Proxy contract for key management and execution, to establish a Blockchain identity.
## Abstract
The following describes standard functions for a unique identity for humans, groups, objects and machines.
This identity can hold keys to sign actions (transactions, documents, logins, access, etc), and claims, which are attested from third parties (issuers) and self attested ([#ERC735](https://github.com/ethereum/EIPs/issues/735)), as well as a proxy function to act directly on the blockchain.
## Motivation
This standardised identity interface will allow Dapps, smart contracts and thirdparties to check the validity of a person, organisation, object or machine through 2 steps as described in the function XXX. Trust is here transfered to the issuers of claims.
The most important functions to verify an identity are: `XXX`
The most important functions to manage an identity are: `XXX`
## Definitions
-`keys`: Keys are public keys from either external accounts, or contract addresses.
-`claim issuer`: is another smart contract or external account, which issues claims about this identity. The claim issuer can be an identity contract itself.
-`claim`: For details about claims see [#ERC735](https://github.com/ethereum/EIPs/issues/735)
## Specification
### Key Management
Keys are cryptographic public keys, or contract addresses associated with this identity.
The structure should be as follows:
-`key`: A public key owned by this identity
-`purpose`: `uint256[]` Array of the key types, like 1 = MANAGEMENT, 2 = ACTION, 3 = CLAIM, 4 = ENCRYPTION
-`keyType`: The type of key used, which would be a `uint256` for different key types. e.g. 1 = ECDSA, 2 = RSA, etc.
-`key`: `bytes32` The public key. // for non-hex and long keys, its the Keccak256 hash of the key
```js
struct Key {
uint256[] purposes;
uint256 keyType;
bytes32 key;
}
```
#### getKey
Returns the full key data, if present in the identity.
``` js
function getKey(bytes32 _key) constant returns(uint256[] purposes, uint256 keyType, bytes32 key);
```
#### keyHasPurpose
Returns the `TRUE` if a key has is present and has the given purpose. If key is not present it returns `FALSE`.
``` js
function keyHasPurpose(bytes32 _key, uint256 purpose) constant returns(bool exists);
```
#### getKeysByPurpose
Returns an array of public key bytes32 hold by this identity.
``` js
function getKeysByPurpose(uint256 _purpose) constant returns(bytes32[] keys);
```
#### addKey
Adds a `_key` to the identity. The `_purpose` specifies the purpose of key. Initially we propose four purposes:
-`1`: MANAGEMENT keys, which can manage the identity
-`2`: ACTION keys, which perform actions in this identities name (signing, logins, transactions, etc.)
-`3`: CLAIM signer keys, used to sign claims on other identities which need to be revokable.
-`4`: ENCRYPTION keys, used to encrypt data e.g. hold in claims.
MUST only be done by keys of purpose `1`, or the identity itself. If its the identity itself, the approval process will determine its approval.
**Triggers Event:** [KeyAdded](#keyadded)
``` js
function addKey(bytes32 _key, uint256 _purpose, uint256 _keyType) returns (bool success)
```
#### removeKey
Removes `_key` from the identity.
MUST only be done by keys of purpose `1`, or the identity itself. If its the identity itself, the approval process will determine its approval.
**Triggers Event:** [KeyRemoved](#keyremoved)
``` js
function removeKey(bytes32 _key, uint256 _purpose) returns (bool success)
**Triggers on direct execution Event:** [Executed](#executed)
``` js
function execute(address _to, uint256 _value, bytes _data) returns (uint256 executionId)
```
#### approve
Approves an execution or claim addition.
This SHOULD require `n` of `m` approvals of keys purpose `1`, if the `_to` of the execution is the identity contract itself, to successfull approve an execution.
And COULD require `n` of `m` approvals of keys purpose `2`, if the `_to` of the execution is another contract, to successfull approve an execution.
**Triggers Event:** [Approved](#approved)
**Triggers on successfull execution Event:** [Executed](#executed)
**Triggers on successfull claim addition Event:** [ClaimAdded](#claimadded)
``` js
function approve(uint256 _id, bool _approve) returns (bool success)
##### The following changes to [ERC 735](https://github.com/ethereum/EIPs/issues/735) are REQUIRED:
#### addClaim
This SHOULD create a pending claim, which SHOULD to be approved or rejected by `n` of `m``approve` calls from keys of purpose `1`.
Only Events:
**Triggers if the claim is new Event and approval process exists:** [ClaimRequested](#claimrequested)
**Triggers if the claim index existed Event:** [ClaimChanged](https://github.com/ethereum/EIPs/issues/735)
#### removeClaim
MUST only be done by the `issuer` of the claim, or keys of purpose `1`, or the identity itself. If its the identity itself, the approval process will determine its approval.
This specification was chosen to allow most flexibility and experimention around identity. By having each identity in a separate contract it allows for cross identity compatibility, but at the same time extra and altered functionality for new use cases.
The main critic of this standard is the verification where each identity that issues a claim, also should have a separate CLAIM signing key attached. While [#ERC780](https://github.com/ethereum/EIPs/issues/780) uses a standardised registry to assign claims to addresses.
Both systems could work in conjunction and should be explored.
While also off-chain claims using DID verifiable claims and merkle tries can be added as claims and should be explored.
