Understanding Elastos DIDs in Feeds Capsule

When we talk about the differences between Feeds capsule and Twitter, the big one is that we use Elastos DID to make sign-in instead of the traditional way of username/password system or OAuth2 method, both of which are being fully controlled by the single central authority.

“Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies” Quoted from W3C DIDs specification v1.0.

From the explanation above, there are three natures implicitly contained in the DID definition. First, DID can identify any subject in the real world or even a virtual concept. In Feeds, we use Elastos DID to identify the user willing sign-in Feeds. We also use Elastos DIDs to identify Feeds capsule application and Feeds back-end service to authenticate each other for interaction.

Second, a DID should be a decentralized digital identity, which means any central authority can not determine it’s generation. Therefore, there is no censorship on the DIDs for creation and destruction. With Elastos DID SDKs, you will easily create a new one or import an existing one onto elastOS and later use it to sign-in Feeds capsule on the user’s behalf.

Last, DIDs were mainly designed for verification purposes without any third-parties involved. When users sign-in Feeds, it will open up elastOS to request the user’s approval for specific Elastos DID with a confirmation pop-up. As the user aware of all risk information and click the “Confirm” button, elastOS will internally issue a credential to the Feeds capsule to declare the authorization that it becomes an agent of the user of that DID. While adding a new Feeds service, elastOS also will be granted by the user to issue a credential to Feeds capsule and remotely sign-in Feeds service with it.

Elastos DID specification has been designed on W3C DID Specification Working Draft, with a subset of W3C DID, and conforms to the W3C DID specification requirements. Elastos DID infrastructure is composed of Elastos DID Sidechain and Elastos SDKs with Java/Swift/C supported for Linux/Windows/macOS platforms.

Developers can easily manage Elastos SDKs to create a new Elastos DID as an identifier to a person or an application. Once an Elastos DID was created, it would actually generate an Elastos DID document containing information associated with the DID.

Here is a simple example of Elastos DID document.

{"id" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J",
"publicKey" : [ {
"id" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J#primary",
"type" : "ECDSAsecp256r1",
"controller" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J",
"publicKeyBase58" : "t6447T9G7rBPGvhvCesCRUCCiyFtkfzxiB5QLENg2PS8"
} ],
"authentication" : [ "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J#primary" ],
"verifiableCredential" : [ {
"id" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J#name",
"type" : [ "BasicProfileCredential", "SelfProclaimedCredential" ],
"issuer" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J",
"issuanceDate" : "2020-11-10T02:32:38Z",
"expirationDate" : "2025-11-09T02:32:38Z",
"credentialSubject" : {
"id" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J",
"name" : "didapp3"
},
"proof" : {
"type" : "ECDSAsecp256r1",
"verificationMethod" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J#primary",
"signature" : "rxZ7r-B6YgV3SVz3gy32-jlmLnzqr8EiTr1jEkJZauUp1lSqk9_QYGn2QwKNPFOOIGxCpLGj91DkWETIjTU6wg"
}
} ],
"expires" : "2025-11-10T02:32:38Z",
"proof" : {
"type" : "ECDSAsecp256r1",
"created" : "2020-11-10T02:45:41Z",
"creator" : "did:elastos:ijYUBb36yCXU6yzhydnkCCAXh7ZRW4X85J#primary",
"signatureValue" : "1hUkfAqboBd2_Y78UsNKOQ1KzkubvxsO4F7DU4krXFNR_M5W091zosZ65DEyGnVZxFytBrVbabpiMu23qxnT2A"
}
}

Elastos Sidechain, as a distributed ledger, would store all the published DID documents as transaction data. When users decide to publish the DID on the DID Sidechain, it means the whole DID Document would be accessible to anyone for verification purposes on signature data or the credentials related to this DID.

In general, Elastos DID is the core technology to the Elastos ecosystem. I hope it would be a good start to educate our developers and users. With hope, I will keep addressing more explanatory articles like this to help understand Elastos technologies more deeply.