Add key roles and permissions to Self-Sovereign Identity (SSI)

The creator of an identity contract holds per default full rights to his own identity. Additionally he can assign roles and rights to other keys and identities. For example to a backup key, a financial controller, the government to add verifiable claims, or a service like a SMS Hub to debit funds, etc.

For example if you want to allow another identity to add verifiable claim you need to add the other identity’s key hash with purpose 3 (claim signer) if you want to allow a service to debit funds you would assign purpose 11 (Escrow Manager).

To do so you need to add hashes of the other public keys to the identity with the function AddKeyHash2Identity from the Identity Namespace of our Web Service APIs.

Of course you can do the same via our Websockets. After you unlocked your key you can send a JSON package in the following format to the server:

{“@type”:”specs/commands”,”@command”:”AddKeyHash”,”thid”:”01de65e1-2eeb-4168-bede-ca1413d9396a”,”keyhash”:”9c22ff5f21f0b81b113e63f7db6da94fedef11b2119b4088b89664fb9a3cb658″,”ssiaddress”:”0x1dca60dc4f40f3c05cb33dcdf48eae9cc9efd116″,”myaddress”:”0xb5cae8fb7f6ec058d071cb9802d02305ac430a9d”,”purpose”:”122″,”keytype”:”1″}

To create the above package you can also use our helper web service CreateAddKeyHash.

Once you send that package to the server you receive:

eyJhbGciOiJFUzI1NiIsIngiOiJJdVpSeWFHcVBCVnZ6bk9RSlR6eTlkTUlxZ0QxdVU3QVIzVXlDS3ViUWVNIiwieSI6Ik9PV2F0Y01aUE5KT3NMWEN5NHFSMkNEZ3IxM29kR3RyMkdRbHRyZkNFNVUifQ.eyJTZXNzaW9uSUQiOiJmMTIwNWZjNi0zOWQ3LTRlZjItYTQ5Yy02ODAyNjc3NDZkYTkiLCJ0cmFuc2FjdGlvbiI6IjB4NmFlNjg5MmQ3YzEzNGU1MWY0OGZhM2U1M2YwY2ExMjNmMmQ1Njg0N2IzZmUwMzYxZmMxMDk1YmZlYzVhOTRkMCJ9.gNRXEhK2f0oktq9-iURRnZcq_Y4iWFSmvBAn7CNj5WrBhMuzKHjGHcuZa-75AalwG9STMlMBGauuk-GGPr3YBw

If you decode the above string you get:

{“alg”:”ES256″,”x”:”IuZRyaGqPBVvznOQJTzy9dMIqgD1uU7AR3UyCKubQeM”,”y”:”OOWatcMZPNJOsLXCy4qR2CDgr13odGtr2GQltrfCE5U”} {“SessionID”:”f1205fc6-39d7-4ef2-a49c-680267746da9″,”transaction”:”0x6ae6892d7c134e51f48fa3e53f0ca123f2d56847b3fe0361fc1095bfec5a94d0″} {“signature”:”gNRXEhK2f0oktq9-iURRnZcq_Y4iWFSmvBAn7CNj5WrBhMuzKHjGHcuZa-75AalwG9STMlMBGauuk-GGPr3YBw”}

Of course you can also check what purpose a given key has. That is done with a JSON query in the following format:

{“@type”:”specs/commands”,”@command”:”GetKeyPurpose”,”thid”:”c92b8a75-5fb9-4513-bd82-c59f120004be”,”keyhash”:”9c22ff5f21f0b81b113e63f7db6da94fedef11b2119b4088b89664fb9a3cb658″,”ssiaddress”:”0x1dca60dc4f40f3c05cb33dcdf48eae9cc9efd116″}

The answer would be:

eyJhbGciOiJFUzI1NiIsIngiOiJJdVpSeWFHcVBCVnZ6bk9RSlR6eTlkTUlxZ0QxdVU3QVIzVXlDS3ViUWVNIiwieSI6Ik9PV2F0Y01aUE5KT3NMWEN5NHFSMkNEZ3IxM29kR3RyMkdRbHRyZkNFNVUifQ.eyJTZXNzaW9uSUQiOiI4YWM0ZmJhMi1lYTA1LTQ3M2EtYjdjMS03NGM5NDNmNmQ5YWYiLCJwdXJwb3NlIjoiMTIyIiwia2V5aGFzaCI6IjljMjJmZjVmMjFmMGI4MWIxMTNlNjNmN2RiNmRhOTRmZWRlZjExYjIxMTliNDA4OGI4OTY2NGZiOWEzY2I2NTgifQ.Edyh39rhcYKpGH-uKfQk3T1o2Kr5mpTtKxRERQaDA_A8OxSVQ_8W_c5eaLSrssac6MuuMJ8ZsN5jEOvA9GxtIw

Decoded it is:

{“alg”:”ES256″,”x”:”IuZRyaGqPBVvznOQJTzy9dMIqgD1uU7AR3UyCKubQeM”,”y”:”OOWatcMZPNJOsLXCy4qR2CDgr13odGtr2GQltrfCE5U”} {“SessionID”:”8ac4fba2-ea05-473a-b7c1-74c943f6d9af”,”purpose”:”122″,”keyhash”:”9c22ff5f21f0b81b113e63f7db6da94fedef11b2119b4088b89664fb9a3cb658″} {“signature”:”Edyh39rhcYKpGH-uKfQk3T1o2Kr5mpTtKxRERQaDA_A8OxSVQ_8W_c5eaLSrssac6MuuMJ8ZsN5jEOvA9GxtIw”}