标题:“Ethr DID 解析器”
指数:7
类别:“ethr-did-resolver”
type: "reference"
source: "https://github.com/uport-project/ethr-did-resolver/blob/develop/README.md"
ethr DID Resolver
这个库旨在使用以太坊地址作为完全自我管理的分散标识符 并将它们包装在 DID 文档
它支持提议的 W3C Credentials Community GroupDecentralized Identifiers 规范一个>。
它需要 did-resolver
库,这是解析 DID 的主要接口。
DID 方法依赖于 ethr-did-registry。
DID method
要为以太坊地址编码 DID,只需在前面加上 did:ethr:
例如:
did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
DID Document
did 解析器获取以太坊地址,检查当前所有者,查看合约事件并构建一个简单的 DID 文档。
一个以太坊地址 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
的最小 DID 文档,没有与注册表的交易,如下所示:
{
'@context': 'https://w3id.org/did/v1',
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
publicKey: [{
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner',
type: 'Secp256k1VerificationKey2018',
owner: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
ethereumAddress: '0xb9c5714089478a327f09197987f16f9e5d936e8a'}],
authentication: [{
type: 'Secp256k1SignatureAuthentication2018',
publicKey: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner'}]
}
注意这使用了 Secp256k1VerificationKey2018
类型和一个 ethereumAddress
而不是 publicKeyHex
。
Building a DID document
DID 文档是通过使用 ethr-did-registry 智能以太坊上的只读函数和合约事件构建的合同。
注册表中返回以太坊地址的任何值都将添加到类型为 Secp256k1VerificationKey2018
且 ethereumAddress
属性包含的 DID 文档的 publicKey
数组中地址。
Owner Address
每个身份总是有一个所有者地址。 默认情况下,它与身份地址相同,但请检查部署版本的 EthrDIDRegistry 合约上的只读合约函数 identityOwner(address identity)
。
身份所有者将始终拥有一个 publicKey
,其 id 设置为 DID,并附加片段 #owner
。
一个条目也被添加到类型为 Secp256k1SignatureAuthentication2018
的 DID 文档的 authentication
数组中。
Enumerating contract events for an identity
EthereumDIDRegistry
合约为每个身份发布 3 种类型的事件。
DIDOwnerChanged
DIDDelegateChanged
DIDAttributeChanged
如果曾经对身份进行过更改,则块号将存储在 changed
映射中。
可以通过在那个确切的块检查上述 3 个事件之一来有效地查找最新事件。
每个事件都包含一个 previousChange
值,该值包含先前更改的块号(如果有)
要查看身份历史记录中的所有更改,请使用以下伪代码:
- call
changed(address identity)
contract
- if result is null return
- filter for events for all the above types with the contracts address on the specified block
- if event has a previous change then go to 3
Delegate Keys
委托密钥是以太坊地址,可以是一般签名密钥或可选地也执行身份验证。
它们也可以通过 solidity 进行验证(有关更多信息,请参阅 ethr-did-registry)。
DIDDelegateChanged
事件已发布,用于构建 DID。
event DIDDelegateChanged(
address indexed identity,
bytes32 delegateType,
address delegate,
uint validTo,
uint previousChange
);
目前在 DID 文档中发布的仅有的 2 个 delegateTypes 是
veriKey
Which adds a Secp256k1VerificationKey2018
to the publicKey
section of document
sigAuth
Which adds a Secp256k1SignatureAuthentication2018
to the publicKey
section of document. An entry is also added to the authentication
section of document.
:细绳。 这将我们限制为 32 个字节,这就是我们使用上面的简写版本的原因。
只有大于或等于当前时间的 validTo
事件才应包含在 DID 文档中。
Non Ethereum Attributes
可以使用属性添加非以太坊密钥、服务元素等。 属性仅作为 DIDAttributeChanged
类型的合约事件存在于区块链上,因此无法从 solidity 代码中查询。
event DIDAttributeChanged(
address indexed identity,
bytes32 name,
bytes value,
uint validTo,
uint previousChange
);
注意 name
是 bytes32
类型,出于以太坊 gas 效率的原因,而不是字符串。 这将我们限制为 32 个字节,这就是我们使用下面的简写属性版本的原因。
虽然可以存储任何属性。 对于 DID 文档,我们目前支持添加到 DID 文档的每个部分:
Public Keys
属性的名称应遵循以下格式:
did/pub/(Secp256k1|RSA|Ed25519)/(veriKey|sigAuth)/( hex|base64)
Hex encoded Secp256k1 Verification Key
身份 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
的 DIDAttributeChanged
事件,名称为 did/pub/Secp256k1/veriKey/hex
和value of 0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71
generates a PublicKey
entry like this:
{
id: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#delegate-1",
type: "Secp256k1VerificationKey2018",
owner: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74",
publicKeyHex: '02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71'
}
Base64 encoded Ed25519 Verification Key
A DIDAttributeChanged
event for the identity 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
with the name 的值生成一个 PublicKey
条目,如下所示:
{
id: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#delegate-1",
type: "Ed25519VerificationKey2018",
owner: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74",
publicKeyBase64: "uXww3nZ/CEzjCAFo7ikwU7ozsjXXEWoyY9KfFFCTa3E="
}
>did/pub/Ed25519/veriKey/base64 和 0xb97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71 code>pem
、base58
和 jwk
密钥格式。
Service Endpoints
属性的名称应遵循以下格式:
did/svc/[ServiceName]
Hex encoded Secp256k1 Verification Key
身份 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
的 DIDAttributeChanged
事件,名称为 >did/svc/HubService
和 url https://hubs.uport.me
十六进制编码为 0x68747470733a2f2f687562732e75706f72742e6d65
的值生成一个服务 条目如下:
{
type: "HubService",
serviceEndpoint: "https://hubs.uport.me"
}
Resolving a DID document
解析器提供了一个简单的 resolver()
函数,该函数返回一个返回 DID 文档的 ES6 Promise。
import resolve from 'did-resolver'
import registerResolver from 'ethr-did-resolver'
registerResolver()
resolve('did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74').then(doc => console.log)
// You can also use ES7 async/await syntax
const doc = await resolve('did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74')
title: "Ethr DID Resolver"
index: 7
category: "ethr-did-resolver"
type: "reference"
source: "https://github.com/uport-project/ethr-did-resolver/blob/develop/README.md"
ethr DID Resolver
This library is intended to use ethereum addresses as fully self managed Decentralized Identifiers and wrap them in a DID Document
It supports the proposed Decentralized Identifiers spec from the W3C Credentials Community Group.
It requires the did-resolver
library, which is the primary interface for resolving DIDs.
The DID method relies on the ethr-did-registry.
DID method
To encode a DID for an Ethereum address, simply prepend did:ethr:
eg:
did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
DID Document
The did resolver takes the ethereum address, checks for the current owner, looks at contract events and builds a simple DID document.
The minimal DID document for a an ethereum address 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
with no transactions to the registry looks like this:
{
'@context': 'https://w3id.org/did/v1',
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
publicKey: [{
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner',
type: 'Secp256k1VerificationKey2018',
owner: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
ethereumAddress: '0xb9c5714089478a327f09197987f16f9e5d936e8a'}],
authentication: [{
type: 'Secp256k1SignatureAuthentication2018',
publicKey: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner'}]
}
Note this uses the Secp256k1VerificationKey2018
type and an ethereumAddress
instead of a publicKeyHex
.
Building a DID document
The DID document is built by using read only functions and contract events on the ethr-did-registry Ethereum smart contract.
Any value from the registry that returns an ethereum address will be added to the publicKey
array of the DID document with type Secp256k1VerificationKey2018
and an ethereumAddress
attribute containing the address.
Owner Address
Each identity always has an owner address. By default it's the same as the identity address, but check the read only contract function identityOwner(address identity)
on the deployed version of the EthrDIDRegistry contract.
The Identity owner will always have a publicKey
with the id set as the DID with the fragment #owner
appended.
An entry is also added to the authentication
array of the DID document with type Secp256k1SignatureAuthentication2018
.
Enumerating contract events for an identity
The EthereumDIDRegistry
contract publishes 3 types of events for each identity.
DIDOwnerChanged
DIDDelegateChanged
DIDAttributeChanged
If a change has ever been made for an identity the block number is stored in the changed
mapping.
The latest event can be efficiently looked up by checking for one of the 3 above events at that exact block.
Each event contains a previousChange
value which contains the block number of the previous change (if any)
To see all changes in history for an identity use the following pseudo code:
- call
changed(address identity)
contract
- if result is null return
- filter for events for all the above types with the contracts address on the specified block
- if event has a previous change then go to 3
Delegate Keys
Delegate Keys are ethereum addresses that can either be general signing keys or optionally also perform authentication.
They are also verifiable from solidity (see ethr-did-registry for more info).
A DIDDelegateChanged
event is published that is used to build a DID.
event DIDDelegateChanged(
address indexed identity,
bytes32 delegateType,
address delegate,
uint validTo,
uint previousChange
);
The only 2 delegateTypes that are currently published in the DID Document are:
veriKey
Which adds a Secp256k1VerificationKey2018
to the publicKey
section of document
sigAuth
Which adds a Secp256k1SignatureAuthentication2018
to the publicKey
section of document. An entry is also added to the authentication
section of document.
Note The delegateType
is a bytes32
type for Ethereum gas efficiency reasons and not a string. This restricts us to 32 bytes, which is why we use the short hand versions above.
Only events with a validTo
in seconds greater or equal to current time should be included in the DID document.
Non Ethereum Attributes
Non ethereum keys, service elements etc can be added using attributes. Attributes only exist on the blockchain as contract events of type DIDAttributeChanged
and can thus not be queried from within solidity code.
event DIDAttributeChanged(
address indexed identity,
bytes32 name,
bytes value,
uint validTo,
uint previousChange
);
Note The name
is a bytes32
type for Ethereum gas efficiency reasons and not a string. This restricts us to 32 bytes, which is why we use the short hand attribute versions below.
While any attribute can be stored. For the DID document we currently support adding to each of these sections of the DID document:
Public Keys
The name of the attribute should follow this format:
did/pub/(Secp256k1|RSA|Ed25519)/(veriKey|sigAuth)/(hex|base64)
Hex encoded Secp256k1 Verification Key
A DIDAttributeChanged
event for the identity 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
with the name did/pub/Secp256k1/veriKey/hex
and the value of 0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71
generates a PublicKey
entry like this:
{
id: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#delegate-1",
type: "Secp256k1VerificationKey2018",
owner: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74",
publicKeyHex: '02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71'
}
Base64 encoded Ed25519 Verification Key
A DIDAttributeChanged
event for the identity 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
with the name did/pub/Ed25519/veriKey/base64
and the value of 0xb97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71
generates a PublicKey
entry like this:
{
id: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#delegate-1",
type: "Ed25519VerificationKey2018",
owner: "did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74",
publicKeyBase64: "uXww3nZ/CEzjCAFo7ikwU7ozsjXXEWoyY9KfFFCTa3E="
}
We are looking for people to submit support for pem
, base58
and jwk
key formats as well.
Service Endpoints
The name of the attribute should follow this format:
did/svc/[ServiceName]
Hex encoded Secp256k1 Verification Key
A DIDAttributeChanged
event for the identity 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
with the name did/svc/HubService
and value of the url https://hubs.uport.me
hex encoded as 0x68747470733a2f2f687562732e75706f72742e6d65
generates a Service
entry like this:
{
type: "HubService",
serviceEndpoint: "https://hubs.uport.me"
}
Resolving a DID document
The resolver presents a simple resolver()
function that returns a ES6 Promise returning the DID document.
import resolve from 'did-resolver'
import registerResolver from 'ethr-did-resolver'
registerResolver()
resolve('did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74').then(doc => console.log)
// You can also use ES7 async/await syntax
const doc = await resolve('did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74')