Sort out the capabilities provided by BSN-DID
1 DID
Create public and private keys
Manually calculate DID locally, and create DID on the server side
Verify DID identifier
2 DOC
Manually assemble DOC, create DOC through class DidDocument,
Verify DOC: verify the content format and signature value of the offline generated DOC
DOC on-chain: stored on the chain.
Access to DOC: Anyone can query the corresponding DID Document on the chain through the DID identifier. It can be used to verify DID identity and obtain DID public key.
Key update: Update the primary private key with the backup private key
3 Issuer
registered issuer
Query the issuing party
4 Credential Template
Registration Credential Template
Query credential template, query credential template list
Update credential template
5 credential VC
Issue certificate
Verification: Generally called by the verifier to verify whether a credential is valid. Verify the signature of the credential, whether the credential is expired, and whether the credential is revoked, respectively.
Revocation: Called by the certificate issuer to revoke or invalidate a certificate that has been issued. Since the issued certificate has been kept by the user, the certificate ID will be uploaded to the chain after the certificate is revoked.
Query Revoked Credentials: Called when a credential is validated. Through the DID identifier of the issuer, find out all its revoked certificate IDs.
Unable to query issued certificates? ? ?
6 Privacy area--data protection area, called the Hub, the data in the Hub is encrypted
The operator of the privacy area is called a user, and three registration methods are provided: registration using DID, registration with public key, registration with custom id, and generating uid after registration.
Resource: The data content to be protected is called a resource, which requires encrypted storage.
Saving resources involves two parties, the operator uid and the owner. To give a detailed example:
The certificate issuer issued a certificate VC to the user did, and now wants to save the certificate VC in the Hub for other people to access, then this certificate VC is a resource.
If the user saves the resource by himself, then the operator uid is his own did, and the owner is also his own did. This is operator and owner in one
If the issuer saves the resource, then the operator uid is the issuer did, and the owner is the user did. This belongs to the separation of operators and owners.
Resources: store, delete, obtain, change owner, query resource operation history, decrypt content
Permissions: readable, writable, modifiable. The resource owner creates permissions for third parties to access resources in the Hub
create, delete,
Query authorization records: owner queries the permission list created by himself
Query authorized records: records authorized by others.