Blockcore DID Method specification
Version: 0.0.1
Decentralized identifiers (DIDs) are a new type of identifiers that enables verifiable, self-sovereign digital identity. Blockcore supports decentralized identities through the Blockcore Storage feature.
This specification describes how the Blockcore Identity framework aligns with the DID specification and how the Blockcore Universal Resolver works.
This specification conforms to the requirements specified in the DIDs specification currently published by the W3C Credentials Community Group.
The Blockcore Identity registry is a permissionless and borderless runtime for identities.
The namestring that shall identify this DID method is: is.
A DID that uses this method MUST begin with the following prefix: did:is. Per this DID specification, this string MUST be in lowercase.
The remainder of the DID, after the prefix, can either be additional sub-prefix or the profile identifier.
The profile identifier is derived as an P2PKH address (e.g. like Bitcoin address) with the prefix of pubkey address of 55 (P, uppercase P) and script address of 117 (p, lowercase p).
This means that the latter part of the identifier always starts with capital P.
A valid Blockcore DID might be:
did:is:PLBNc1Ph6whu1vbQGEuRywTTHCEnfDDuXh
The keys used for Blockcore Identity is based upon the same scheme such as regular wallets. You can generate unique private keys for each of your identities and manually manage them, or you can rely on a HD scheme (BIP32).
The BIP44 prefix for Blockcore Identity derived keys is 302. This is up for revision before finalization of the implementation.
Keys used for Blockcore Identity only supports secp256k1 algorithm, identifies as "ES256K" in the JOSE libraries.
The following methods is available for publishing, updating and deleting an Blockcore Identity.
Blockcore Identities resides on all public and private Blockcore-based blockchain nodes that has the Blockcore Storage feature enabled. The Blockcore Identities are cross-chain compatible across all Blockcore-derived blockchains.
You can create identities in any programming language, and it relies on open standards to create and sign the identity profile documents.
Foundations for the runtime is Javascript Object Signing and Encryption (JOSE), which allows cross-platform signed documents (JSON Web Signature).
Blockcore provides these libraries to help simplify the creation of identities:
-
Blockcore Javascript Object Signing and Encryption (JOSE) for .NET
-
Blockcore Message, Library that helps signing messages in the browser.
Step by step guide:
- Create your identity JSON structure according to the latest schema.
- Encode the JSON structure using JSON Web Signature. This is a JWT with a signature attached.
- Publish the JWT using the latest API method, either on local Blockcore node or public public (also known as Blockcore Hub).
Example of signed JWS:
eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QiLCJraWQiOiJQTEJOYzFQaDZ3aHUxdmJRR0V1Unl3VFRIQ0VuZkREdVhoIn0.eyJpZGVudGlmaWVyIjoiZGlkOmlzOlBMQk5jMVBoNndodTF2YlFHRXVSeXdUVEhDRW5mRER1WGgiLCJpYXQiOjE1OTg4MDMxODA0MzgsIkB0eXBlIjoiaWRlbnRpdHkiLCJAc3RhdGUiOjAsIm5hbWUiOm51bGwsInNob3J0bmFtZSI6bnVsbCwiYWxpYXMiOm51bGwsInRpdGxlIjpudWxsLCJlbWFpbCI6bnVsbCwidXJsIjpudWxsLCJpbWFnZSI6bnVsbCwiaHVicyI6bnVsbH0.HwQuFSNgMLJuHUaBY0edliaY0FJHD9O4hpSYabAd3y2KNBuR1ChAO9IpvikJNDHIyYgmWjqj8Kt2IgK3hwM4VBM
The token can be decoded using web sites such as https://jwt.ms/.
The above token decodes to the following:
{
"alg": "ES256K",
"typ": "JWT",
"kid": "PLBNc1Ph6whu1vbQGEuRywTTHCEnfDDuXh"
}.{
"identifier": "did:is:PLBNc1Ph6whu1vbQGEuRywTTHCEnfDDuXh",
"iat": 1598803180438,
"@type": "identity",
"@state": 0,
"name": null,
"shortname": null,
"alias": null,
"title": null,
"email": null,
"url": null,
"image": null,
"hubs": null
}.[Signature]
The only required parts of the identity profile is the identifier. Users (and machines) can have a public profile of only the identifier and no other metadata attached.
Blockcore DID's associated DID document (also known as Identity Profile) can be looked up using the REST API of a node or a hub.
Blockcore hosts a public hub that can be used to publish and read identities.
Example of result from REST API:
{
"id": "did:is:PLBNc1Ph6whu1vbQGEuRywTTHCEnfDDuXh",
"version": 4,
"header": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QiLCJraWQiOiJQTEJOYzFQaDZ3aHUxdmJRR0V1Unl3VFRIQ0VuZkREdVhoIn0",
"payload": "eyJpZGVudGlmaWVyIjoiZGlkOmlzOlBMQk5jMVBoNndodTF2YlFHRXVSeXdUVEhDRW5mRER1WGgiLCJpYXQiOjE1OTg4MDMxODA0MzgsIkB0eXBlIjoiaWRlbnRpdHkiLCJAc3RhdGUiOjAsIm5hbWUiOm51bGwsInNob3J0bmFtZSI6bnVsbCwiYWxpYXMiOm51bGwsInRpdGxlIjpudWxsLCJlbWFpbCI6bnVsbCwidXJsIjpudWxsLCJpbWFnZSI6bnVsbCwiaHVicyI6bnVsbH0",
"signature": "HwQuFSNgMLJuHUaBY0edliaY0FJHD9O4hpSYabAd3y2KNBuR1ChAO9IpvikJNDHIyYgmWjqj8Kt2IgK3hwM4VBM",
"content":
{
"identifier": "did:is:PLBNc1Ph6whu1vbQGEuRywTTHCEnfDDuXh",
"type": "identity",
"state": 0,
"timestamp": "1598803180438"
}
}
To validate this result, the header, payload and signature must be combined with an . seperator. Use one of the .NET or JavaScript libraries provided by Blockcore, or another JOSE-library.
The identities on Blockcore Identity registry is always upsert, meaning that there are no difference between new created identities and updates.
There is one requirement for an update to succeed, and that is for the "iat" timestamp field to be updated with a higher value.
Deleting an identity is similar to create/update, but all fields should be set to null and the @state must be set to 999.
Known states:
- 0: Active Identity Profile
- 999: Deleted Identity Profile
A deleted identity can be recreated at a later time. It is left empty in the registry to avoid older nodes coming online, re-adding the identity to the decentralized node storage.
There are no limits to the amount of identity profiles that a user can create. This means they can improve their privacy by acting under different identities for different purposes.
Your identities can easily be correlated by a node, so don't expect identities in the same wallet to be completely sepearate.
The private key used to sign the identities, has the same security as Bitcoin and Blockcore-based blockchain wallet addresses.
Identities that are published to nodes, can potentially be stored forever. Delete of an identity is only a request to nodes to remove the information, a node can potentially archieve and index all published identities.