https://github.com/ethereum/EIPs/blob/master/EIPS/eip-725.md
eip | title | author | discussions-to | status | type | category | created |
---|---|---|---|---|---|---|---|
725
|
Proxy Identity
|
Fabian Vogelsteller (@frozeman)
|
Draft
|
Standards Track
|
ERC
|
2017-10-02
|
Simple Summary
Proxy contract for key management and execution, to establish a Blockchain identity.
代理合约是通过建立区块链身份来实现密钥的管理和执行的
Abstract
The following describes standard functions for a unique identity for humans, groups, objects and machines. This identity can hold keys to sign actions (transactions, documents, logins, access, etc), and claims, which are attested from third parties (issuers) and self attested (#ERC735), as well as a proxy function to act directly on the blockchain.
下面描述了给予人、组、物体、机器唯一身份的标准函数的实现。这个身份可以管控密钥来签名所做的操作;claims是通过第三方(发行商)和自己来进行证明的。代理函数是直接在区块链上操作的。
Motivation
This standardised identity interface will allow Dapps, smart contracts and thirdparties to check the validity of a person, organisation, object or machine through 2 steps as described in the function XXX. Trust is here transfered to the issuers of claims.
就是通过调用身份接口来证明这些人、组、物体、机器的有效性,通过以下两步进行:
The most important functions to verify an identity are: XXX
The most important functions to manage an identity are: XXX
Definitions
keys
: Keys are public keys from either external accounts, or contract addresses.来自外部账户或合约账户的公钥claim issuer
: is another smart contract or external account, which issues claims about this identity. The claim issuer can be an identity contract itself.身份发行商claim
: For details about claims 身份 see #ERC735
Specification
Key Management
Keys are cryptographic public keys, or contract addresses associated with this identity. The structure should be as follows:
keys就是加密后的公钥(当为EOA账户时)或者与这个身份相关的合约地址
key
: A public key owned by this identitypurpose
:uint256[]
Array of the key types, like 1 = MANAGEMENT, 2 = ACTION, 3 = CLAIM, 4 = ENCRYPTION,这个key的作用是什么,下面有解释keyType
: The type of key used, which would be auint256
for different key types. e.g. 1 = ECDSA, 2 = RSA, etc.key使用的加密方法key
:bytes32
The public key. // for non-hex and long keys, its the Keccak256 hash of the key
struct Key { uint256[] purposes; uint256 keyType; bytes32 key; }
getKey
Returns the full key data, if present in the identity.
function getKey(bytes32 _key) constant returns(uint256[] purposes, uint256 keyType, bytes32 key);
keyHasPurpose
Returns the TRUE
if a key has is present and has the given purpose. If key is not present it returns FALSE
.
function keyHasPurpose(bytes32 _key, uint256 purpose) constant returns(bool exists);
getKeysByPurpose
Returns an array of public key bytes32 hold by this identity.
function getKeysByPurpose(uint256 _purpose) constant returns(bytes32[] keys);
addKey
Adds a _key
to the identity. The _purpose
specifies the purpose of key. Initially we propose four purposes:
key的作用
1
: MANAGEMENT keys, which can manage the identity,用来管理身份2
: ACTION keys, which perform actions in this identities name (signing, logins, transactions, etc.)在这个身份下执行操作3
: CLAIM signer keys, used to sign claims on other identities which need to be revokable.用来在别的身份上签署claims,这个身份是可以取消的4
: ENCRYPTION keys, used to encrypt data e.g. hold in claims.用来加密数据
MUST only be done by keys of purpose 1
, or the identity itself. If its the identity itself, the approval process will determine its approval.
Triggers Event: KeyAdded
function addKey(bytes32 _key, uint256 _purpose, uint256 _keyType) returns (bool success)
removeKey
Removes _key
from the identity.
MUST only be done by keys of purpose 1(即MANAGEMENT)
, or the identity itself. If its the identity itself, the approval process will determine its approval.
Triggers Event: KeyRemoved
function removeKey(bytes32 _key, uint256 _purpose) returns (bool success)
Identity usage身份的使用
execute
Executes an action on other contracts, or itself, or a transfer of ether. SHOULD require approve
to be called with one or more keys of purpose 1(MANAGEMENT)
or 2
(ACTION)to approve this execution.执行对其他合约、合约本身或eth的转让的操作。应该通过调用包含一个或多个实现目的1(管理)或2(动作)key的approve去批准执行。
Execute COULD be used as the only accessors for addKey
, removeKey
and replaceKey
and removeClaim
.
Execute可以作为addKey、removeKey和replaceKey以及removeClaim的唯一途径
Returns executionId
: SHOULD be send to the approve
function, to approve or reject this execution.
返回executionId:应该发送到approve函数,以批准或拒绝此执行。
Triggers Event: ExecutionRequested Triggers on direct execution Event: Executed
function execute(address _to, uint256 _value, bytes _data) returns (uint256 executionId)
approve
Approves an execution or claim addition. This SHOULD require n
of m
approvals of keys purpose 1
, if the _to
of the execution is the identity contract itself, to successfull approve an execution. And COULD require n
of m
approvals of keys purpose 2
, if the _to
of the execution is another contract, to successfull approve an execution.
批准执行或添加有关身份的claim。如果执行的_to是identity合约本身,那么要成功地批准执行,应该需要m个目的1(管理)密钥中n个的批准。如果执行的_to是另一个合约,则可能需要m个目的2(动作)密钥中n个的批准才能成功地批准执行。
Triggers Event: Approved Triggers on successfull execution Event: Executed Triggers on successfull claim addition Event: ClaimAdded
function approve(uint256 _id, bool _approve) returns (bool success)
Identity verification
Requires: ERC 735
The following changes to ERC 735 are REQUIRED:
addClaim
This SHOULD create a pending claim, which SHOULD to be approved or rejected by n
of m
approve
calls from keys of purpose 1
.创建一个待定的claim,应该需要m个目的1(管理)密钥中n个的批准
Only Events: Triggers if the claim is new Event and approval process exists: ClaimRequested Triggers if the claim index existed Event: ClaimChanged
removeClaim
MUST only be done by the issuer
of the claim, or keys of purpose 1
, or the identity itself. If its the identity itself, the approval process will determine its approval.
只有claim发行商、目的一的密钥或身份本身能执行。如果是身份本身,审批过程将决定其审批。
问题:key,claim,identity之间的关系到底是什么,看本博客ERC 725 and ERC 735 的实现及关系
Events
KeyAdded
MUST be triggered when addKey
was successfully called.
event KeyAdded(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType)
KeyRemoved
MUST be triggered when removeKey
was successfully called.
event KeyRemoved(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType)
ExecutionRequested
MUST be triggered when execute
was successfully called.
event ExecutionRequested(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data)
Executed
MUST be triggered when approve
was called and the execution was successfully approved.
event Executed(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data)
Approved
MUST be triggered when approve
was successfully called.
event Approved(uint256 indexed executionId, bool approved)
The following changes to ERC 735 are REQUIRED:
ClaimRequested
MUST be triggered when addClaim
was successfully called.
ClaimAdded
MUST be triggered when approve
was called and the claim was successfully added.
Constraints
- A claim can only be one type per type per issuer.对于每个发行者,每个类型的claim只能是一种类型
Implementation
- DID resolver specification
- Implementation by mirceapasoi
- Implementation by Nick Poulden, interface at: https://erc725.originprotocol.com/
Solidity Interface
pragma solidity ^0.4.18; contract ERC725 { uint256 constant MANAGEMENT_KEY = 1; uint256 constant ACTION_KEY = 2; uint256 constant CLAIM_SIGNER_KEY = 3; uint256 constant ENCRYPTION_KEY = 4; event KeyAdded(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType); event KeyRemoved(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType); event ExecutionRequested(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data); event Executed(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data); event Approved(uint256 indexed executionId, bool approved); struct Key { uint256 purpose; //e.g., MANAGEMENT_KEY = 1, ACTION_KEY = 2, etc. uint256 keyType; // e.g. 1 = ECDSA, 2 = RSA, etc. bytes32 key; } function getKey(bytes32 _key) public constant returns(uint256[] purposes, uint256 keyType, bytes32 key); function keyHasPurpose(bytes32 _key, uint256 _purpose) public constant returns (bool exists); function getKeysByPurpose(uint256 _purpose) public constant returns (bytes32[] keys); function addKey(bytes32 _key, uint256 _purpose, uint256 _keyType) public returns (bool success); function removeKey(bytes32 _key, uint256 _purpose) public returns (bool success); function execute(address _to, uint256 _value, bytes _data) public returns (uint256 executionId); function approve(uint256 _id, bool _approve) public returns (bool success); }