Identity
FireFly contains an address book of identities, which is managed in a decentralized
way across a multi-party system through claim and verification system.
See FIR-12 for evolution that is happening to Hyperledger FireFly to allow:
- Private address books that are not shared with other participants
- Multiple address books backed by different chains, in the same node
Root identities are registered with only a claim - which is a signed
transaction from a particular blockchain account, to bind a DID with a
name that is unique within the network, to that signing key.
The signing key then becomes a Verifier for that identity. Using that key the root identity can be used to register a new FireFly node in the network, send and receive messages, and register child identities.
When child identities are registered, a claim using a key that is going
to be the Verifier for that child identity is required.
However, this is insufficient to establish that identity as a child identity
of the parent. There must be an additional verification that references
the claim (by UUID) using the key verifier of the parent identity.
DIDs¶
FireFly has adopted the DID standard for
representing identities. A "DID Method" name of firefly is used to represent
that the built-in identity system of Hyperledger FireFly is being used
to resolve these DIDs.
So an example FireFly DID for organization abcd1234 is:
did:firefly:org/abcd1234
The adoption of DIDs in Hyperledger FireFly v1.0 is also a stepping stone to allowing pluggable DID based identity resolvers into FireFly in the future.
You can also download a DID Document for a FireFly identity, which represents the verifiers and other information about that identity according to the JSON format in the DID standard.
Example¶
{
"id": "114f5857-9983-46fb-b1fc-8c8f0a20846c",
"did": "did:firefly:org/org_1",
"type": "org",
"parent": "688072c3-4fa0-436c-a86b-5d89673b8938",
"namespace": "ff_system",
"name": "org_1",
"messages": {
"claim": "911b364b-5863-4e49-a3f8-766dbbae7c4c",
"verification": "24636f11-c1f9-4bbb-9874-04dd24c7502f",
"update": null
},
"created": "2022-05-16T01:23:15Z"
}
Field Descriptions¶
| Field Name | Description | Type |
|---|---|---|
id |
The UUID of the identity | UUID |
did |
The DID of the identity. Unique across namespaces within a FireFly network | string |
type |
The type of the identity | FFEnum:"org""node""custom" |
parent |
The UUID of the parent identity. Unset for root organization identities | UUID |
namespace |
The namespace of the identity. Organization and node identities are always defined in the ff_system namespace | string |
name |
The name of the identity. The name must be unique within the type and namespace | string |
description |
A description of the identity. Part of the updatable profile information of an identity | string |
profile |
A set of metadata for the identity. Part of the updatable profile information of an identity | JSONObject |
messages |
References to the broadcast messages that established this identity and proved ownership of the associated verifiers (keys) | IdentityMessages |
created |
The creation time of the identity | FFTime |
updated |
The last update time of the identity profile | FFTime |
IdentityMessages¶
| Field Name | Description | Type |
|---|---|---|
claim |
The UUID of claim message | UUID |
verification |
The UUID of claim message. Unset for root organization identities | UUID |
update |
The UUID of the most recently applied update message. Unset if no updates have been confirmed | UUID |