EW’s DID Library is open-source
As the global electricity sector continues its decentralization—with massive proliferation of distributed energy resources (DERs) such as smart thermostats, behind-the-meter batteries, and electric vehicles—we saw a rapidly growing need to manage user and device identities on the Energy Web Chain and related applications as part of our EW-DOS technology stack. For just one example, our project with transmission system operator Austrian Power Grid leverages DERs to increase grid flexibility, and that requires accurate, secure information about each participating device.
So in September 2019 we set out on a journey to use decentralized digital identities (DIDs) to record identities on the Energy Web Chain (EWC). We started by looking at the Identity Foundation’s work and the long list of DID-compliant implementations. Six of those use Ethereum and have published their source code.
Two in particular stand out as community-supported standards: EIP-1056 proposed by uPort and EIP-725 proposed by LUKSO. These leading smart-contract standards are both in draft status and will probably evolve further. (That said, the discussions around the contract standards have slowed and we do not expect dramatic changes in the near future.) We will use the implementation from uPort for the 1056 standard and are working with long-time EW member FlexiDAO on an implementation of the 725.
The EW DID Library overview
The reason we felt compelled to write our own implementation is that all the other libraries are opinionated when it comes to the so-called “right” way of doing things. Our position is that everything is still in draft mode and we don’t know which standard or approach will win in the long term.
As the specifications are still in flux, we created an implementation that can easily be extended to use any chain and any contract.
We needed a library that can be integrated into both server-side as well as browser-side web applications and be straight forward to use.
The EW DID Library is built around interfaces and factory classes. This allows us to implement multiple versions of any interface to accommodate the different efforts: ERC-1056, ERC-725v2, Kilt, Sovrin, etc. Hopefully, we will not be the only ones to create resolvers for our DID Library.
The universal resolver effort creates a standard way to read a DID document, but there is no standard on verifying claims, especially private claims. By creating a library that can be used with any DID solution, we hope to create a consensus on claims and proof formats.
The current version of the library is in TypeScript, but the approach makes it straightforward to implement the same functionality in any other object-oriented language, such as C#, Java, Swift, or Kotlin. As soon as we are feature-complete, work on additional implementations will start.
CRUD for identities and claims
As a developer integrating this library in your application, you need the CRUD ability to create, read (resolve), update, and delete (revoke) identities and the claims that have been issued by them in order to create, read, and update the DID documents that contain the information.
The first implementation provides the ability to create and update identities in an ERC-1056 registry smart contract and manage delegations and claims. The claims are added as service endpoints. The URI to the claim will point to a store. The first implementation of the store is with IPFS.
We chose to implement the
ethr (ERC-1056) method first, since it is simpler and requires less on-chain components than its more-elaborate ERC-725v2 counterpart in the Ethereum ecosystem.
The EW DID Library allows the creation, issuance, and verification of both public and private claims. It is also possible to selectively disclose portions of a private claim and reuse the same proof. This allows a user to prove that they have successfully passed a know-your-customer (KYC) process without disclosing any information about themselves except their DID and, for example, their email address.
Scope of the DID-Library functionality
The goal of the DID Library is to offer a complete identity life-cycle management solution. There are implemented solutions for:
- Identity creation for an ERC-1056 registry — either simple key pair identity or blockchain proxy identity solution
- Public and private claims (issuance and verification) stored on IPFS
- Selective disclosure of private claim attributes
- Key recovery for proxy identities
We’re currently working on the creation of solutions for:
- Key recovery for private keys based on Parity’s secret store
- Identity and claims management with ERC-725 (proxy account), ERC-734 (Key manager), and ERC-735 (Claims holder)
- Connection of DID and ENS
- Example app that uses DID for user authentication
- Integration with blockchain wallets like Metamask, Gnosis, and Trezor
- Implementation of an identity hub based on IPFS storage
- Access management based on encoding roles in DID-Claims
- Full IAM solution to manage authentication and authorization in any application