Ontology Developer Center
DISCOVERCOMMUNITYSUPPORT
  • Introduction
  • Discover Ontology
  • Getting Started
  • Glossary
  • Decentralized Identity and Data
    • ONT ID
      • Decentralized Identifiers
        • Method Specification for Ontology
        • Method Specification for Ethereum
        • Method Specification for BSC
      • Verifiable Credentials
        • Anonymous Credentials
      • ONT Login
        • Scenarios
        • Protocol Specification
        • Front-end JavaScript SDK
          • Integration and Usage
          • API Reference
        • Front-end UI SDK
          • Integration and Usage
          • API Reference
        • Back-end Go SDK
          • Integration and Usage
          • API Reference
        • Back-end Java SDK
          • Integration and Usage
          • API Reference
      • ONT TAG
        • Workflow
        • API Reference
      • Mercury
      • OScore
    • DDXF
      • Components and Interfaces
      • GREP
      • Overall Scheme
      • Solutions
        • Marketplace
          • Deployment
          • Scenarios
          • SaaS Tenant
          • Java SDK
        • Data Storage
          • Deployment
          • Java SDK
        • Resource Auditor
        • Offline Judge
      • Use Cases
        • E-Shops
  • ONTOLOGY ELEMENTS
    • Smart Contracts
      • Types of smart contracts
    • Token Protocols
    • Consensus Mechanism
    • Ontology Oracle
      • Oracle Process Flow
  • GUIDES & TUTORIALS
    • Development Guides
      • dApp Development
        • Using the dAPI
        • Data Synchronization
      • Smart Contract Development
        • EVM Contract
          • Development Environment and Tools
          • Wallet Setup
          • Contract Development
          • How to Deploy a Smart Contract with GetBlock
        • NeoVM Contract
          • Development tools and environment
          • Launching the IDE
          • Writing and editing program logic
          • Deploying and testing on private net
        • WASM Contract
          • Development Environment
          • Project Initiation - Hello World
          • Creating your own project
          • Development using SmartX
          • Runtime API
          • Contract Fundamentals
          • Inter-contract Interaction
          • Developing Contracts in C++
        • Publish Contract Source Code
    • Integration Guides
      • dApp Integration
        • dAPI Integration
          • Chrome Plugin
          • Mobile wallet dApp
          • QR code mechanism
          • Wake call mechanism
        • Cocos 2D-x
        • Unity 3D applications
      • Mobile Wallet Integration
        • SDK integration
        • dAPI Integration
          • In-wallet applications
          • QR code mechanism
          • Wake call mechanism
        • Stake
      • Using ONT ID
      • Exchange Integration
        • Exchange Docking Guide
        • Exchange API
      • Ontology for dApp Stores
    • EVM & Token Decimals Upgrade
  • ONTOLOGY NODE
    • Abstract
    • Node Deployment
      • Standard Node
      • Rosetta Node
    • Interacting with a Public Node
  • DEVELOPER TOOLS
    • dApp Development Framework
      • Punica CLI
      • Punica boxes
      • Solo Chain
    • IDE
    • APIs
      • HTTP API
        • Restful
        • WebSocket
        • Remote Procedure Call (RPC)
      • Explorer v2 API
        • Block
        • Address
        • Contract
        • Token
        • Transactions
        • ONT ID
        • Summary
        • Node
      • Native Token API
        • ONT Contract API
        • ONG Contract API
      • ONT ID Contract API
      • Web3 API
      • OScore Open API
      • Rosetta Node API
        • Data API
        • Construction API
      • DToken Contract API
      • DDXF
        • Marketplace Contract API
        • Storage API
      • Governance API
    • Digital Wallet
      • Chrome Plugin provider
      • Chrome Plugin dAPI
      • Mobile version provider
      • Mobile version dAPI
    • SDKs
    • Signing Server
      • Installation
      • API reference
  • COMMUNITY
    • Ecosystem Programs
    • Community Libraries
    • Community Events
    • Community Channels
    • Core Contributors
  • SUPPORT
    • FAQ
      • Basic blockchain concepts
      • Ontology Nodes
      • Ontology token protocols
      • Smart contracts
      • SDKs and APIs
    • Contact Us
Powered by GitBook
On this page
  • Abstract
  • Conformance and Terminology
  • ONT ID
  • SHA256
  • Base58
  • ABNF
  • ONT ID Format
  • ONT ID Syntax
  • ONT ID URL Syntax
  • ONT ID Registration and Deactivation
  • ONT ID Document
  • Context
  • Identifiers
  • Public Keys
  • Authentication
  • Delegation
  • Recovery Mechanism
  • Service Information
  • Additional Properties
  • Created
  • Updated
  • Proof of Integrity
  • Appendix
  • References
  • ONT ID Contract API

Was this helpful?

  1. Decentralized Identity and Data
  2. ONT ID
  3. Decentralized Identifiers

Method Specification for Ontology

did:ont

PreviousDecentralized IdentifiersNextMethod Specification for Ethereum

Last updated 4 years ago

Was this helpful?

Abstract

ONT ID is Ontology's decentralized identity framework based on W3C Decentralized Identifiers (DIDs) specification using blockchain and cryptography technology, which can instantly identify and connect people, assets, things, and events. ONT ID offers the features of decentralization, self-management, privacy protection and ease of use. With ONT ID, the privacy and security of users' identity and data are fully protected and users can have complete control over their own identity and data.

The ONT ID specification conforms to and extends the definition and features on its basis.

Conformance and Terminology

This specification assumes a fair degree of understanding of .

The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in .

ONT ID

Used to denote Ontology's blockchain technology and cryptography based decentralized identity framework. Also denotes the decentralized identifier allocated to entities that part of the decentralized Ontology network.

SHA256

A part of the SHA-2 cryptographic hash family designed by the United States National Security Agency. First published in 2001.

Base58

A popular encoding scheme commonly used in blockchain technology. Maintains readability while allowing for data compression and encoded verification.

ABNF

An abbreviation for augmented Backus–Naur form. An ABNF specification is a set of derivation rules.

ONT ID Format

ONT ID Syntax

ONT ID is generated as described in ABNF as follows:

ontid        = "did:ont:" ontid-string
ontid-string = 1* idchar
idchar       = 1-9 / A-H / J-N / P-Z / a-k / m

ontid-string MUST be generated using the following method:

  1. Generate a 20-byte random number.

  2. Append 1-byte tag bits. Append 1-byte tag bits to the generated random number, i.e. data = VER || h;

  3. Calculate 4-byte parity bits. Calculate the SHA256 hash of the data twice and take the first 4 bytes as parity bits, i.e. checksum = SHA256(SHA256(data))[0:4];

  4. Encode. Encode the above result to a Base58 encoded value, i.e. ontid-string = Base58(data || checksum).

In the above stated process, || represents the connector that connects the two adjoining byte strings. The recommended value of VER is 23.

Below is an example of an ONT ID:

did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72

ONT ID URL Syntax

The ONT ID URL syntax is as follows.

ontid-url = "did:ont:"ontid-specific-id
          [ ";" param ] [ "/" path ]
          [ "?" query ] [ "#" fragment ]

ONT ID Registration and Deactivation

ONT ID MUST be registered on the Ontology blockchain to be activated, and the same ONT ID MUST NOT be registered more than once.

Only the owner or delegate of the ONT ID can deactivate it.

When an ONT ID is deactivated, all the related data, including private keys, delegates, properties, and recovery person, will be deleted and only the identifier of the ONT ID will remain on the Ontology blockchain.

Deactivated ONT ID can no longer be used and cannot be reactivated for use.

ONT ID Document

Each ONT ID will have a corresponding ONT ID Document.

Below is the structure of the ONT ID Document:

{
  "@context": ["https://www.w3.org/ns/did/v1", "https://ontid.ont.io/did/v2"],
  "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
  "publicKey": [{...}],
  "authentication": [{...}],
  "controller": [{...}],
  "recovery": [{...}],
  "service": [{...}],
  "attribute": [{...}],
  "created": [{...}],
  "updated": [{...}],
  "proof": [{...}]
}

Context

ONT ID Documents MUST include a @context property.

Below is an example:

{
  "@context": ["https://www.w3.org/ns/did/v1","https://ontid.ont.io/did/v2"]
}

For example, users need to append a property to an ONT ID, create the corresponding context for the type value of the property and publish the context to an URI accessible to all users. This is represented in the ONT ID Document as follows:

{
  "attribute": [
    {
      "@context": {
        "some-type": "uri-of-the-context",
      },
      "id": "did:ont:some-ont-id#some-attribute",
      "type": "some-type",
      "value": "some-value"
    },
  ]
}

Identifiers

ONT ID Documents MUST include an id property to specify the ONT ID identifier linked to the Document.

The value of id MUST be a valid ONT ID.

{
  "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72"
}

Public Keys

An ONT ID Document MUST include a publicKey property to specify a set of public keys linked to that ONT ID.

Public and private key pairs can be used for the self-management, authorization, and verification of ONT ID. An ONT ID can be linked to multiple public and private key pairs and one pair of public and private keys can also be used to manage multiple ONT IDs.

When an ONT ID is registered on the Ontology blockchain, it SHOULD be bound to the public key of the ONT ID owner. The owner should keep the matching private key safely.

Every public key object linked to the publicKey property SHOULD include the fields id, type, controller and encoding.

Each linked public key has its own identifier specified using the field id. Each bound public key is numbered starting from 1 according to the linking order. The format of "id" is

did:ont:some-ont-id#keys-{index}

{index} is the serial number of the public key.

Bound public keys can be revoked. Revoked public keys cannot be reactivated, but still possess the original serial numbers.

The value of the type field represents the corresponding cryptographic algorithm of the public key. Ontology supports an array of international standard cryptographic algorithms, such as ECDSA, EdDSA and SM2 signature.

The value of the controller field, which identifies the controller of the corresponding private key, MUST be a valid ONT ID, denoting that the public key is controlled by this ONT ID.

The encoding key is the corresponding encoding format of the public key and the value is the result value of the public key using that encoding format. The encoding formats that Ontology supports include publicKeyPem, publicKeyHex and publicKeybase58.

Below is a specific example of the PublicKey property:

{
  "publicKey": [
    {
      "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#keys-1",
      "type": "EcdsaSecp256r1VerificationKey2019",
      "controller": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
      "publicKeyHex": "02a545599850544b4c0a222d594be5d59cf298f5a3fd90bff1c8caa095205901f2"
    }
  ]
}

Authentication

ONT ID Documents use an OPTIONAL authentication property to specify verification methods.

ONT ID allows users to add the authentication property to denote that the holder of that ONT ID has authorized a set of verification methods for identification.

Below is an example:

{
  ...
  "authentication": [
    "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#keys-1",
    {
      "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#keys-2",
      "type": "EEcdsaSecp256r1VerificationKey2019",
      "controller": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
      "publicKeyBaseHex": "03a835599850544b4c0a222d594be5d59cf298f5a3fd90bff1c8caa064523745f3"
    }
  ],
}

Delegation

In an ONT ID Document, an OPTIONAL controller property is used to designate a delegate.

An ONT ID can be delegated to and controlled by other ONT IDs. A designated delegate MUST be specified when registering the ONT ID on the Ontology blockchain.

The ONT ID of the delegate has the authorization of registration and deactivation of the delegated ONT ID, and can modify properties publicKey and authentication of the delegated ONT ID.

It is worth noting that an ONT ID Document can assign controller without designating authentication.

The ONT ID of the delegate MUST be self-managed.

The delegate can be an ONT ID or a management group consisted of multiple ONT IDs. The management group can set complex threshold control logic to meet different security requirements. For example, set a management group of n ONT IDs and specify that the group can only perform an operation with the signature of at least m(<=n) ONT IDs. The setting is expressed as follows:

{
  "threshold": "m",
  "members": ["ID1", "ID2", ... , "IDn"]
}

Then, define the control logic of the recursive combination, meaning that group members can either be ONT ID, or a nested management group, as shown below:

{
  "threshold": "m1",
  "members": [
    "ID1",
    {
      "threshold": "m2",
      "members": ["ID2", ...]
    },
    ...
  ]
}

Below is a specific example representing that either did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72, or did:ont:AXjJnU1TJViks4KUGQruiXwkKznwVpz7Z9 and did:ont:AKwf6DvKFSBxhsmhjGCvJgaxHvCEQmpZZv together can act as a delegate.

"controller:" [
  {
    "threshold": 1,
    "members": [
      "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
      {
        "threshold": 2,
        "members": ["did:ont:AXjJnU1TJViks4KUGQruiXwkKznwVpz7Z9", "did:ont:AKwf6DvKFSBxhsmhjGCvJgaxHvCEQmpZZv"]
      },
      ...
    ]
  }
],

When performing operations on the delegated ONT ID, the ONT ID of the delegate(s) need to provide valid digital signatures conforming to the control logic.

The delegate can link public keys for the delegated ONT ID by setting publicKey property, and can also set authentication property, thus turning it into self-management mode. A self-managed ONT ID cannot be switched to delegated mode.

Recovery Mechanism

ONT ID Documents use an OPTIONAL recovery property to designate the recovery party.

In the event that the owner of the ONT ID lost the private key, the recovery person can help the owner to reset the private key. The recovery person can add and delete public keys from authentication of that ONT ID and update the settings for the recovery person.

Only a self-managed ONT ID can designate other ONT IDs as the recovery party.

The recovery person can use the method of group management, the rules of which are the same as the management group of delegate. The recovery person needs to provide valid digital signatures in conformity with the control logic to perform any operation.

Below is a specific example, representing that either one of ont:AXjJnU1TJViks4KUGQruiXwkKznwVpz7Z9 and did:ont:AKwf6DvKFSBxhsmhjGCvJgaxHvCEQmpZZv can perform the recovery operation.

"recovery": [
  {
    "threshold": 1,
    "members": ["did:ont:AXjJnU1TJViks4KUGQruiXwkKznwVpz7Z9", "did:ont:AKwf6DvKFSBxhsmhjGCvJgaxHvCEQmpZZv"]
  }
],

Service Information

ONT ID Documents use an optional service to specify the service property.

ONT ID allows entities to add services to specify the information of a service related to that ONT ID, including types of service and service endpoints.

Below is a specific example:

{
  ...
  "service": [
    {
      "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#some-service",
      "type": "SomeServiceType",
      "serviceEndpint": "Some URL"
    }
  ]
}

Additional Properties

ONT ID Documents include an OPTIONAL attribute to link a set of ONT ID-related properties.

The owner or delegate of the ONT ID can add, modify or delete additional properties.

Each property MUST include the fields of key, value, and type.

  • key as the identifier of the property,

  • type denotes the type of the property,

  • value is the content of the property.

attribute can include 100 properties at most.

There is a limit on the length of the property's field. The maximum lengths of the key, value, and type fields are 80 bytes, 64 bytes, and 512K bytes respectively.

For example, did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72 contains a property:

key: "some-attribute"
type: "some-type"
value: "some-value"

The property is then expressed in the ONT ID Document as follows:

{
  "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
  "attribute" : [
    {
      "key": "some-attribute",
      "type": "some-type",
      "value": "some-value"
    },
  ]
}

The types and the specific content of the additional properties are not covered in this specification and should be defined by the application layer.

Below is a specific example:

{
  "attribute": [
    {
      "key": "age",
      "type": "number",
      "value": 18
    },
  ]
}

Created

ONT ID Documents SHOULD include a created property to specify the time of creation.

Below is a specific example:

{
  "created": "2018-06-30T12:00:00Z"
}

Updated

ONT ID Documents SHOULD include an updated property to specify a timestamp of the most recent change.

Below is a specific example:

{
  "updated": "2019-06-30T12:00:00Z"
}

Proof of Integrity

ONT ID Documents MAY include a proof property to prove the integrity of that ONT ID Document.

Below is a specific example:

{
  "proof": {
    "type": "LinkedDataSignature2015",
    "created": "2020-02-02T02:02:02Z",
    "creator": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#keys-1",
    "signatureValue": "QNB13Y7Q9...1tzjn4w=="
  }
}

As of now, the proof property has not been fully implemented yet.

Appendix

Below is a simple example of an ONT ID Document:

{
  "@context": ["https://www.w3.org/ns/did/v1", "https://ontid.ont.io/did/v2"],
  "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
  "publicKey": [
    {
      "id": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#keys-1",
      "type": "EcdsaSecp256r1VerificationKey2019",
      "controller": "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72",
      "publicKeyHex": "02a545599850544b4c0a222d594be5d59cf298f5a3fd90bff1c8caa095205901f2"
    }
  ],
    "authentication": [
    "did:ont:AderzAExYf7yiuHicVLKmooY51i2Cdzg72#keys-1"
  ]
}

References

ONT ID Contract API

Please follow the link below for the contract API reference.

ONT ID is a URI conforming to and SHOULD be generated by each entity itself.

ONT ID is generated in conformity with 。

"did:ont:" denotes that ONT ID is the decentralized identifier conforming to that is registered on the Ontology blockchain; idchar includes all the characters of the Base58 encoded character set.

The ONT ID URL syntax follows the DID URL rules defined in .

For more information, see the rules about ,, and as defined in .

ONT ID Document is a method of serializing ONT ID information expressed using as defined in of the W3C DIDs specification.

The value of the @context property MUST be one or more URIs, where the value of the first URI MUST be and the value of the second URI MUST be . For more information, see .

In practice, the terms in the context provided by W3C and Ontology may not be able to meet users' demand. In this case, users need to define the context themselves and can use for extensions.

This part is derived from .

This part is derived from .

This part is derived from .

This part is derived from .

This part is derived from .

[W3C-DID] Decentralized Identifiers (DIDs) v1.0. W3C. Mar 2020. Working Draft. URL:

[RFC2119] Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL:

[RFC3986] Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee; R. Fielding; L. Masinter. IETF. JANUARY 2005. Standards Track. URL:

[BASE58] The Base58 Encoding Scheme. Manu Sporny. IETF. December 2019. Internet-Draft. URL:

W3C DIDs specification
W3C DIDs specification
IETF RFC 2119
IETF RFC 3986
W3C DIDs specification
W3C DIDs specification
W3C DIDs specification
param
path
query
fragment
W3C DIDs specification
JSON-LD
DID Documents
https://www.w3.org/ns/did/v1
https://ontid.ont.io/did/v2
W3C DIDs specification
embedded context
W3C DIDs specification
W3C DIDs specification
W3C DIDs specification
W3C DIDs specification
W3C DIDs specification
https://www.w3.org/TR/did-core/
https://tools.ietf.org/html/rfc2119
https://tools.ietf.org/html/rfc3986
https://tools.ietf.org/html/draft-msporny-base58
ONT ID Contract API