ONT ID Contract API

Abstract

ONT ID is Ontology's decentralized identity framework based on W3C Decentralized Identifiers (DIDs) specification using blockchain and cryptography technology, which can instantly identify and connect people, assets, things, and events. ONT ID offers the features of decentralization, self-management, privacy protection and ease of use. With ONT ID, the privacy and security of users' identity and data are fully protected and users can have complete control over their own identity and data.

The ONT ID specification conforms to W3C DIDs specification and extends the definition and features on its basis.

Terminology and Pre-requisites

This document assumes a fair understanding of the ONT ID Specification v2.0.

Contract Implementation

ONT ID management features are implemented by the native contracts deployed on the Ontology blockchain.

ONT ID management contract address is 0x0000000000000000000000000000000000000003.

Data Structure

ONT ID management involves dealing with the following data structures:

• Manager Group:

Group {
    threshold    // Member threshold, integer
    members      // Member array
}

Each element of the member array is a string. Based on whether the first 8 characters are did:ont:, it can be established whether the element is an ONT ID or a nested group. If the element is an ONT ID, it must be a registered, self-governed ONT ID.

• Signer:

Signer {
    id     // Signer ONT ID
    index  // Signer public key index
}

• Attributes:

Attribute {
    key      // Attribute key, byte string
    type     // Attribute type, byte string
    value    // Attribute value, byte string
}

API Definition

ONT ID Registration

Registering a self-governed ONT ID

Method name: regIDWithPublicKey

Parameters:

The method invocation needs to be signed using the private key that corresponds to the public key passed at the parameter. Upon successful registration, the provided public key will be linked to the respective ONT ID.

Trigger event: ("Register", ONT ID)

Register a proxy controlled ONT ID

Method name: regIDWithController

Parameters:

Parameter no. 1 can be an ONT ID, or a serialized manager group structure. The first 8 characters can be used to differentiate between the two.

The proxy controller needs to sign the action in order to invoke this method. If the controller is a single ONT ID, parameter no. 2 is the public key used to verify the signature; and if the parameter is a manager group, parameter no. 2 is a serialized array that contains the list of signers.

Trigger event: ("Register", ONT ID)

ONT ID Cancellation

Cancelling a self-governed ONT ID

Method name: revokeID

Parameters:

Trigger event: ("Revoke", ONT ID)

Cancelling a proxy controlled ONT ID

Method name: revokeIDByController

Parameters:

Trigger event: ("Revoke", ONT ID)

Authorized Operations

Removing a controller

Method name: removeController

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 1.

Trigger event: ("RemoveController", ONT ID)

Setting a recovery method

Method name: setRecovery

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 2.

Trigger event: ("Recovery", "set", ONT ID, JSON format recoverer details)

Update recoverer

Method name: updateRecovery

Parameters:

The invocation action for this method needs to be signed by the original recoverer.

Trigger event: ("Recovery", "update", ONT ID, JSON format new recoverer details)

Delete recoverer

Method name: removeRecovery

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 1.

Trigger event: ("Recovery", "remove", ONT ID, JSON format new recoverer details)

Public Key Operations

Owner adds public key

Method name: addKey

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("PublicKey", "add", ONT ID, new public key, new public key serial no.)

Owner adds public key by index

Method name: addKeyByIndex

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("PublicKey", "add", ONT ID, new public key, public key serial no.)

Owner removes a public key

Method name: removeKey

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("PublicKey", "remove", ONT ID, public key to be removed, public key serial no.)

Owner removes public key using index

Method name: removeKeyByIndex

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("PublicKey", "remove", ONT ID, public key to be removed, public key serial no.)

Controller adds public key

Method name: addKeyByController

Parameters:

The proxy controller needs to sign the action in order to invoke this method. If the controller is a single ONT ID, parameter no. 2 is the public key used to verify the signature; and if the parameter is a manager group, parameter no. 2 is a serialized array that contains the list of signers.

Trigger event: ("PublicKey", "add", ONT ID, new public key, new public key serial no.)

Controller removes a public key

Method name: removeKeyByController

Parameters:

The proxy controller needs to sign the action in order to invoke this method. If the controller is a single ONT ID, parameter no. 2 is the public key used to verify the signature; and if the parameter is a manager group, parameter no. 2 is a serialized array that contains the list of signers.

Trigger event: ("PublicKey", "remove", ONT ID, public key to be removed, public key serial no.)

Recoverer adds a public key

Method name: addKeyByRecovery

Parameters:

The invocation action for this method needs to be signed by the recoverer.

Trigger event: ("PublicKey", "add", ONT ID, new public key, public key serial no.)

Recoverer removes a public key

Method name: removeKeyByRecovery

Parameters:

The invocation action for this method needs to be signed by the recoverer.

Trigger event: ("PublicKey", "remove", ONT ID, Public key to be removed, public key serial no.)

Verification Public Key Operations

Owner adds new verification public key

Method name: addNewAuthKey (new)

Parameters:

Public key data is as follows:

NewPublicKey {
    PublicKey
    Controller   // Self ONT ID by default (optional)
}

A serial no. is automatically allocated to the public key upon successful addition.

Trigger event: ("AuthKey", "add", ONT ID, public key serial no.)

Recoverer adds new verification public key

Method name: addNewAuthKeyByRecovery (new)

Parameters:

Public key data is as follows:

NewPublicKey {
    PublicKey
    Controller   // Self ONT ID by default (optional)
}

A serial no. is automatically allocated to the public key upon successful addition.

Trigger event: ("AuthKey", "add", ONT ID, public key serial no.)

Controller adds new verification public key

Method name: addNewAuthKeyByController (new)

Parameters:

Public key data is as follows:

NewPublicKey {
    PublicKey
    Controller   // Self ONT ID by default (optional)
}

A serial no. is automatically allocated to the public key upon successful addition.

Trigger event: ("AuthKey", "add", ONT ID, public key serial no.)

Owner assigns new verification public key

Method name: addNewAuthKey (new)

Parameters:

Trigger event: ("AuthKey", "add", ONT ID, public key serial no.)

Recoverer assigns new verification public key

Method name: addNewAuthKeyByRecovery (new)

Parameters:

Trigger event: ("AuthKey", "add", ONT ID, public key serial no.)

Controller assigns new verification public key

Method name: addNewAuthKeyByController (new)

Parameters:

Trigger event: ("AuthKey", "add", ONT ID, public key serial no.)

Owner removes a verification public key

Method name: removeAuthKey (new)

Parameters:

Trigger event: ("AuthKey", "remove", ONT ID, public key serial no.)

Recoverer removes a verification public key

Method name: removeAuthKeyByRecovery (new)

Parameters:

Trigger event: ("AuthKey", "remove", ONT ID, public key serial no.)

Owner removes a verification public key

Method name: removeAuthKeyByController (new)

Parameters:

Trigger event: ("AuthKey", "remove", ONT ID, public key serial no.)

Service Entry Point Operations

Add new service entry point

Method name: addService (new)

Parameters:

Trigger event: ("Service", "add", ONT ID, service label)

Update serive entry point

Method name: updateService (new)

Parameters:

Trigger event: ("Service", "update", ONT ID, service label)

Remove service entry point

Method name: removeService (new)

Parameters:

Trigger event: ("Service", "remove", ONT ID, service label)

Context Operations

Adding custom context

Method name: addContext (new)

Parameters:

If a particular context in the list already exists for the respective ONT ID, it will be ignored.

Trigger event: ("Context", "add", ONT ID, context list to be added)

Removing custom context

Method name: removeContext (new)

Parameters:

If a particular context in the list does not exist for the respective ONT ID, it will be ignored.

Trigger event: ("Context", "remove", ONT ID, context list to be removed)

Attribute Operations

Registering new ONT ID and adding attributes

Method name: regIDWithAttributes

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 1. The public key will be linked to the respective ONT ID upon successful registration, and the attributes passed using parameter no. 2 will be added to the ONT ID.

Trigger event: ("Register", ONT ID)

Owner adds attributes

Method name: addAttributes

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("Attribute", "add", ONT ID, list of key-attribute pair to be added)

Owner adds attributes using index

Method name: addAttributesByIndex

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("Attribute", "add", ONT ID, list of key-attribute pair to be added)

Owner removes attributes

Method name: removeAttribute

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("Attribute", "remove", ONT ID, list of keys for attributes to be removed)

Owner removes attributes using index

Method name: removeAttributeByIndex

Parameters:

The invocation action for this method needs to be signed by the respective ONT ID owner. The signature is verified using the public key serial no. passed as parameter no. 2. The verification public key must already be linked to this ONT ID.

Trigger event: ("Attribute", "remove", ONT ID, list of keys for attributes to be removed)

Controller adds attributes

Method name: addAttributesByController

Parameters:

The proxy controller needs to sign the action in order to invoke this method. If the controller is a single ONT ID, parameter no. 2 is the public key used to verify the signature; and if the parameter is a manager group, parameter no. 2 is a serialized array that contains the list of signers.

Trigger event: ("Attribute", "add by controller", ONT ID, list of key-attribute pair to be added)

Controller removes attributes

Method name: removeAttributeByController

Parameters:

The proxy controller needs to sign the action in order to invoke this method. If the controller is a single ONT ID, parameter no. 2 is the public key used to verify the signature; and if the parameter is a manager group, parameter no. 2 is a serialized array that contains the list of signers.

Trigger event: ("Attribute", "remove by controller", ONT ID, keys for attributes to be removed)

Verification Methods

Signature verification

Method name: VerifySignature

Parameters:

The transaction invoked by the method must contain the verified signature. The verification public key serial no. is passed as the parameter no. 1.

Response: True/False

Verifying controller signature

Method name: VerifyController

Parameters:

If the controller is a single ONT ID, parameter 1 array contains a single element. If it is a manager group, the multiple signers need to be specified in the form of an array.

The transaction invoked by the method must contain the verified signature. If the controller is single ONT ID, the verification public key serial no. is passed as the parameter no. 2. If it is a manager group, parameter no. 2 is an array that contains signers.

Response: True/False

Query Interface

Querying ONT ID Document

Method name: getDocumentJson (new)

Parameters:

Response: Document data corresponding to queried ONT ID. The data is of JSON-LD format.

For specific details on ONT ID Document please refer to ONT ID Specification v2.0.

Query public keys linked to an ONT ID

Method name: getPublicKeysJson

Parameters:

Response: Serialized public key list. Contains the currently valid public keys.

Query key state

Method name: getKeyState

Parameters:

Response: State of the public key with the passed serial no. ("not exist", "in use", "revoked")

Query ONT ID attributes

Method name: getAttributesJson

Parameters:

Response: Serialized attribute list for specied ONT ID.

Query ONT ID services

Method name: getServiceJson (new)

Parameters:

Response: Service details for the specified ONT ID in JSON format.

Query ONT ID controllers

Method name: getControllerJson (new)

Parameters:

Response: Controller related data for the passed ONT ID.

Deprecated Methods

The following methods are now deprecated, but are still part of the interface in order to prevent legacy data compatibility issues.

• addRecovery

• changeRecovery

• getDDO

Storage Description

All the data is stored within the contract, and the storage keys are prefixed with the contract address. For convenient reference, the storage keys below are listed without the prefixes.

Legend:

• + connects the front and back byte string

• ID represents the ONT ID

References

[ONT-ID] ONT ID Specification v2.0