-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdid-method-spec.html
246 lines (236 loc) · 9.57 KB
/
did-method-spec.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title>HRDKOREA DID Method Specification</title>
<script src='https://www.w3.org/Tools/respec/respec-w3c' class='remove'></script>
<script type="text/javascript" class="remove">
var respecConfig = {
specStatus: "ED",
editors: [
{ name: "Jeongpyo Lee", url: "https://github.com/JpyoLee",
company: "HRDKOREA", companyURL: "https://www.hrdkorea.or.kr"},
],
edDraftURI: "https://github.com/HRDKOR/hrdkorea-did",
shortName: "HRDKorea"
};
</script>
<style>
pre .highlight {
font-weight: bold;
color: Green;
}
pre .subject {
font-weight: bold;
color: RoyalBlue;
}
pre .property {
font-weight: bold;
color: DarkGoldenrod;
}
pre .comment {
font-weight: bold;
color: SteelBlue;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.color-text {
font-weight: bold;
text-shadow: -1px 0 black, 0 1px black, 1px 0 black, 0 -1px black;
}
</style>
</head>
<body>
<section class="introductory">
<h2>About</h2>
<p>
The HRDKOREA (HRDKOREA wallet) DID method specification conforms to the requirements specified in the DID specification
currently published by the W3C Credentials Community Group. For more information about DIDs and
DID method specifications, please see the
<a href="https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/topics-and-advance-readings/did-primer.md">
DID Primer</a> and <a href="https://w3c-ccg.github.io/did-spec/">DID Spec</a>.
</p>
</section>
<section id='abstract'>
<p>
Qnet network is a consortium blockchain network operated by trusted institutions in South Korea. Qnet
network operates based on HRDKOREA's ston ledger technology and aims to provide various blockchain services.
Hrdkorea identity is a priority service, and we are currently operating the service under the name
<a href="https://mo.q-net.or.kr">qnet</a>. The HRDKOREA (HRDKOREA wallet) DID method is a
method of storing DIDs and managing DID Documents in the qnet network.
</p>
</section>
<section id='sotd'></section>
<section>
<h2>HRDKOREA DID Method </h2>
<p>
The namestring that shall identify this DID method is: <code>hrdkorea</code>
</p>
<p>
A DID that uses this method MUST begin with the following prefix: <code>did:hrdkorea</code>.
Per the DID specification, this string MUST be in lowercase. The remainder of the DID, after the prefix,
is the NSI specified below.
</p>
</section>
<section>
<h2>Namespace Specific Identifier (NSI)</h2>
<p>
The HRDKOREA DID scheme is defined by the following <a href="ftp://ftp.rfc-editor.org/in-notes/std/std68.txt">ABNF</a>:
</p>
<code>
hrdkorea-did = "did:hrdkorea:" *(":" network) ":" idstring <br>
idstring = 21*22(base58char)<br>
network = "testnet" / "devnet"<br>
base58char = "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9" / "A" / "B" / "C"<br/>
/ "D" / "E" / "F" / "G" / "H" / "J" / "K" / "L" / "M" / "N" / "P" / "Q"<br/>
/ "R" / "S" / "T" / "U" / "V" / "W" / "X" / "Y" / "Z" / "a" / "b" / "c"<br/>
/ "d" / "e" / "f" / "g" / "h" / "i" / "j" / "k" / "m" / "n" / "o" / "p"<br/>
/ "q" / "r" / "s" / "t" / "u" / "v" / "w" / "x" / "y" / "z"<br>
</code>
<p>
All HRDKOREA DIDs are base58 encoded using the Bitcoin/IPFS alphabets of a 16-byte uuid.
The encoding uses most alphas and digits, omitting 0OIl to avoid readability problems. This
gives an NSI length of either 21 or 22 characters, and it means that DIDs are case-sensitive and may not
be case-normalized, even though the prefix is always lower-case.
</p>
<p>
Optional a network may be specified to indicate which qnet network contains the DID Document.
</p>
<h3>Identifier Generation Method</h3>
<p>
The 16-byte uuid underlying a HRDKOREA DID can be generated in various ways--using standard uuid methods, for example, or
by selecting the first 16 bytes of a 256 bit Ed25519 verification key (the public
portion of the key pair).
</p>
<p>
A convenient regex to match <code>hrdkorea</code> DIDs is:
</p>
<code>^[1-9A-HJ-NP-Za-km-z]{21,22}$</code>
<p>
A convenient regex to match the entire did string is:
</p>
<code>^did:hrdkorea(?:(testnet|devnet)):[1-9A-HJ-NP-Za-km-z]{21,22}$</code>
<h3>Examples</h3>
<p>
Valid <code>hrdkorea</code> DIDs might be:
</p>
<pre class="example" title="A simple did:hrdkorea values">
did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP
did:hrdkorea:testnet:SMi7CxBdvQemKU88zAnoL
</pre>
</section>
<section>
<h2>CRUD Operations</h2>
<h3>Create (Register)</h3>
<p>
Creating an HRDKOREA DID is done through the process of submitting a transaction to the Qnet Network. The HRDKOREA
DID value contains a cryptographic key pair and a public key. Also, for DID creation, the owner of an
administrator-privileged DID must request the transaction. The qnet network verifies the authorization of
the transaction requester by checking the DID and signature.
</p>
<p>
The contents to be included in the requested transaction are:
</p>
<ul>
<li>Requester's DID</li>
<li>Requester's DID signature</li>
<li>DID to be created</li>
<li>Valid DID Document information</li>
</ul>
<p>
Through this, a DID Document in did:hrdkorea format is generated. The example below shows the DID Document of
<code>did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP</code>.
</p>
<pre class="example" title="A DID Document derived from a did:hrdkorea">
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2018/v1"
],
"id": "did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP",
"verificationMethod": [
{
"id": "did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP#key-1",
"type": "Ed25519VerificationKey2018",
"controller": "did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP",
"publicKeyBase58": "9q5LNP31xbCcQZoprB6ikyAxyuFadsQoJ2Yx9WCim6qi"
}
],
"authentication": [
"did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP#key-1"
],
"assertionMethod": [
"did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP#key-1"
],
"service": [
{
"id": "did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP#didcomm-1",
"type": "DIDCommMessaging",
"serviceEndpoint": "https://endpoint.hrdkorea.io/did:hrdkorea:HCXdNZTEC4hQNtoVXaaRhP"
}
]
}
</pre>
<h3>Read (Resolve)</h3>
<p>
Although the qnet network is a consortium blockchain network, anyone can perform an operation to read the
HRDKOREA DID record because it aims for a public service. The response value is a DID Document and follows the
same format as the above <a href="#example-a-did-document-derived-from-a-did-hrdkorea">example</a>.
</p>
<p>
The content to be included in the requested transaction is:
</p>
<ul>
<li>DID to be queried</li>
</ul>
<h3>Update (Replace)</h3>
<p>
Replacing a DID can be requested by the owner of an administrator-privileged DID or the owner of the DID.
After that, the DID Document is newly registered and the existing information is ignored.
</p>
<p>
The contents to be included in the requested transaction are:
</p>
<ul>
<li>Requester's DID</li>
<li>Requester's DID signature</li>
<li>DID to be replaced</li>
<li>Valid DID Document information</li>
</ul>
<h3>Delete (Revoke)</h3>
<p>
Revoking a DID can be requested by the owner of an administrator-privileged DID or by the owner of the DID.
After that, the authority of the corresponding DID is removed and the DID Document is deleted.
</p>
<p>
The contents to be included in the requested transaction are:
</p>
<ul>
<li>Requester's DID</li>
<li>Requester's DID signature</li>
<li>DID to be revoked</li>
</ul>
</section>
<section>
<h2>Security Considerations</h2>
<p>
Qnet network operates based on the authority of the DID owner. Only the owner of the administrator-privilege
DID can create a new DID, and the owner of the newly created DID can only manage their own DID Document.
Based on these permission policies, an attacker's attack can be minimized. In particular, the
administrator-privilege DID is managed only inside the Qnet network.
</p>
</section>
<section>
<h2>Privacy Considerations</h2>
<p>
Since the DID Document stored in the Qnet network contains only public information of a pseudonym,
anonymity can be guaranteed. The only thing the DID owner should be aware of is that, since the DID Document
is stored in the ledger, even if it is revoked, the existing information remains in the ledger.
Concerns about this are ongoing.
</p>
</section>
<section id='conformance'></section>
</body>
</html>