DIDs ==== did_doc [example](https://w3c-ccg.github.io/did-spec/#example-19-advanced-did-document-example) ``` { "@context": "https://w3id.org/future-method/v1", "id": "did:example:123456789abcdefghi", "publicKey": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "RsaVerificationKey2018", "controller": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n" }, { "id": "did:example:123456789abcdefghi#keys-3", "type": "Ieee2410VerificationKey2018", "controller": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n" }], "authentication": [ // this mechanism can be used to authenticate as did:...fghi "did:example:123456789abcdefghi#keys-1", // this mechanism can be used to biometrically authenticate as did:...fghi "did:example:123456789abcdefghi#keys-3", // this mechanism is *only* authorized for authentication, it may not // be used for any other proof purpose, so its full description is // embedded here rather than using only a reference { "id": "did:example:123456789abcdefghi#keys-2", "type": "Ed25519VerificationKey2018", "controller": "did:example:123456789abcdefghi", "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" } ], "service": [{ "id": "did:example:123456789abcdefghi#oidc", "type": "OpenIdConnectVersion1.0Service", "serviceEndpoint": "https://openid.example.com/" }, { "id": "did:example:123456789abcdefghi#vcStore", "type": "CredentialRepositoryService", "serviceEndpoint": "https://repository.example.com/service/8377464" }, { "id": "did:example:123456789abcdefghi#xdi", "type": "XdiService", "serviceEndpoint": "https://xdi.example.com/8377464" }, { "id": "did:example:123456789abcdefghi#hub", "type": "HubService", "serviceEndpoint": "https://hub.example.com/.identity/did:example:0123456789abcdef/" }, { "id": "did:example:123456789abcdefghi#messaging", "type": "MessagingService", "serviceEndpoint": "https://example.com/messages/8377464" }, { "type": "SocialWebInboxService", "id": "did:example:123456789abcdefghi#inbox", "serviceEndpoint": "https://social.example.com/83hfh37dj", "description": "My public social inbox", "spamCost": { "amount": "0.50", "currency": "USD" } }, { "type": "DidAuthPushModeVersion1", "id": "did:example:123456789abcdefghi#push", "serviceEndpoint": "http://auth.example.com/did:example:123456789abcdefghi" }, { "id": "did:example:123456789abcdefghi#bops", "type": "BopsService", "serviceEndpoint": "https://bops.example.com/enterprise/" }] "proof": { "type": "LinkedDataSignature2015", "created": "2016-02-08T16:02:20Z", "creator": "did:example:8uQhQMGzWxR8vw5P3UWH1ja#keys-1", "signatureValue": "QNB13Y7Q9...1tzjn4w==" } } ``` ## Mapping of libindy did methods to Aries SDK methods. |libindy |Aries_SDK |Dependencies | |------------------------------|----------------------|------------------------| |`indy_create_and_store_my_did`|`did_create` |`_did_create` | | | |`wallet` | | | |`[indyre._nym_resolve]` | | | |`[indyre._nym_create]` | ||| |`indy_replace_keys_start` |`did_add_keys` |`dev._key_create` | | | |`did_update` | | | |`wallet` | | | |`[indyre._nym_update]` | ||| |`indy_replace_keys_apply` |`did_remove_keys` |`did_update` | | | |`wallet` | | | |`[indyre._nym_update]` | ||| |`indy_store_their_did` |`did_store` |`wallet` | | | |`[indyre._nym_resolve]` | ||| |`indy_key_for_did` |`did_key_get` |`wallet(check cache)` | | | |`indyre._nyms_resolve` | ||| |`None` |`did_inactivate` |`indyre._nym_inactivate`| | | |`wallet` | ||| |`None` |`did_rotate_key` |`_key_create` | | | |`wallet` | | | |`[indyre._nym_update]` | ||| |`indy_key_for_local_did` |`did_key_get` |`_dids_read` | | | |`wallet` | ||| |`indy_set_endpoint_for_did` |`did_endpoint_set` |`did_update` | | | |`wallet` | | | |`[indyre._nym_update]` | ||| |`indy_get_endpoint_for_did` |`did_endpoint ` |`dids_read` | | | |`wallet` | ||| |`indy_set_did_metadata` |`did_metadata_set` |`did_update` | | | |`wallet` | | | |`[indyre._nym_update]` | ||| |`indy_get_did_metadata` |`did_metadata_get` |`dids_read` | | | |`wallet` | ||| |`indy_get_my_did_with_meta` |`my_did_metadata_get` |`dids_read` | | | |`wallet` | ||| |`indy_list_my_dids_with_meta` |`my_did_metadata_list`|`dids_read` | | | |`wallet` | ||| |`None` |`did_delete` |`wallet` | ||| |`indy_abbreviate_verkey` |`abbreviate_verkey` |`_abbreviate_verkey` | ||| |`None` |`key_did_get` |`wallet` | [Optional] _internal_method ## Aries SDK, consumer did methods ### Deprecated , maps old API to did doc ```c ~~did_metadata_set()~~ // does not map to did doc did_metadata_get() // metadata my_did_metadata_get() // metadata + verkey my_did_metadata_list() // all did + metadata + verkey ~~did_endpoint_set~~ // does not map to did doc did_endpoint_get() ``` ### DID doc ```c int32_t aries_did_create(int32_t wallet_handle, const char* const did_options_json, const char* did, const char* vk, const struct ExternError* err); int32_t aries_did_store(int32_t wallet_handle, const char* const did_json, const struct ExternError* err); int32_t aries_did_update(int32_t wallet_handle, const char* const did_update_json, const struct ExternError* err); int32_t aries_did_delete(int32_t wallet_handle, const char* const did, const struct ExternError* err); // Originally wanted to combine ledger reads and wallet reads into one // method. This is unreasoable since we need to have both wallet and ledger // info passed in when only one of the two will be used. Splitting it up. int32_t aries_did_read(int32_t wallet_handle, const char* const did, const char* did_doc, const struct ExternError* err); /** * Resolve a DID Doc from a ledger. */ int32_t aries_did_resolve(int32_t resolver_handle, const char* const did, const char* did_doc, const struct ExternError* err); int32_t aries_did_commit(int32_t wallet_handle, int32_t resolver_handle, const char* const did, const char* did_doc, const struct ExternError* err); // not mutable //did_context_set() // Don't think this makes sense to include. It is always the same. //int32_t did_context_get() int32_t aries_did_authentication_add(int32_t wallet_handle, const char* const did, const char* const authentication, const struct ExternError* err) int32_t aries_did_authentication_get(int32_t wallet_handle, const char* const did, const struct ExternError* err) int32_t aries_did_authentication_remove(int32_t wallet_handle, const char* const did, const char* const authentication, const struct ExternError* err) int32_t aries_did_authentication_list(int32_t wallet_handle, const struct ExternError* err) int32_t aries_did_key_add(int32_t wallet_handle, const char* const did, const char* const key, const struct ExternError* err) int32_t aries_did_key_get(int32_t wallet_handle, const char* const did, const struct ExternError* err) int32_t aries_did_key_remove(int32_t wallet_handle, const char* const did, const char* const key, const struct ExternError* err) int32_t aries_did_key_list(int32_t wallet_handle, const struct ExternError* err) int32_t aries_did_service_add(int32_t wallet_handle, const char* const did, const char* const service, const struct ExternError* err) int32_t aries_did_service_get(int32_t wallet_handle, const struct ExternError* err) int32_t aries_did_service_remove(int32_t wallet_handle, const char* const service, const struct ExternError* err) int32_t aries_did_service_list(int32_t wallet_handle, const struct ExternError* err) int32_t aries_abbreviate_verkey(const char* const verkey, const struct ExternError* err) ``` ### Example of Aries SDK Usage ```python from aries import did, key, wallet, resolver # Separate "key" api? wallet_config = { #... } # Note the abscence of async. Maybe we include a python wrapper # that does make the calls async. wallet_handle = wallet.create(wallet_config) # Leaving the wallet selection up to the wrapper/framework/app makes sense. # They can decided how they want to handle multiple open wallets. # Create a "public" DID sov_did, sov_vk = did.create( wallet_handle, {'method': 'sov', 'seed': '...'}, { 'service': [{}, {}], #imagine proper service blocks 'authentication': [{}], 'key': [] # If empty or omitted, only sov_vk is included in publicKey list of DIDDoc } ) # Optionally update DIDDoc elements with update after creation: did.update( # Overwrites? What happens to sov_key? wallet_handle, sov_did, { 'service': [{}, {}], #imagine proper service blocks 'authentication': [{}], 'key': [] # If empty or omitted, only sov_vk is included in publicKey list of DIDDoc } ) # Create and add another key another_key = key.create(wallet_handle, {'type': sov_vk['type']}) did.key_add(wallet_handle, sov_did, another_key) # Open and commit to ledger resolver_handle = resolver.open({'method': 'sov'}) did.commit(wallet_handle, resolver_handle, sov_did) # Read DIDDoc info out of the wallet? Or pass it in? resolver.close(resolver_handle) wallet.close(wallet_handle) ``` ## Aries dev, wallet internal did resource methods // need better names specific to wallet interface did_create(args,result,error) did_update(args,error) did_read({return_fields:[],selection_criteria:'did=123'},result,error) did_delete(args,error) ## Indy resolver, ledger nym resource methods _nym_create(args, result, error) _nym_resolve() _nym_update(args, result, error) _nym_inactivate(args, Result, Error) ## Aries, did constructors _did_create(args,result,error) _key_create() _linked_key_create(DidArgs, Result, Error) ???_abbreviate_verkey(args,result,error) ???_did_parse(DidArgs, Result, Error) ## Aries dev Inputs - the resource methods are designed to provide a complete CRUD interface to the wallet. - creation of new objects in the wallet takes three arguments, args, result and error. - args is a struct with all needed parameters to create the new object to be inserted into the wallet. - result is a pointer to where the results will be written - error is a pointer to where any errors will be written - update and delete takes two arguments, args and error. - args is a struct that contains all information needed to update the object in the wallet - error is a pointer to where any errors will be written - read takes three arguments, args, result and error. - args is a struct that contains all information needed to update the object in the wallet - the method type can be thought of as a table in the wallet db. - return_fields is a list of fields to be returned - selection_criteria is the constraints to be applied on what will be returned. - result is a pointer to where the results will be written - error is a pointer to where any errors will be written - security of the wallet is yet to be solved. ## Questions - should dids have a meta data or is all data in docs. - Should aries did create take a "doc" as an argument for easy cloning of # Rich Schema ## Indy resolver, ledger schema resource methods ## Aries Anon_cred consumer SDK ```c extern int32_t aries_schema_validate(const char* const schema, const struct ExternError* err); extern int32_t aries_schema_commit(int32_t wallet_handle, const char* const did, const char* schema_json, const struct ExternError* err); extern int32_t aries_context_validate(const char* const context, const struct ExternError* err); extern int32_t aries_context_commit(int32_t wallet_handle, const char* const did, const char* context_json, const struct ExternError* err); extern int32_t aries_mapping_validate(const char* const mapping, const struct ExternError* err); extern int32_t aries_mapping_commit(int32_t wallet_handle, const char* const did, const char* mapping_json, const struct ExternError* err); extern int32_t aries_encoding_validate(const char* const encoding, const struct ExternError* err); /* Encodings: * UTF-8_SHA-256 * DateRFC3339_SecondsSince1970 * DateRFC3339_DaysSince1900 * HeightISO18013_HeightInInches * Double_BigDecimal * 32Integer_256Integer */ extern int32_t aries_encode_attribute(const char* const encoding, const char* const attribute, const char* encoded_attribute, const struct ExternError* err); extern int32_t aries_pres_def_validate(const char* const pres_def, const struct ExternError* err); extern int32_t aries_pres_def_commit(int32_t wallet_handle, const char* const did, const char* pres_def_json, const struct ExternError* err); extern int32_t aries_cred_def_create(int32_t wallet_handle, const char* const cred_def_options_json,// mapping_id, schema_id, context_id, const char* const did, const char* cred_def, const struct ExternError* err); extern int32_t aries_cred_def_commit(int32_t wallet_handle, const char* const did, const char* cred_def_json, const struct ExternError* err); ```