Fission Whitepaper
Search…
Fission Whitepaper
Abstract
Contributors
Introduction
Context
The Constellation
High Level Architecture
Foundation
Unified Storage
Digital Scarcity
Portable Compute
Authorization
Overview
Self-Certified
Challenge-Based
DID Document
Access Control
Object Capability Model
Query Access
Command & Mutation
Accounts
Registration
Delegation
Login
Recovery
Multifactor Authentication
File System
Basics
Partitions
Unlisted
Share
Links
Events
Consistency
Distribution
Apps
Hosting
Layout
Clone
Follow
Database
WNKV
WNDB
Dynamic FaaS
Distributed & Edge FaaS
Powered By GitBook
DID Document
Since our DID method is a single, public key, the DID document itself may be reconstructed from a public key at any time. This layer exists purely for compatibility purposes. This is the W3C did:key specification.

Complete Example Document

DID documents of this type always follow this exact format:
{
"@context": "https://w3id.org/did/v1",
"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
"publicKey": [{
"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey",
"type": "Ed25519VerificationKey2018",
"controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
"publicKeyBase58": "B12NYF8RrR3h41TDCTJojY59usg3mbtbjnFs7Eud1Y6u"
}],
"authentication": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
],
"assertionMethod": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
],
"capabilityDelegation": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
],
"capabilityInvocation": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
],
"keyAgreement": [{
"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#kakey",
"type": "X25519KeyAgreementKey2019",
"controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
"publicKeyBase58": "JhNWeSVLMYccCk7iopQW4guaSJTojqpMEELgSLhKwRr"
}]
}

@context

The @context key states which version of the spec this DID conforms to.
For example: 'https://w3id.org/did/v1'

id

The id is the concatenation of the method did:key: with the public key.
For example
'did:nacl:Md8JiMIwsapml_FtQ2ngnGftNP5UmVCAUuhnLyAsPxI'

publicKey

The publicKey array MUST:
  • Contain EXACTLY one key record
  • The public keys MUST be identical
  • MUST use the index #pubkey
  • MUST have the type ED25519SignatureVerification2018
  • Be encoded in base64 (for transmission and consistency)

Example

"publicKey": [{
"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey",
"type": "Ed25519VerificationKey2018",
"controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
"publicKeyBase58": "B12NYF8RrR3h41TDCTJojY59usg3mbtbjnFs7Eud1Y6u"
}]
This contains a lot of redundant information, but is required to be compatible with other DID services
Unlike many other DID methods, a Fission Identity MUST contain exactly one key. Fission treats identity as pseudonymous at best and thus relegates access control to the realm of verifiable claims.
There is a need for non updateable DID's for use in IOT and other applications, where lack of network, size of code base and other such concerns are paramount to adoption. These concerns need to be addressed while not lowering the overall security guarantees.
~The uPort NaCL README
Our motivation is focused primarily on universality. Rather than updating a document over time, the DID is minimal, immutable, and may be reconstructed from a key pair at any time.

authentication

The authentication array MUST:
  • Contain EXACTLY one key record
  • The key MUST be identical to #pubkey

Example

"authentication": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
]

assertionMethod

The assertionMethod array must contain EXACTLY the public key referenced in publicKey.id

Example

"assertionMethod": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
]

capabilityDelegation

The capabilityDelegation array must contain EXACTLY the public key referenced in publicKey.id

Example

"capabilityDelegation": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
]

capabilityInvocation

The capabilityInvocation array must contain EXACTLY the public key referenced in publicKey.id

Example

"capabilityInvocation": [
"did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"
]

keyAgreement

The keyAgreement array MUST
  • Include EXACTLY one key record
  • The id MUST match the public key, but indexed with #kakey
  • The type MUST set to X25519KeyAgreementKey2019
  • The controller MUST exactly match the public key
  • Include a base58-encoded public key

Example

"keyAgreement": [{
"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#kakey",
"type": "X25519KeyAgreementKey2019",
"controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
"publicKeyBase58": "JhNWeSVLMYccCk7iopQW4guaSJTojqpMEELgSLhKwRr"
}]
Authorization - Previous
Challenge-Based
Next - Access Control
Object Capability Model
Last modified 1yr ago
Export as PDF
Copy link
Outline
Complete Example Document
@context
id
publicKey
Example
authentication
Example
assertionMethod
Example
capabilityDelegation
Example
capabilityInvocation
Example
keyAgreement
Example