Decentralized Identifiers (DIDs) | Blockstack
< meta property = "og:title" content = "Decentralized Identifiers (DIDs)" / >
< body >
< h1 class = "uk-article-title" > Decentralized Identifiers (DIDs)< / h1 >
Sep 10, 2018
< div class = "article-content" >
< p > BNS nodes are compliant with the emerging
< a href = "http://identity.foundation" > Decentralized Identity Foundation< / a > protocol
specification for decentralized identifiers (DIDs).< / p >
< p > Each name in BNS has an associated DID. The DID format for BNS is:< / p >
< div class = "highlighter-rouge" > < pre class = "highlight" > < code > did:stack:v0:{address}-{index}
< / code > < / pre >
< / div >
< p > Where:< / p >
< ul >
< li > < code class = "highlighter-rouge" > < span class = "p" > {< / span > < span class = "err" > address< / span > < span class = "p" > }< / span > < / code > is an on-chain public key hash (e.g. a Bitcoin address).< / li >
< li > < code class = "highlighter-rouge" > < span class = "p" > {< / span > < span class = "err" > index< / span > < span class = "p" > }< / span > < / code > refers to the < code class = "highlighter-rouge" > nth< / code > name this address created.< / li >
< / ul >
< p > For example, the DID for < code class = "highlighter-rouge" > personal.id< / code > is
< code class = "highlighter-rouge" > did:stack:v0:1dARRtzHPAFRNE7Yup2Md9w18XEQAtLiV-0< / code > , because the name
< code class = "highlighter-rouge" > personal.id< / code > was the first-ever name created by
< code class = "highlighter-rouge" > 1dARRtzHPAFRNE7Yup2Md9w18XEQAtLiV< / code > .< / p >
< p > As another example, the DID for < code class = "highlighter-rouge" > jude.id< / code > is < code class = "highlighter-rouge" > did:stack:v0:16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg-1< / code > .
Here, the address < code class = "highlighter-rouge" > 16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg< / code > had created one earlier
name in history prior to this one (which happens to be < code class = "highlighter-rouge" > abcdefgh123456.id< / code > ).< / p >
< p > The purpose of a DID is to provide an eternal identifier for a public key.
The public key may change, but the DID will not.< / p >
< p > Blockstack Core implements a DID method of its own
in order to be compatible with other systems that use DIDs for public key resolution.
In order for a DID to be resolvable, all of the following must be true for a
name:< / p >
< ul >
< li > The name must exist< / li >
< li > The name’s zone file hash must be the hash of a well-formed DNS zone file< / li >
< li > The DNS zone file must be present in the BNS < a href = "atlas_network.md" > Atlas Network< / a > < / li >
< li > The DNS zone file must contain a < code class = "highlighter-rouge" > URI< / code > resource record that points to a signed
JSON Web Token< / li >
< li > The public key that signed the JSON Web Token (and is included with it) must
hash to the address that owns the name< / li >
< / ul >
< p > Not all names will have DIDs that resolve to public keys. However, names created by the < a href = "https://github.com/blockstack/blockstack-browser" > Blockstack
Browser< / a > will have DIDs that
do.< / p >
< p > Developers can programmatically resolve DIDs via the Python API:< / p >
< pre > < code class = "language-Python" > > > > import blockstack
> > > blockstack.lib.client.resolve_DID('did:stack:v0:16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg-1', hostport='https://node.blockstack.org:6263')
{'public_key': '020fadbbcea0ff3b05f03195b41cd991d7a0af8bd38559943aec99cbdaf0b22cc8'}
< / code > < / pre >
< p > A RESTful API is under development.< / p >
< h1 id = "did-encoding-for-subdomains" > DID Encoding for Subdomains< / h1 >
< p > Every name and subdomain in BNS has a DID. The encoding is slightly different
for subdomains, so the software can determine which code-path to take.< / p >
< ul >
< li >
< p > For on-chain BNS names, the < code class = "highlighter-rouge" > < span class = "p" > {< / span > < span class = "err" > address< / span > < span class = "p" > }< / span > < / code > is the same as the Bitcoin address
that owns the name. Currently, both version byte 0 and version byte 5
addresses are supported (i.e. addresses starting with < code class = "highlighter-rouge" > 1< / code > or < code class = "highlighter-rouge" > 3< / code > , meaning < code class = "highlighter-rouge" > p2pkh< / code > and
< code class = "highlighter-rouge" > p2sh< / code > addresses).< / p >
< / li >
< li >
< p > For off-chain BNS subdomains, the < code class = "highlighter-rouge" > < span class = "p" > {< / span > < span class = "err" > address< / span > < span class = "p" > }< / span > < / code > has version byte 63 for
subdomains owned by a single private key, and version byte 50 for subdomains
owned by a m-of-n set of private keys. That is, subdomain DID addresses start
with < code class = "highlighter-rouge" > S< / code > or < code class = "highlighter-rouge" > M< / code > , respectively.< / p >
< / li >
< / ul >
< p > The < code class = "highlighter-rouge" > < span class = "p" > {< / span > < span class = "err" > index< / span > < span class = "p" > }< / span > < / code > field for a subdomain’s DID is distinct from the < code class = "highlighter-rouge" > < span class = "p" > {< / span > < span class = "err" > index< / span > < span class = "p" > }< / span > < / code > field
for a BNS name’s DID, even if the same created both names and subdomains.
For example, the name < code class = "highlighter-rouge" > abcdefgh123456.id< / code > has the DID < code class = "highlighter-rouge" > did:stack:v0:16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg-0< / code > ,
because it was the first name created by < code class = "highlighter-rouge" > 16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg< / code > .
However, < code class = "highlighter-rouge" > 16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg< / code > < em > also< / em > created < code class = "highlighter-rouge" > jude.statism.id< / code >
as its first subdomain name. The DID for < code class = "highlighter-rouge" > jude.statism.id< / code > is
< code class = "highlighter-rouge" > did:stack:v0:SSXMcDiCZ7yFSQSUj7mWzmDcdwYhq97p2i-0< / code > . Note that the address
< code class = "highlighter-rouge" > SSXMcDiCZ7yFSQSUj7mWzmDcdwYhq97p2i< / code > encodes the same public key hash as the address
< code class = "highlighter-rouge" > 16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg< / code > (the only difference between these two
strings is that the first is base58check-encoded with version byte 0, and the
second is encoded with version byte 63).< / p >
< p > You can see this play out in practice with the following code snippit:< / p >
< div class = "language-python highlighter-rouge" > < pre class = "highlight" > < code > < span class = "o" > > > > < / span > < span class = "kn" > import< / span > < span class = "nn" > blockstack< / span >
< span class = "o" > > > > < / span > < span class = "n" > blockstack< / span > < span class = "o" > .< / span > < span class = "n" > lib< / span > < span class = "o" > .< / span > < span class = "n" > client< / span > < span class = "o" > .< / span > < span class = "n" > get_name_record< / span > < span class = "p" > (< / span > < span class = "s" > 'jude.statism.id'< / span > < span class = "p" > ,< / span > < span class = "n" > hostport< / span > < span class = "o" > =< / span > < span class = "s" > 'https://node.blockstack.org:6263'< / span > < span class = "p" > )[< / span > < span class = "s" > 'address'< / span > < span class = "p" > ]< / span >
< span class = "s" > u'16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg'< / span >
< span class = "o" > > > > < / span > < span class = "kn" > import< / span > < span class = "nn" > virtualchain< / span >
< span class = "o" > > > > < / span > < span class = "n" > virtualchain< / span > < span class = "o" > .< / span > < span class = "n" > address_reencode< / span > < span class = "p" > (< / span > < span class = "s" > '16EMaNw3pkn3v6f2BgnSSs53zAKH4Q8YJg'< / span > < span class = "p" > ,< / span > < span class = "n" > version_byte< / span > < span class = "o" > =< / span > < span class = "mi" > 63< / span > < span class = "p" > )< / span >
< span class = "s" > 'SSXMcDiCZ7yFSQSUj7mWzmDcdwYhq97p2i'< / span >
< span class = "o" > > > > < / span > < span class = "n" > blockstack< / span > < span class = "o" > .< / span > < span class = "n" > lib< / span > < span class = "o" > .< / span > < span class = "n" > client< / span > < span class = "o" > .< / span > < span class = "n" > resolve_DID< / span > < span class = "p" > (< / span > < span class = "s" > 'did:stack:v0:SSXMcDiCZ7yFSQSUj7mWzmDcdwYhq97p2i-0'< / span > < span class = "p" > ,< / span > < span class = "n" > hostport< / span > < span class = "o" > =< / span > < span class = "s" > 'https://node.blockstack.org:6263'< / span > < span class = "p" > )< / span >
< span class = "p" > {< / span > < span class = "s" > 'public_key'< / span > < span class = "p" > :< / span > < span class = "s" > '020fadbbcea0ff3b05f03195b41cd991d7a0af8bd38559943aec99cbdaf0b22cc8'< / span > < span class = "p" > }< / span >
< / code > < / pre >
< / div >
< / div >
< / article >
