gnsOxvOnnqD3b1MtxuHeQEYGO4Kt5CqGoYwrY+45PCXc1J/0SRSNcih/WRWyDVwOcd5CP9wsIIAFYtQ6jV9NkZkly32CsNC9XUuwoTdwkJw1eo1U3v006JJI5RIBbqwr/LARPzzs/dh4fHooiAVHOJTsx1TyzmJkl9dMkEJvdC9CfMHUymkXG3SoDaypw9cogUjY4JWn5xxsWkPD2N/cbyYO4OjhI6YTicNB4NTK+slOJMzFtN7xoRtXxIZG/t8ILGcg/N4SfGLJugcybExaGh1dL6qUnNn+afEh6OEx3ZoGdQgmzeUMgDpGn7x3mMp8RqUsGmcyTWTqwKHN523UHk0DhBSCMuD5dd5D1o9KKGZjseBSpaVYpjM7ERGSq5KNjAN0HYJje9Is+HBm6l/dyLeB37KBIDTd9G+n9Ak12MqCMkMhbJb0owOtNFfw6FoILd1GeVb/Br1XV4GO11dc2rkN/iG4w==", - "type":"Dilithium2VerificationKey_b64" + "controller": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "id": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV#eddsa_public_key", + "publicKeyBase58": "CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "type": "Ed25519VerificationKey2018" }, { - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#key_eddsa1", - "publicKeyBase58":"2eFibJG2GaBxSfL7CUyt18cg14CsNxAD1FtsSMMTC3r7", - "type":"Ed25519VerificationKey2018" - }, - { - "blockchainAccountId":"eip155:1717658228:0xbce1915aac95b986bbf54d05e52e0fe9abc90240", - "controller":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe", - "id":"did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe#fabchainAccountId", - "type":"EcdsaSecp256k1RecoveryMethod2020" + "blockchainAccountId": "eip155:1:0xdb26948a4d17061c0d8242822423738bf16ee1ce", + "controller": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV", + "id": "did:dyne:sandbox:CmR8HZwNaV3Xw7ZVdvaa4oQDmsiVmoiULEiWJABe7EHV#ethereum_address", + "type": "EcdsaSecp256k1RecoveryMethod2020" } - ] + ] + }, + "ecdh_signature": { + "r": "5w8hD5GYbQUr7ytBrmTY1GhAZryKuyxQK1fLbady15Ev", + "s": "AjCmqMXUXBD1Wc66nFabcnTxRodpHTcFepcyHLwRGoiS" + }, + "eddsa_signature": "54jSisfb17KqjYuDsUn4rdGkmAoJFUAA4aRVHW75sa7chAWoBTpJiGSdUxegfTKQpVi7UoNFuteVEtCndKwBKaMp", + "id": "did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ", + "timestamp": "1672319885685" } ``` -The last step is to encode the DID document as a string using json encoding, whituout withespaces, and sign the latter with both the **client eddsa key** and the **token eddsa key**. The DID document and the relative signatures are finally sent to the Controller and the the *HTTP POST* wil be of the form: +All these informations are now sent to the Dyne's DID server that will verify the signatures and the timestamp and create a new DID document. Moreover the ecdh signature will be converted into a jws signature and inserted inside the DID document proof in order to matain its integrity. +Thus the last step from a Client prospective is an *HTTP POST* that will be of the form: ```bash curl -X 'POST' \ - 'https://did.dyne.org:443/api/did-create.chain' \ + 'https://did.dyne.org:443/api/v1/sandbox/pubkeys-accept.chain' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "data": { - "did_document": { ... }, - "eddsa_signature": " ... ", - "token_signature": " ... " + "did_document": { ... }, + "ecdh_siganture": "...", + "timestamp": "...", + "eddsa_signature": " ... ", + "id": " ... " }, "keys": {} }' @@ -335,37 +216,39 @@ curl -X 'POST' \ ### DID Document Read -To read the DID document for some DID, you simply have to perform an *HTTP GET*: +To read the DID document associated with a DID, you simply have to perform an *HTTP GET*: ```bash curl -X 'GET' \ - 'https://did.dyne.org:443/1.0/identifiers/' \ + 'https://did.dyne.org:443/dids/' \ -H 'accept: application/json' ``` -It returns a did document for that DID, if it is found. For example the DID +It resolve the DID into a DID document, if it is found. For example the DID ``` -did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe +did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ ``` -can be resolved by +can be resolved with: ```bash curl -X 'GET' \ - 'https://did.dyne.org:443/1.0/identifiers/did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe' \ + 'https://did.dyne.org:443/dids/did:dyne:sandbox.A:8REPQXUsFmaN6avGN6aozQtkhLNC9xUmZZNRM7u2UqEZ' \ -H 'accept: application/json' ``` ### DID Document Update -During update the **token** is no more required, only the client eddsa key is needed. In order to update the DID document the clinet will modify its DID document, encoding it has a string using json encoding and finally sign it with the **eddsa key** that matches the **eddsa public key** present in the previous DID document. At the end the new DID document, the DID and the singature will be sent to the DID controller and the *POST* will lok like: +As stated at the beginning also this operation is permissioned. The procedure is almost identical to the creation one: a new updated DID document is created by the client, that encodes it as a string and sign the latter with an admin or second-level admin ecdh key, creating an ecdsa siganture. As before we also sign it along with a timestamp to avoid reply attacks creating an eddsa signature. Then an *HTTP POST*, of the following form, is performed: ```bash curl -X 'POST' \ - 'https://did.dyne.org:443/api/did-update.chain' \ + 'https://did.dyne.org:443/api/v1/sandbox/pubkeys-update.chain' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "data": { - "did_document": { ... }, - "eddsa_signature": " ... ", - "id": " ... " + "did_document": { ... }, + "ecdh_siganture": "...", + "timestamp": "...", + "eddsa_signature": " ... ", + "id": " ... " }, "keys": {} }' @@ -373,33 +256,35 @@ curl -X 'POST' \ ### DID Document Revocation -To delete/revocate a DID document, it is enough to perform a *HTTP POST* request as follow where the **id** is the DID to be removed and the **eddsa signature** is its signature using the **client eddsa key**: +To revocate/deactivate a DID document, it is enough to perform a *HTTP POST* request as follow where the **deactivate_id** is the DID to be deactivated, the **ecdh signature** is its eddsa signature using the admin or second-level admin ecdh key and the **id** is te signer DID: + ```bash curl -X 'POST' \ - 'https://did.dyne.org:443/api/did-delete.chain' \ + 'https://did.dyne.org:443/api/did-deactivate.chain' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "data": { - "eddsa_signature": "M3So52B9TN7N8pGXywGd62gtWiYz532Z2FJXv1QUf62HSzZ37qUkERsiyB7y2DPFEuzz62jJgSfGdRnJmfeWUAR", - "id": "did:dyne:oracle:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe" + "deactivate_id": "...", + "ecdh_signature": "...", + "id": "..." }, "keys": {} }' ``` -The did document will be removed and it will be not possible to resolve its did anymore, but its *alsoKnownAs* field, in this case *did:dyne:ganache:6hz2jnExz5qSKNAN7XMkcZsHr8HYaHxu6RNuWyG19SVe*, will still be resolvable and it will contains all the history of the DID document: -- timestamp and txid of creation -- timestamps and txids of all the updates, if performed -- timestamp and txid of removal +The did document will not be removed, but inside its metadata the field **deactivated** will be set to **true** and it will not be possible for this DID document to perform any operations. ## Security Considerations -- DID documents are stored from the Controller both on redis and on ganache blockchain, thus the correctness of the DID document can always be verified. +- DID documents are stored from the Server on filesystem and any change is tracked using git and logifles, thus any change can be track and controlled. - DID documents use ECDSA signature technology to prevent tampering. ## Privacy Considerations - No personally identifiable information (PII) is included in a DID document retrieved by Dyne.org's DID resolver. -- DID Document details published on the blockchain ledger are necessary only for authentication by other parties. - The private key only exists on the user's device and will not be known to any third party. + + diff --git a/docs/specs/ReflowBLS12381_b64.json b/docs/specs/ReflowBLS12381.json similarity index 78% rename from docs/specs/ReflowBLS12381_b64.json rename to docs/specs/ReflowBLS12381.json index 7344e42..72d82b1 100644 --- a/docs/specs/ReflowBLS12381_b64.json +++ b/docs/specs/ReflowBLS12381.json @@ -3,7 +3,7 @@ "id": "@id", "type": "@type", "@protected": true, - "ReflowBLS12381VerificationKey_b64": { + "ReflowBLS12381VerificationKey": { "@id": "https://dyne.github.io/W3C-DID/#/security?id=reflowbls12381verificationkey_b64", "@context": { "@protected": true, @@ -17,8 +17,8 @@ "@id": "https://w3id.org/security#revoked", "@type": "http://www.w3.org/2001/XMLSchema#dateTime" }, - "publicKeyBase64": { - "@id": "https://dyne.github.io/W3C-DID/#/security?id=publickeybase64" + "publicKeyBase58": { + "@id": "https://w3id.org/security#publicKeyBase58" } } }