Skip to content

Identity

FireFly contains an address book of identities, which is managed in a decentralized way across a multi-party system through claim and verification system.

See FIR-12 for evolution that is happening to Hyperledger FireFly to allow:

  • Private address books that are not shared with other participants
  • Multiple address books backed by different chains, in the same node

Root identities are registered with only a claim - which is a signed transaction from a particular blockchain account, to bind a DID with a name that is unique within the network, to that signing key.

The signing key then becomes a Verifier for that identity. Using that key the root identity can be used to register a new FireFly node in the network, send and receive messages, and register child identities.

When child identities are registered, a claim using a key that is going to be the Verifier for that child identity is required. However, this is insufficient to establish that identity as a child identity of the parent. There must be an additional verification that references the claim (by UUID) using the key verifier of the parent identity.

DIDs

FireFly has adopted the DID standard for representing identities. A "DID Method" name of firefly is used to represent that the built-in identity system of Hyperledger FireFly is being used to resolve these DIDs.

So an example FireFly DID for organization abcd1234 is:

  • did:firefly:org/abcd1234

The adoption of DIDs in Hyperledger FireFly v1.0 is also a stepping stone to allowing pluggable DID based identity resolvers into FireFly in the future.

You can also download a DID Document for a FireFly identity, which represents the verifiers and other information about that identity according to the JSON format in the DID standard.

Example

{
    "id": "114f5857-9983-46fb-b1fc-8c8f0a20846c",
    "did": "did:firefly:org/org_1",
    "type": "org",
    "parent": "688072c3-4fa0-436c-a86b-5d89673b8938",
    "namespace": "ff_system",
    "name": "org_1",
    "messages": {
        "claim": "911b364b-5863-4e49-a3f8-766dbbae7c4c",
        "verification": "24636f11-c1f9-4bbb-9874-04dd24c7502f",
        "update": null
    },
    "created": "2022-05-16T01:23:15Z"
}

Field Descriptions

Field Name Description Type
id The UUID of the identity UUID
did The DID of the identity. Unique across namespaces within a FireFly network string
type The type of the identity FFEnum:
"org"
"node"
"custom"
parent The UUID of the parent identity. Unset for root organization identities UUID
namespace The namespace of the identity. Organization and node identities are always defined in the ff_system namespace string
name The name of the identity. The name must be unique within the type and namespace string
description A description of the identity. Part of the updatable profile information of an identity string
profile A set of metadata for the identity. Part of the updatable profile information of an identity JSONObject
messages References to the broadcast messages that established this identity and proved ownership of the associated verifiers (keys) IdentityMessages
created The creation time of the identity FFTime
updated The last update time of the identity profile FFTime

IdentityMessages

Field Name Description Type
claim The UUID of claim message UUID
verification The UUID of claim message. Unset for root organization identities UUID
update The UUID of the most recently applied update message. Unset if no updates have been confirmed UUID