current position:Home>Blockchain application series - did

Blockchain application series - did

2022-02-03 05:27:29 Brick moving leader

Reference resources :

First time to know

If we want to use blockchain to do DID(Decentralized Identity) Words , Three main points involved :

  • De centralization : The complete control of users' personal identity , Only you know the password , Only you have permission to modify 、 Read identity information
  • Interworking : Sign up for a digital identity , You can log in to any digital service of other service providers .
  • Privacy protection : Users keep their own data , Thus, it can determine which data the service provider can call .

Personally, I think our chain has the ability to provide DID Corresponding basic services :

  • De centralization : Registration and authority authentication of accounts on the chain , The private key is kept by the user himself , It can be used for login authentication and authorization
  • Interworking : The login authentication node of the chain (API node ) Provide account authority authentication services , Other Internet / Digital service providers access our authentication SDK
  • Privacy protection : The certificate to be presented is produced after being certified by an authority proof And signature , The service provider will not get the privacy data itself , They can verify Your proof

A term is used to explain

  • DID Method : This enables implementers to design specific types of DID, With a computing infrastructure they trust ( For example, distributed ledger , Distributed file system , Distributed database , Peer-to-peer networks ) Use it together . Specific types of DID The specification of is called DID Method . Use DID The implementer of an application or system can choose to support the application that best suits its specific use case DID Method .( You don't have to use blockchain )

  • Verifiable data registry : In order to be parsed as DID file ,DID Usually recorded on some underlying system or network . No matter what specific technology is used , Any supporting records DID And return to generate DID Such systems for the data necessary for documents are called verifiable data registries . Examples include distributed ledgers , Distributed file system , Any type of database , The government ID database , Peer to peer networks and other forms of trusted data storage .

  • Decentralized identifier (DID): Globally unique permanent identifier , Because it is generated by password and / Or registered , Therefore, there is no need for a centralized registration authority . DID The general format of is in DID Core As defined in the specification . stay DID Specific methods are defined in the method specification DID programme . many ( But not all )DID Methods using distributed ledger technology (DLT) Or some other form of decentralized network .

  • Distributed ledger (DLT): Decentralized system for recording events . These systems build enough confidence for participants , So that it can rely on the data recorded by others to make operational decisions . They usually use distributed databases , Different nodes use consensus protocol to confirm the order of cryptographically signed transactions . Over time , Links to digitally signed transactions usually make the history of the general ledger effectively immutable .( such as Blockchain )

  • DIDs: Yes, it will DID The theme And DID Associated with the document URI, Allow trusted interactions associated with this topic .

  • DID file : Every DID Documents can represent encrypted materials , Validate method or service endpoint , This provides a set of mechanisms , send DID The controller can prove to be correct DID The control of .

  • DID file : One DID The file may contain DID The theme itself

  • DID The theme : DID The theme is information resources , Such as data model .

  • PII Personally identifiable information that should be kept confidential : If all are publicly available DID and DID The public verifiable data registry of the document is written DID Method specification , be DID It is important that the document does not contain any personal data . All personal data should be in DID Under the control of the topic, it is saved after the service endpoint . It should also revolve around... In the service endpoint URL Additional due diligence on the use of , To prevent service endpoints URL Accidental disclosure of personal data or relevance in . for example , Contains the user name URL May be dangerously contained in DID In the document , Because the user name may have human meaning , In a way that may inadvertently reveal DID The subject disagrees with the shared information . Use this privacy Architecture , Can be used by DID The public key in the document describes the communication channel for identification and protection , In private , Exchange personal data on a peer-to-peer basis . It also makes DID The subject and the requesting party can implement GDPR( General data protection regulations ) right , because No personal data is written into the immutable distributed ledger .

DID character string

One DID Is a simple text string consisting of three parts :

  • URI Scheme identifier (did)
  • DID Methodical identifier
  • DID Method specific identifier .

DID Document

  "@context": "",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  "service": [{
    "type": "VerifiableCredentialService",
    "serviceEndpoint": ""

Verifiable credential data model

The specification provides a standard approach , It can be encrypted and secure , Respect privacy and machine verifiable ways in Web Express credentials on .

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-MqTVx2oz-1639613215336)(]
[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-9togjJWX-1639613215338)(]

EXAMPLE 40: Usage of the nonTransferable property
  "@context": [
  "id": "",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  "nonTransferable": "True",
  "proof": {
  "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21",
  ... }
EXAMPLE 42: The relationship property in a child's credential
  "@context": [
  "id": "",
  "type": ["VerifiableCredential", "AgeCredential", "RelationshipCredential"],
  "issuer": "",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageUnder": 16,
    "parent": {
      "id": "did:example:ebfeb1c276e12ec211f712ebc6f",
      "type": "Mother"
  "proof": {
      ... }  

Be careful

Avoid using the same verification method for multiple purposes

Past highlights :
Blockchain Knowledge Series
Cryptography series
Zero knowledge proof series
Consensus series
Public chain research series
Bitcoin series
Ethereum series
EOS series
Filecoin series
Alliance chain series
Fabric series
Smart contract series
Token series

copyright notice
author[Brick moving leader],Please bring the original link to reprint, thank you.

Random recommended