DID Controller

Blerify DID Controller is a set of contracts designed to administer DIDs whose DID Registry is built on top of a blockchain network (e.g. lac,lac1 and ethr DID methods). Setting a contract instance of the DID Controller as the controller of a specific DID will allow to manage the services and verifications methods associated to such DID.

Terminology:

• Admin

• Manager

• Assignor

Capability:

Refers to a privilege inherently owned or granted. Such Capabilities are:

• Assertion

• Authentication

• Key Agreement

• Capability Invocation

• Capability Delegation

• Services

Base Considerations:

There are three main levels of control:

• Admin level: Any actor with this privilege has full control over a particular identity instance living on a specified DID Registry, can do any action

• Capability Manager level: Any actor with this privilege can only assign pre defined roles for capabilities or custom ones to "assignors"

• Assignor level: Actor assigned with this privilege can just call the DID Registry through the DID Controller contract and just add a verification relationship or a service to a user

Smart Contract Considerations:

• Due to the roles feature that DID Controller has it allows multiple agents controlling a particular DID Registry at the same time.

• Due to gas limitations, full verification of the payload to be relayed is not made. The contract just resolves the type of property to be added to the DID Document (verification method,service, controller management action) and determines whether the agent calling the contract is authorized to perform such action.