ethereum/EIPs-725

https://github.com/ethereum/EIPs/blob/master/EIPS/eip-725.md

eip	title	author	discussions-to	status	type	category	created
725	Proxy Identity	Fabian Vogelsteller (@frozeman)	https://github.com/ethereum/EIPs/issues/725	Draft	Standards Track	ERC	2017-10-02

 

Simple Summary

Proxy contract for key management and execution, to establish a Blockchain identity.

代理合约是通过建立区块链身份来实现密钥的管理和执行的

Abstract

The following describes standard functions for a unique identity for humans, groups, objects and machines. This identity can hold keys to sign actions (transactions, documents, logins, access, etc), and claims, which are attested from third parties (issuers) and self attested (#ERC735), as well as a proxy function to act directly on the blockchain.

下面描述了给予人、组、物体、机器唯一身份的标准函数的实现。这个身份可以管控密钥来签名所做的操作；claims是通过第三方（发行商）和自己来进行证明的。代理函数是直接在区块链上操作的。

Motivation

This standardised identity interface will allow Dapps, smart contracts and thirdparties to check the validity of a person, organisation, object or machine through 2 steps as described in the function XXX. Trust is here transfered to the issuers of claims.

就是通过调用身份接口来证明这些人、组、物体、机器的有效性，通过以下两步进行：

The most important functions to verify an identity are: XXX

The most important functions to manage an identity are: XXX

Definitions

• keys: Keys are public keys from either external accounts, or contract addresses.来自外部账户或合约账户的公钥
• claim issuer: is another smart contract or external account, which issues claims about this identity. The claim issuer can be an identity contract itself.身份发行商
• claim: For details about claims 身份  see #ERC735

Specification

Key Management

Keys are cryptographic public keys, or contract addresses associated with this identity. The structure should be as follows:

keys就是加密后的公钥（当为EOA账户时）或者与这个身份相关的合约地址

• key: A public key owned by this identity
  • purpose: uint256[] Array of the key types, like 1 = MANAGEMENT, 2 = ACTION, 3 = CLAIM, 4 = ENCRYPTION，这个key的作用是什么，下面有解释
  • keyType: The type of key used, which would be a uint256 for different key types. e.g. 1 = ECDSA, 2 = RSA, etc.key使用的加密方法
  • key: bytes32 The public key. // for non-hex and long keys, its the Keccak256 hash of the key

struct Key {
    uint256[] purposes;
    uint256 keyType;
    bytes32 key;
}

getKey

Returns the full key data, if present in the identity.

function getKey(bytes32 _key) constant returns(uint256[] purposes, uint256 keyType, bytes32 key);

keyHasPurpose

Returns the TRUE if a key has is present and has the given purpose. If key is not present it returns FALSE.

function keyHasPurpose(bytes32 _key, uint256 purpose) constant returns(bool exists);

getKeysByPurpose

Returns an array of public key bytes32 hold by this identity.

function getKeysByPurpose(uint256 _purpose) constant returns(bytes32[] keys);

addKey

Adds a _key to the identity. The _purpose specifies the purpose of key. Initially we propose four purposes:

key的作用

• 1: MANAGEMENT keys, which can manage the identity，用来管理身份
• 2: ACTION keys, which perform actions in this identities name (signing, logins, transactions, etc.)在这个身份下执行操作
• 3: CLAIM signer keys, used to sign claims on other identities which need to be revokable.用来在别的身份上签署claims,这个身份是可以取消的
• 4: ENCRYPTION keys, used to encrypt data e.g. hold in claims.用来加密数据

MUST only be done by keys of purpose 1, or the identity itself. If its the identity itself, the approval process will determine its approval.

Triggers Event: KeyAdded

function addKey(bytes32 _key, uint256 _purpose, uint256 _keyType) returns (bool success)

removeKey

Removes _key from the identity.

MUST only be done by keys of purpose 1（即MANAGEMENT）, or the identity itself. If its the identity itself, the approval process will determine its approval.

Triggers Event: KeyRemoved

function removeKey(bytes32 _key, uint256 _purpose) returns (bool success)

 

Identity usage身份的使用

execute

Executes an action on other contracts, or itself, or a transfer of ether. SHOULD require approve to be called with one or more keys of purpose 1（MANAGEMENT） or 2 （ACTION）to approve this execution.执行对其他合约、合约本身或eth的转让的操作。应该通过调用包含一个或多个实现目的1(管理)或2(动作)key的approve去批准执行。

Execute COULD be used as the only accessors for addKey, removeKey and replaceKey and removeClaim.

Execute可以作为addKey、removeKey和replaceKey以及removeClaim的唯一途径

Returns executionId: SHOULD be send to the approve function, to approve or reject this execution.
返回executionId:应该发送到approve函数，以批准或拒绝此执行。

Triggers Event: ExecutionRequested Triggers on direct execution Event: Executed

function execute(address _to, uint256 _value, bytes _data) returns (uint256 executionId)

 

approve

Approves an execution or claim addition. This SHOULD require n of m approvals of keys purpose 1, if the _to of the execution is the identity contract itself, to successfull approve an execution. And COULD require n of m approvals of keys purpose 2, if the _to of the execution is another contract, to successfull approve an execution.

批准执行或添加有关身份的claim。如果执行的_to是identity合约本身，那么要成功地批准执行，应该需要m个目的1（管理）密钥中n个的批准。如果执行的_to是另一个合约，则可能需要m个目的2（动作）密钥中n个的批准才能成功地批准执行。

Triggers Event: Approved Triggers on successfull execution Event: Executed Triggers on successfull claim addition Event: ClaimAdded

function approve(uint256 _id, bool _approve) returns (bool success)

 

Identity verification

Requires: ERC 735

The following changes to ERC 735 are REQUIRED:

addClaim

This SHOULD create a pending claim, which SHOULD to be approved or rejected by n of m approve calls from keys of purpose 1.创建一个待定的claim，应该需要m个目的1（管理）密钥中n个的批准

Only Events: Triggers if the claim is new Event and approval process exists: ClaimRequested Triggers if the claim index existed Event: ClaimChanged

removeClaim

MUST only be done by the issuer of the claim, or keys of purpose 1, or the identity itself. If its the identity itself, the approval process will determine its approval.

只有claim发行商、目的一的密钥或身份本身能执行。如果是身份本身，审批过程将决定其审批。

问题：key,claim,identity之间的关系到底是什么，看本博客ERC 725 and ERC 735 的实现及关系

Events

KeyAdded

MUST be triggered when addKey was successfully called.

event KeyAdded(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType)

KeyRemoved

MUST be triggered when removeKey was successfully called.

event KeyRemoved(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType)

ExecutionRequested

MUST be triggered when execute was successfully called.

event ExecutionRequested(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data)

Executed

MUST be triggered when approve was called and the execution was successfully approved.

event Executed(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data)

Approved

MUST be triggered when approve was successfully called.

event Approved(uint256 indexed executionId, bool approved)

The following changes to ERC 735 are REQUIRED:

ClaimRequested

MUST be triggered when addClaim was successfully called.

ClaimAdded

MUST be triggered when approve was called and the claim was successfully added.

Constraints

• A claim can only be one type per type per issuer.对于每个发行者，每个类型的claim只能是一种类型

Implementation

• DID resolver specification
• Implementation by mirceapasoi
• Implementation by Nick Poulden, interface at: https://erc725.originprotocol.com/

Solidity Interface

pragma solidity ^0.4.18;

contract ERC725 {

    uint256 constant MANAGEMENT_KEY = 1;
    uint256 constant ACTION_KEY = 2;
    uint256 constant CLAIM_SIGNER_KEY = 3;
    uint256 constant ENCRYPTION_KEY = 4;

    event KeyAdded(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType);
    event KeyRemoved(bytes32 indexed key, uint256 indexed purpose, uint256 indexed keyType);
    event ExecutionRequested(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data);
    event Executed(uint256 indexed executionId, address indexed to, uint256 indexed value, bytes data);
    event Approved(uint256 indexed executionId, bool approved);

    struct Key {
        uint256 purpose; //e.g., MANAGEMENT_KEY = 1, ACTION_KEY = 2, etc.
        uint256 keyType; // e.g. 1 = ECDSA, 2 = RSA, etc.
        bytes32 key;
    }

    function getKey(bytes32 _key) public constant returns(uint256[] purposes, uint256 keyType, bytes32 key);
    function keyHasPurpose(bytes32 _key, uint256 _purpose) public constant returns (bool exists);
    function getKeysByPurpose(uint256 _purpose) public constant returns (bytes32[] keys);
    function addKey(bytes32 _key, uint256 _purpose, uint256 _keyType) public returns (bool success);
    function removeKey(bytes32 _key, uint256 _purpose) public returns (bool success);
    function execute(address _to, uint256 _value, bytes _data) public returns (uint256 executionId);
    function approve(uint256 _id, bool _approve) public returns (bool success);
}