66
77## Preface
88
9- The ethr DID method specification conforms to the requirements specified in
10- the [ DID specification] ( https://w3c-ccg.github.io/did-core/ ) , currently published by the
11- W3C Credentials Community Group. For more information about DIDs and DID method specifications,
9+ The ethr DID method specification conforms to the requirements specified in
10+ the [ DID specification] ( https://w3c-ccg.github.io/did-core/ ) , currently published by the
11+ W3C Credentials Community Group. For more information about DIDs and DID method specifications,
1212please see the [ DID Primer] ( https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/topics-and-advance-readings/did-primer.md )
1313
1414## Abstract
@@ -37,18 +37,18 @@ ARTIS sigma1 | `artis_s1` | 0x03c301 | `0xdca7ef03e98e0dc2b855be647c39abe
3737Since each Ethereum transaction must be funded, there is a growing trend of on-chain transactions that are
3838authenticated via an externally created signature and not by the actual transaction originator. This allows for
39393rd party funding services, or for receivers to pay without any fundamental changes to the underlying
40- Ethereum architecture. These kinds of transactions have to be signed by an actual key pair and thus cannot be used
41- to represent smart contract based Ethereum accounts. ERC1056 proposes a way of a smart contract or regular key pair
40+ Ethereum architecture. These kinds of transactions have to be signed by an actual key pair and thus cannot be used
41+ to represent smart contract based Ethereum accounts. ERC1056 proposes a way of a smart contract or regular key pair
4242delegating signing for various purposes to externally managed key pairs. This allows a smart contract to be
4343represented, both on-chain as well as off-chain or in payment channels through temporary or permanent delegates.
4444
4545For a reference implementation of this DID method specification see [ 3] .
4646
47- ### Identity Ownership
48- By default, each identity is controlled by itself. Each identity can only be controlled by a single
49- address at any given time. By default, this is the address of the identity itself. The owner can
47+ ### Identity Controller
48+ By default, each identity is controlled by itself. Each identity can only be controlled by a single
49+ address at any given time. By default, this is the address of the identity itself. The controller can
5050replace themselves with any other Ethereum address, including contracts to allow more advanced
51- models such as multi-signature ownership .
51+ models such as multi-signature controllership .
5252
5353## Target System
5454
@@ -64,15 +64,15 @@ The target system is the Ethereum network where the ERC1056 is deployed. This co
6464
6565- No transaction fee on identity creation
6666- Uses Ethereum's built-in account abstraction
67- - Multi-sig wallet for identity owner
67+ - Multi-sig wallet for identity controller
6868- Decoupling claims data from the underlying identity
6969- Decoupling Ethereum interaction from the underlying identity
7070- Flexibility to use key management
7171- Flexibility to allow third-party funding service to pay the gas fee if needed
72- - Supports any EVM-compliant blockchain
72+ - Supports any EVM-compliant blockchain
7373
7474## JSON-LD Context Definition
75- Note, this DID method specification uses the ` Secp256k1VerificationKey2018 ` ,
75+ Note, this DID method specification uses the ` Secp256k1VerificationKey2018 ` ,
7676` Secp256k1SignatureAuthentication2018 ` types and an ` ethereumAddress ` instead of
7777a ` publicKeyHex ` .
7878
@@ -91,7 +91,7 @@ The definition of the ethr DID JSON-LD context is:
9191
9292The namestring that shall identify this DID method is: ` ethr `
9393
94- A DID that uses this method MUST begin with the following prefix: ` did:ethr ` . Per the DID specification, this string
94+ A DID that uses this method MUST begin with the following prefix: ` did:ethr ` . Per the DID specification, this string
9595MUST be in lowercase. The remainder of the DID, after the prefix, is specified below.
9696
9797## Method Specific Identifier
@@ -137,36 +137,36 @@ transactions to the ERC1056 registry looks like this:
137137 '@context ': 'https://w3id.org/did/v1 ',
138138 id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
139139 publicKey: [ {
140- id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner ',
140+ id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#controller ',
141141 type: 'Secp256k1VerificationKey2018',
142- owner : 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
142+ controller : 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
143143 ethereumAddress: '0xb9c5714089478a327f09197987f16f9e5d936e8a'}] ,
144144 authentication: [ {
145145 type: 'Secp256k1SignatureAuthentication2018',
146- publicKey: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner '}]
146+ publicKey: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#controller '}]
147147 }
148148
149149### Read (Resolve)
150150
151151The DID document is built by using read only functions and contract events on the ERC1056 registry.
152152
153- Any value from the registry that returns an Ethereum address will be added to the ` publicKey ` array of the DID
153+ Any value from the registry that returns an Ethereum address will be added to the ` publicKey ` array of the DID
154154document with type ` Secp256k1VerificationKey2018 ` and an ` ethereumAddress ` attribute containing the address.
155155
156- #### Owner Address
156+ #### Controller Address
157157
158- Each identity always has an owner address. By default it is the same as the identity address, but check the
158+ Each identity always has a controller address. By default it is the same as the identity address, but check the
159159read only contract function ` identityOwner(address identity) ` on the deployed version of the ERC1056 contract.
160160
161- The identity owner will always have a ` publicKey ` with the id set as the DID with the fragment ` #owner ` appended.
161+ The identity controller will always have a ` publicKey ` with the id set as the DID with the fragment ` #controller ` appended.
162162
163163An entry is also added to the ` authentication ` array of the DID document with type ` Secp256k1SignatureAuthentication2018 ` .
164164
165165#### Enumerating Contract Events to build the DID Document
166166
167167The ERC1056 contract publishes three types of events for each identity.
168168
169- - ` DIDOwnerChanged `
169+ - ` DIDOwnerChanged ` (indicating a change of controller)
170170- ` DIDDelegateChanged `
171171- ` DIDAttributeChanged `
172172
@@ -199,22 +199,22 @@ A `DIDDelegateChanged` event is published that is used to build a DID document.
199199 uint validTo,
200200 uint previousChange
201201 );
202-
202+
203203
204204The only 2 ` delegateTypes ` that are currently published in the DID document are:
205205
206206- ` veriKey ` which adds a ` Secp256k1VerificationKey2018 ` to the ` publicKey ` section of the DID document.
207207- ` sigAuth ` which adds a ` Secp256k1SignatureAuthentication2018 ` to the ` publicKey ` section of document. An entry
208208 is also added to the ` authentication ` section of the DID document.
209209
210- Note, the ` delegateType ` is a ` bytes32 ` type for Ethereum gas efficiency reasons and not a ` string ` . This
210+ Note, the ` delegateType ` is a ` bytes32 ` type for Ethereum gas efficiency reasons and not a ` string ` . This
211211restricts us to 32 bytes, which is why we use the short hand versions above.
212212
213213Only events with a ` validTo ` in seconds greater or equal to the current time should be included in the DID document.
214214
215215#### Non-Ethereum Attributes
216216
217- Non-Ethereum keys, service endpoints etc. can be added using attributes. Attributes only exist on the
217+ Non-Ethereum keys, service endpoints etc. can be added using attributes. Attributes only exist on the
218218blockchain as contract events of type ` DIDAttributeChanged ` and can thus not be queried from within solidity code.
219219
220220 event DIDAttributeChanged(
@@ -225,10 +225,10 @@ blockchain as contract events of type `DIDAttributeChanged` and can thus not be
225225 uint previousChange
226226 );
227227
228- Note, the name is a ` bytes32 ` type for Ethereum gas efficiency reasons and not a ` string ` . This restricts us to
228+ Note, the name is a ` bytes32 ` type for Ethereum gas efficiency reasons and not a ` string ` . This restricts us to
22922932 bytes, which is why we use the short hand attribute versions below.
230230
231- While any attribute can be stored, for the DID document we currently support adding to each of these sections of
231+ While any attribute can be stored, for the DID document we currently support adding to each of these sections of
232232the DID document:
233233
234234- Public Keys
@@ -255,7 +255,7 @@ generates a public key entry like the following:
255255
256256##### Base64 encoded Ed25519 Verification Key
257257
258- A ` DIDAttributeChanged ` event for the identity ` 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74 ` with the name
258+ A ` DIDAttributeChanged ` event for the identity ` 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74 ` with the name
259259` did/pub/Ed25519/veriKey/base64 ` and the value of ` 0xb97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71 `
260260generates a public key entry like this:
261261
@@ -272,8 +272,8 @@ The name of the attribute should follow this format:
272272
273273` did/svc/[ServiceName] `
274274
275- A ` DIDAttributeChanged ` event for the identity ` 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74 ` with the name
276- ` did/svc/HubService ` and value of the URL ` https://hubs.uport.me ` hex encoded as
275+ A ` DIDAttributeChanged ` event for the identity ` 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74 ` with the name
276+ ` did/svc/HubService ` and value of the URL ` https://hubs.uport.me ` hex encoded as
277277` 0x68747470733a2f2f687562732e75706f72742e6d65 ` generates a service endpoint entry like the following:
278278
279279 {
@@ -297,22 +297,22 @@ Two cases need to be distinguished:
297297- In case no changes were written to ERC1056, nothing needs to be done, and the private key which belongs to the
298298 Ethereum address needs to be deleted from the storage medium used to protect the keys, e.g., mobile device.
299299- In case ERC1056 was utilized, the owner of the smart contract needs to be set to ` 0x0 ` . Although, ` 0x0 ` is a valid
300- Ethereum address, this will indicate the identity has no owner which is a common approach for invalidation,
300+ Ethereum address, this will indicate the identity has no owner which is a common approach for invalidation,
301301 e.g., tokens. Other elements of the DID Document may be revoked explicitly by invoking the relevant smart contract
302302 functions as defined by the ERC1056 standard. This includes the delegates and additional attributes. Please find a
303303 detailed description in the [ ERC1056 documentation] ( https://github.com/ethereum/EIPs/issues/1056 ) . All these functions
304304 will trigger the respective Ethereum events which are used to build the DID Document for a given identity as
305- described in [ Enumerating Contract Events to build the DID Document] ( #Enumerating-Contract-Events-to-build-the-DID-Document ) .
305+ described in [ Enumerating Contract Events to build the DID Document] ( #Enumerating-Contract-Events-to-build-the-DID-Document ) .
306306
307307## Reference Implementations
308308
309309The code at [ https://github.com/decentralized-identity/ethr-did-resolver ] ( < > ) is intended to present a reference implementation
310- of this DID method.
310+ of this DID method.
311311
312312## References
313313
314314 ** [ 1] ** < https://w3c-ccg.github.io/did-core/ >
315315
316- ** [ 2] ** < https://github.com/ethereum/EIPs/issues/1056 >
316+ ** [ 2] ** < https://github.com/ethereum/EIPs/issues/1056 >
317317
318318 ** [ 3] ** < https://github.com/decentralized-identity/ethr-did-resolver >
0 commit comments