星火链网RFC-005:星火链网BID标识解析协议规范 #6
Comments
1. 序言编号:RFC-005 类型:RFC 标题:星火链网BID标识解析协议规范 作者:魏星,weixing3@caict.ac.cn 发布时间:2021-12-10 状态: 更新时间: 讨论地址:#6 依赖RFC:无 2. 摘要本文介绍星火链网BID标识解析和使用的规范定义。 3. 动机为了实现BID解析,设计一种基于分布式标识符DID规范的、基于星火链网分层架构的、可以实现寻址功能和数字身份功能的、工业互联网和物联网场景下的通用性标识解析协议,本篇rfc是对该协议的具体阐述。 4. 原理4.1 架构BID的组成结构如下:
4.2 协议元数据BID的协议元数据为BID文档。BID文档遵循DID Document规范,并在之基础上做了一定的扩展。BID文档字段说明如下:
其中签名内容为对凭证字段的字符串组合进行签名,格式参考签名规则。当type为其他属性类型时,属性为如下结构:
4.3 BID解析协议BID解析是指获取给定BID的BID文档的过程,所有主链上的超级节点和接入星火链网的子链均需支持BID解析。 4.3.1 主链解析架构主链支持解析主链BID文档、子链解析服务地址两类数据。解析主链BID文档分为解析主链普通属性BID文档和解析凭证属性BID文档。解析子链解析服务地址又分为根据带AC号的BID解析子链的解析服务地址和根据子链解析服务BID解析子链的解析服务地址。
4.3.2 子链解析架构
5. 规范文本解析协议传输使用HTTP/HTTPS通信协议,使用JSON编码。 5.1 BID解析接口名称:BID解析接口(GET方法) 接口说明:根据BID解析BID内容 接口地址:http://${url}/${bid},url为解析服务的地址,bid为要解析的BID 成功返回参数:解析成功返回BID文档
当文档属性为凭证类型时,attributes结构如下:
当文档属性为其他类型时,attributes结构如下:
当service.type为子链解析服务时,service结构如下:
1.成功返回普通BID文档示例: {
"errorCode": 0,
"data": {
"didDocument": {
"@context": ["https://www.w3.org/ns/did/v1"],
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKey": [{
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1",
"type": "Ed25519",
"controller": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKeyHex": "b9906e1b50e81501369cc777979f8bcf27bd1917d794fa6d5e320b1ccc4f48bb"
}],
"authentication": ["did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1"],
"extension": {
"recovery": ["did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-2"],
"ttl": 86400,
"delegateSign ": {
"signer": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
},
"type": 206
},
"service": [{
"id": "did:bid:ef24NBA7au48UTZrUNRHj2p3bnRzF3YCH#subResolve",
"type": "DIDSubResolve",
"version": "1.0.0",
"serverType": 1,
"protocol": 3,
"serviceEndpoint": "192.168.1.23",
"port": 8080
}],
"created": "2021-05-10T06:23:38Z",
"updated": "2021-05-10T06:23:38Z",
"proof": {
"creator": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": "9E07CD62FE6CE0A843497EBD045C0AE9FD6E1845414D0ED251622C66D9CC927CC21DB9C09DFF628DC042FCBB7D8B2B4901E7DA9774C20065202B76D4B1C15900"
}
}
},
"message": "success"
}
{
"errorCode": 0,
"message": "success",
"data": {
"didDocument": {
"@context": [
"https://www.w3.org/ns/did/v1"
],
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKey": [
{
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1",
"type": "Ed25519",
"controller": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKeyHex": "b9906e1b50e81501369cc777979f8bcf27bd1917d794fa6d5e320b1ccc4f48bb"
}
],
"authentication": [
"did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1"
],
"extension": {
"recovery": [
"did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-2"
],
"ttl": 86400,
"delegateSign ": {
"signer": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
},
"type": 205,
"attributes": [
{
"issuer": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG",
"issuanceDate": "2021-01-20T12:01:20Z",
"effectiveDate": "2021-01-20T12:01:20Z",
"expirationDate": "2021-04-02T12:01:20Z",
"revocationId": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#revocation",
"credentialSubject": {
"id": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG",
"type": 202,
"name": "北京大学",
"content": { }
},
"proof": [
{
"creator": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": "9E07CD62FE6CE0A843497EBD045C0AE9FD6E1845414D0ED251622C66D9CC927CC21DB9C09DFF628DC042FCBB7D8B2B4901E7DA9774C20065202B76D4B1C15900"
}
]
}
]
},
"service": [
{
"id": "did:bid:ef24NBA7au48UTZrUNRHj2p3bnRzF3YCH#revocation",
"type": " DIDRevocation",
"serviceEndpoint": "https://did.bif.com"
}
],
"proof": {
"creator": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": " eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
}
}
}
}
{
"errorCode": 0,
"message": "success",
"data": {
"didDocument": {
"@context": [
"https://www.w3.org/ns/did/v1"
],
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKey": [
{
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1",
"type": "Ed25519",
"controller": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKeyHex": "b9906e1b50e81501369cc777979f8bcf27bd1917d794fa6d5e320b1ccc4f48bb"
}
],
"authentication": [
"did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1"
],
"extension": {
"recovery": [
"did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-2"
],
"ttl": 86400,
"delegateSign ": {
"signer": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
},
"type": 206
},
"service": [
{
"id": "did:bid:ef24NBA7au48UTZrUNRHj2p3bnRzF3YCH#subResolve",
"type": "DIDSubResolve",
"version": "1.0.0",
"serverType": 1,
"protocol": 3,
"serviceEndpoint": "192.168.1.23",
"port": 8080
}
],
"proof": {
"creator": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1", "signatureValue": " eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
}
}
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.2 BID字段解析BID解析协议还支持解析BID文档里的某些字段,支持解析publicKey、attributes、acsns、verifiableCredentials、service字段的解析。 5.2.1 公钥解析1. 解析所有的公钥 接口地址:http://${url}/${bid}/public-keys,url为解析服务的地址,bid为要解析的BID, 成功返回参数:
成功返回示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKey": [{
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1",
"type": "Ed25519",
"controller": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKeyHex": "b9906e1b50e81501369cc777979f8bcf27bd1917d794fa6d5e320b1ccc4f48bb"
}, {
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-2",
"type": "Ed25519",
"controller": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71"
}]
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}2. 解析指定的公钥 接口地址:http://${url}/${bid}/public-keys/${publicKey},url为解析服务的地址,bid为要解析的BID,publicKey为要解析的公钥id 成功返回参数:
成功返回示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKey": {
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2#key-1",
"type": "Ed25519",
"controller": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"publicKeyHex": "b9906e1b50e81501369cc777979f8bcf27bd1917d794fa6d5e320b1ccc4f48bb"
}
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.2.2 属性解析接口地址:http://${url}/${bid}/attributes,url为解析服务的地址,bid为要解析的BID, 成功返回参数:
成功返回证书属性示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"attributes": [{
"issuer": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG",
"issuanceDate": "2021-01-20T12:01:20Z",
"effectiveDate": "2021-01-20T12:01:20Z",
"expirationDate": "2021-04-02T12:01:20Z",
"revocationId": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#revocation",
"credentialSubject": {
"id": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG",
"type": 202,
"name": "北京大学",
"description": "",
"context":{}
},
"proof": [{
"creator": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#key-1",
"signatureValue": "9E07CD62FE6CE0A843497EBD045C0AE9FD6E1845414D0ED251622C66D9CC927CC21DB9C09DFF628DC042FCBB7D8B2B4901E7DA9774C20065202B76D4B1C15900"
}]
}]
}
}成功返回其他属性示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"attributes": [{
"key": "contract",
"desc": "智能合约地址",
"encrypt": "false",
"format": "text",
"value": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG"
}]
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.2.3 AC号解析主链解析服务需要支持此接口。 1. 解析所有的AC号列表 成功返回参数:
成功返回示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"acsns": [
"abcd",
"1234"
]
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.2.4 凭证列表解析接口地址:http://${url}/${bid}/verifiableCredentials,url为解析服务的地址,bid为要解析的BID, 成功返回参数:
成功返回示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"verifiableCredentials ": [
{
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"type": 202
}
]
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.2.5 服务地址解析接口地址:http://${url}/${bid}/services?id=${id},url为解析服务的地址,bid为要解析的BID,id为服务id 普通服务成功返回参数:
普通服务成功返回示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"service": {
"id": "did:bid:ef24NBA7au48UTZrUNRHj2p3bnRzF3YCH#storage",
"type": "DIDStorage",
"serviceEndpoint": "https://did.bif.com"
}
}
}子链解析地址服务成功返回参数:
子链解析地址服务成功返回示例: {
"errorCode": 0,
"message": "success",
"data": {
"version": "1.0.0",
"id": "did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2",
"service": {
"id": "did:bid:ef24NBA7au48UTZrUNRHj2p3bnRzF3YCH#subresolve",
"type": "DIDSubResolve",
"version": "1.0.0",
"serverType": 1,
"protocol":3,
"serviceEndpoint": "192.168.1.23",
"port":8080
}
}
}失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.3 递归解析BID标识依托于星火链主子链架构,是一个层次化的模型,由主链和子链组成。BID解析时通过递归解析系统,先到主链解析有子链解析服务地址的BID文档,再到子链查询具体的BID文档。 5.3.1 递归解析递归解析为通过递归解析服务迭代查询BID文档的过程,解析接口和BID解析保持一致。
具体递归解析流程如下: 1) 用户通过BID递归解析服务查询did:bid: 1234:as3e5tg56hhy6 2) 递归解析到主链解析did:bid: 1234:as3e5tg56hhy6 3) 主链内部解析did:bid:1234的BID文档,包含AC号为1234的子链的解析地址 4) 递归解析到子链解析did:bid: 1234:as3e5tg56hhy6 5) 子链解析服务返回did:bid: 1234:as3e5tg56hhy6在子链解析服务上的BID文档 6) 递归解析系统将解析结果返回给用户 5.3.2 可信解析可信解析主要是对BID文档的公钥和签名内容进行可信验证,遵循DPKI规范,在整个星火链网内存在多个为普通BID 文档publickKey签名认证的认证BID,保证数据来源的可靠性,确保递归解析过程中每个经过的解析服务都是可信的。BID递归解析系统需要实现此接口,在递归解析的过程中,确保中间解析服务地址没有被篡改。 1. 可信签名流程
2. 可信解析流程
3 可信解析接口 接口名称:BID可信解析接口(GET方法) 接口说明:根据BID解析BID内容 接口地址:http://${url}/${bid}?verify=true,url为解析服务的地址,bid为要解析的BID 成功返回参数:
失败返回参数:
失败返回示例: {
"errorCode": 6,
"message": "not found"
}5.4 签名算法5.4.1 约束条件要序列化的bid数据(尤其是extension字段)必须适用于 I‑JSON [ RFC7493 ] 格式,这意味着以下内容:
5.4.2 签名规则
5.4.3 签名步骤
5.4.4 示例5.4.4.1 凭证签名源数据: {
"issuer": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG",
"issuanceDate": "2021-01-20T12:01:20Z",
"effectiveDate": "2021-01-20T12:01:20Z",
"expirationDate": "2021-04-02T12:01:20Z",
"revocationId": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#revocation",
"credentialSubject": {
"id": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG",
"type": 202,
"name": "asc",
"content": {"registerCapital":"1000.0","status":"2" }
},
"proof": [
{
"creator": "did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1",
"signatureValue": "4TWzvxXDgejyWK7syUeg68WFd6Kf5cGV8bnEYR35UaKX18VRwemnnBuuGkMHGrSP2qbDac9WwhTffLQhyzz2Vp5m"
}
]
}排序: {"credentialSubject":{"content":{"registerCapital":"1000.0","status":"2"},"id":"did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG","name":"asc","type":202},"effectiveDate":"2021-01-20T12:01:20Z","expirationDate":"2021-04-02T12:01:20Z","issuanceDate":"2021-01-20T12:01:20Z","issuer":"did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG","revocationId":"did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG#revocation"}签名: 使用测试私钥priSPKp8oiiAXGZaXFBMKEAoL2b6J6UDQCw4x39ereXYtyAejM,运用Ed25519算法计算待签名字节数据(排序后的数据转为字节)并Base58编码。 5.4.4.2 BID文档签名源数据: {
"@context": ["https://w3.org/ns/did/v1"],
"id": "did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx",
"created": "2021-06-24T09:10:09Z",
"updated": "2021-06-24T09:10:09Z",
"extension": {
"recovery": ["did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1"],
"attributes": [{
"key": "contract",
"encrypt": 1,
"format": "text",
"desc": "contract address",
"value": "did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG"
}],
"ttl": 86400,
"type": 105
},
"authentication": ["did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1"],
"publicKey": [{
"controller": "did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx",
"id": "did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1",
"publicKeyHex": "b06566f76733ae048fda721d47afe8780b572636496c93253db86dc8d5427fc54e9a06",
"type": "Ed25519"
}],
"proof": {
"creator": "did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx #key-1",
"signatureValue": " 5jFX6UKMVTg73LCWamNdeZACCMftMjSrJvZpL86ULefr3216SKRfgH6YkrmHT5DACYSpVEeN9RcnNES8cAHBVsMw"
},
"version": "1.1.0"
}
排序: {"@context":["https://w3.org/ns/did/v1"],"authentication":["did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1"],"created":"2021-06-24T09:10:09Z","extension":{"attributes":[{"desc":"contract address","encrypt":1,"format":"text","key":"contract","value":"did:bid:efJgt44mNDewKK1VEN454R17cjso3mSG"}],"recovery":["did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1"],"ttl":86400,"type":105},"id":"did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx","publicKey":[{"controller":"did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx","id":"did:bid:ef18F9AVK4SQLZPRrPkrVWwp9kbpdXHx#key-1","publicKeyHex":"b06566f76733ae048fda721d47afe8780b572636496c93253db86dc8d5427fc54e9a06","type":"Ed25519"}],"updated":"2021-06-24T09:10:09Z","version":"1.1.0"}签名: 使用测试私钥priSPKp8oiiAXGZaXFBMKEAoL2b6J6UDQCw4x39ereXYtyAejM,运用Ed2519算法计算待签名字节数据(排序后的数据转为字节)并Base58编码。 6. 实现6.1 分布式数字身份认证车管所、交管局等在星火链上有自己的身份信息BID,用户购买车以后也会在星火链上注册汽车的身份信息BID,车管所、交管局等给汽车颁发允许其上路正常行驶所需的凭证,汽车将凭证也上传到星火链上。汽车上路的时候,监控拍摄到汽车的BID, 通过BID递归解析到汽车的凭证,再通过BID递归解析到颁发凭证的车管所、交管局的数字身份信息,从而验证汽车的凭据的有效性,实现智能设备的交互。
2) 用户购买汽车后在星火链网注册自己的数字身份 3) 车管所、交管局给汽车办法电子凭证 4) 汽车在路上行驶时探头扫描汽车的电子凭证 5) 探头通过递归解析到星火链网解析车管所、交管局的数字身份 6) 探头通过车管所、交管局的数字身份验证汽车的电子凭证 6.2 分布式解析实现一物一码溯源同一私钥控制的同一产品的BID标识, 在主链和不同子链上都有不同的信息,在主链上存储着不同子链AC号对应的地址,在子链上存储着具体产品信息,用户通过BID解析器解析该BID, 通过BID递归内部的递归和分布式解析,最终给用户返回产品的完整信息。 1)用户通过BID递归解析服务解析BID did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2 2)递归解析到主链解析did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2 3)主链返回did:bid:efnVUgqQFfYeu97ABf6sGm3WFtVXHZB2所在的子链AC号列表和子链所属的BID 4)递归解析到主链解析子链的地址 5)主链返回该子链的地址 6)递归解析到各子链解析带有AC号的BID 7)各子链返回该BID在子链上的信息 8)递归汇总解析结构后返回给用户 7. 缺陷暂无 |
|
演示通过,进入接受阶段。 |
关于星火链网BID标识,如何解析和使用,需要标准规范定义。
生命周期
提出:2021-12-09
演示:2021-12-09
接受:2021-12-10
通过:2021-12-10
The text was updated successfully, but these errors were encountered: