Resetter Approval

Any client could take a resetter role for another client and respond to her client's request with did_resetter_approve operation. The server will take the consensus of all resetters and decide whether to approve or reject the request.

In practice, a client could register multiple DIDs and use her own DIDs to be resetters of another DID. This is discouraged since a client could lose all private keys of all of her DIDs.

Unlike the did_register_resetters and did_revoke_resetters operations that are initiated by the DID owner, the did_resetter_approve is initiated by a DID resetter.

As a resetter, there are three consensus types:

  1. did_register_resetters approves a resetter registration for a DID. A set of resetters will become active after all resetters in the set approve the registration.

  2. did_revoke_resetters approves a resetter revocation for a DID. A set of resetters will be revoked, i.e. become deactivated, if the combined voting powers of all resetters surpass "acceptable_votes".

  3. did_reset approves a DID reset, i.e. resetting all key series in the DID. The reset will take place if the combined voting powers of all resetters surpass "acceptable_votes".

In the HTTP request for did_resetter_approve, a resetter must specify the attribute "consensus" that contains (i) the consensus type, (ii) DID address of the target client and (iii) the DID address of the resetter who makes this HTTP request, which are seperated by | as follows:

"consensus": "consensus_name|target_did_address|resetter_did_address"

For a reset request to get approved, not all resetters need to respond to the request. The approval only requires that the combined vote powers of responding resetters surpass the theshold of"acceptable_votes".

post
did_resetter_approve

https://test-network.finema.co/did/<resetter_did_address>/approve
Request
Response
Request
Body Parameters
operation
required
string
The method's name that is "did_resetter_approve".
did_address
optional
string
The DID address.
current_key
required
string
The current public key in the series. It is used to verify the request's signature.
next_key_hash
required
string
The SHA-256 hash of the next public key in the series.
consensus
required
string
The name of the invoked resetter consensus.
new_key_hash
required
string
The SHA-256 hash of the first public key in the new series.
nonce
required
number
The request nonce.
Response
200: OK
The operation name, resetter's DID address (<resetter_did_address>) and "consensus" are given as the response. Depending on the request, consensus_name could be either (i) did_register_resetters, (ii) did_revoke_resetters or (iii) did_reset.
{
"operation": "did_resetter_approve",
"did_address": "did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"consensus": "consensus_name|did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370|did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf"
}
422: Unprocessable Entity
{
"errors": [
{
"status": 422,
"title": "Invalid Attribute",
"detail": "the server cannot process the request",
}
]
}

Example Messages and Requests

If that the resetter DID is did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbfand the target DID address is did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370 , then the field "consensus" must have the following form:

"consensus": "consensus_name|did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370|did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf"

where consensus_name could be either (i) did_register_resetters, (ii) did_revoke_resetters or (iii) did_reset.

1. Approve a resetter registration:

{
"operation": "did_resetter_approve",
"did_address": "did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeR8NhQeHPT7l1yMyvkZMacPpibjH\n7mp5IRyO2J2kuE97h/fzu1c/7DFsO23qUN6/OezYglMEkoVo5Ob1b6k53A==\n-----END PUBLIC KEY-----",
"next_key_hash": "a18b790a92683ad00d3562de385ca9e07d20a729809c782e72412f57dd847105"
"consensus": "did_register_resetters|did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370|did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"nonce": 5
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
"message": "ewogICAgIm9wZXJhdGlvbiI6ICJkaWRfcmVnaXN0ZXJfcmVzZXR0ZXJzIiwKICAgICJkaWRfYWRkcmVzcyI6ICJkaWQ6aWRpbjo5Y2QxOWQ0Y2JhYjljYTFkNmY0YzZhNGI5MTE3ZmI4OTA0ZjI1MGI0NzMwN2NmNGY0ODQ0MjRmNDRlMGM4MzcwIiwKICAgICJjdXJyZW50X2tleSI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZVI4TmhRZUhQVDdsMXlNeXZrWk1hY1BwaWJqSFxuN21wNUlSeU8ySjJrdUU5N2gvZnp1MWMvN0RGc08yM3FVTjYvT2V6WWdsTUVrb1ZvNU9iMWI2azUzQT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLAogICAgIm5leHRfa2V5X2hhc2giOiAiYTE4Yjc5MGE5MjY4M2FkMDBkMzU2MmRlMzg1Y2E5ZTA3ZDIwYTcyOTgwOWM3ODJlNzI0MTJmNTdkZDg0NzEwNSIKICAgICJub25jZSI6IDEKfQ==",
"signature": "OTI3MzgyNDgzNTQ3NTU5ODMyNTM1NzYwMDc2MTEwNzYwMTUzMjAzMzQ2NzQ5MDU4NzIwMzM4ODUzNjc4OTE2MTI2NzA2NzQyODgyMDcsIDQ1MjE2NzEwMzM3MjI5NjEzOTc3MjYxMzY2MjUwODYxOTA5MzY2MDU1MDg2Mjk0NzEyMDAwMTU3MjU4ODYxNTQ3ODUzNDc3NTY2ODQw"
}

2. Approves a resetter revocation:

{
"operation": "did_resetter_approve",
"did_address": "did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeR8NhQeHPT7l1yMyvkZMacPpibjH\n7mp5IRyO2J2kuE97h/fzu1c/7DFsO23qUN6/OezYglMEkoVo5Ob1b6k53A==\n-----END PUBLIC KEY-----",
"next_key_hash": "a18b790a92683ad00d3562de385ca9e07d20a729809c782e72412f57dd847105"
"consensus": "did_revoke_resetters|did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370|did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"nonce": 6
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
"message": "ewogICAgIm9wZXJhdGlvbiI6ICJkaWRfcmVnaXN0ZXJfcmVzZXR0ZXJzIiwKICAgICJkaWRfYWRkcmVzcyI6ICJkaWQ6aWRpbjo5Y2QxOWQ0Y2JhYjljYTFkNmY0YzZhNGI5MTE3ZmI4OTA0ZjI1MGI0NzMwN2NmNGY0ODQ0MjRmNDRlMGM4MzcwIiwKICAgICJjdXJyZW50X2tleSI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZVI4TmhRZUhQVDdsMXlNeXZrWk1hY1BwaWJqSFxuN21wNUlSeU8ySjJrdUU5N2gvZnp1MWMvN0RGc08yM3FVTjYvT2V6WWdsTUVrb1ZvNU9iMWI2azUzQT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLAogICAgIm5leHRfa2V5X2hhc2giOiAiYTE4Yjc5MGE5MjY4M2FkMDBkMzU2MmRlMzg1Y2E5ZTA3ZDIwYTcyOTgwOWM3ODJlNzI0MTJmNTdkZDg0NzEwNSIKICAgICJub25jZSI6IDEKfQ==",
"signature": "OTI3MzgyNDgzNTQ3NTU5ODMyNTM1NzYwMDc2MTEwNzYwMTUzMjAzMzQ2NzQ5MDU4NzIwMzM4ODUzNjc4OTE2MTI2NzA2NzQyODgyMDcsIDQ1MjE2NzEwMzM3MjI5NjEzOTc3MjYxMzY2MjUwODYxOTA5MzY2MDU1MDg2Mjk0NzEyMDAwMTU3MjU4ODYxNTQ3ODUzNDc3NTY2ODQw"
}

3. Approve a DID reset:

{
"operation": "did_resetter_approve",
"did_address": "did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeR8NhQeHPT7l1yMyvkZMacPpibjH\n7mp5IRyO2J2kuE97h/fzu1c/7DFsO23qUN6/OezYglMEkoVo5Ob1b6k53A==\n-----END PUBLIC KEY-----",
"next_key_hash": "a18b790a92683ad00d3562de385ca9e07d20a729809c782e72412f57dd847105"
"new_key_hash": "b8b31dedff55764dfc752255a32995369dbb460811999e1f3bdf25095371dcd2",
"consensus": "did_reset|did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370|did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbf",
"nonce": 7
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
"message": "ewogICAgIm9wZXJhdGlvbiI6ICJkaWRfcmVnaXN0ZXJfcmVzZXR0ZXJzIiwKICAgICJkaWRfYWRkcmVzcyI6ICJkaWQ6aWRpbjo5Y2QxOWQ0Y2JhYjljYTFkNmY0YzZhNGI5MTE3ZmI4OTA0ZjI1MGI0NzMwN2NmNGY0ODQ0MjRmNDRlMGM4MzcwIiwKICAgICJjdXJyZW50X2tleSI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZVI4TmhRZUhQVDdsMXlNeXZrWk1hY1BwaWJqSFxuN21wNUlSeU8ySjJrdUU5N2gvZnp1MWMvN0RGc08yM3FVTjYvT2V6WWdsTUVrb1ZvNU9iMWI2azUzQT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLAogICAgIm5leHRfa2V5X2hhc2giOiAiYTE4Yjc5MGE5MjY4M2FkMDBkMzU2MmRlMzg1Y2E5ZTA3ZDIwYTcyOTgwOWM3ODJlNzI0MTJmNTdkZDg0NzEwNSIKICAgICJub25jZSI6IDEKfQ==",
"signature": "OTI3MzgyNDgzNTQ3NTU5ODMyNTM1NzYwMDc2MTEwNzYwMTUzMjAzMzQ2NzQ5MDU4NzIwMzM4ODUzNjc4OTE2MTI2NzA2NzQyODgyMDcsIDQ1MjE2NzEwMzM3MjI5NjEzOTc3MjYxMzY2MjUwODYxOTA5MzY2MDU1MDg2Mjk0NzEyMDAwMTU3MjU4ODYxNTQ3ODUzNDc3NTY2ODQw"
}