Resetter Approval

Any client could take a resetter role for another client and respond to her client's request with did_resetter_approve operation. The server will take the consensus of all resetters and decide whether to approve or reject the request.

In practice, a client could register multiple DIDs and use her own DIDs to be resetters of another DID. This is discouraged since a client could lose all private keys of all of her DIDs.

Unlike the did_register_resetters and did_revoke_resetters operations that are initiated by the DID owner, the did_resetter_approve is initiated by a DID resetter.

As a resetter, there are three consensus types:

  1. did_register_resetters approves a resetter registration for a DID. A set of resetters will become active after all resetters in the set approve the registration.

  2. did_revoke_resetters approves a resetter revocation for a DID. A set of resetters will be revoked, i.e. become deactivated, if the combined voting powers of all resetters surpass "acceptable_votes".

  3. did_reset approves a DID reset, i.e. resetting all key series in the DID. The reset will take place if the combined voting powers of all resetters surpass "acceptable_votes".

In the HTTP request for did_resetter_approve, a resetter must specify the attribute "consensus" that contains (i) the consensus type, (ii) DID address of the target client and (iii) the DID address of the resetter who makes this HTTP request, which are seperated by | as follows:

"consensus": "consensus_name|target_did_address|resetter_did_address"

For a reset request to get approved, not all resetters need to respond to the request. The approval only requires that the combined vote powers of responding resetters surpass the theshold of"acceptable_votes".

did_resetter_approve

POST https://test-network.finema.co/did/<resetter_did_address>/approve

Request Body

Name
Type
Description

operation

string

The method's name that is "did_resetter_approve".

did_address

string

The DID address.

current_key

string

The current public key in the series. It is used to verify the request's signature.

next_key_hash

string

The SHA-256 hash of the next public key in the series.

consensus

string

The name of the invoked resetter consensus.

new_key_hash

string

The SHA-256 hash of the first public key in the new series.

nonce

number

The request nonce.

{
    "operation": "did_resetter_approve",
    "did_address": "did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "consensus": "consensus_name|did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5|did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0"
}

Example Messages and Requests

If that the resetter DID is did:idin:03e450465cd3bd268163dde7223bfb99efe03e3cbf279f6b1772050e09e09fbfand the target DID address is did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370 , then the field "consensus" must have the following form:

"consensus": "consensus_name|did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5|did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0"

where consensus_name could be either (i) did_register_resetters, (ii) did_revoke_resetters or (iii) did_reset.

1. Approve a resetter registration:

{
    "consensus": "did_register_resetters|did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5|did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIefmMIcLLop4og/YYR8NrcZTS378\nRfODoXU27dtXV7jJ+opms04VPgTuqLLlVyPr6hgU213ei2M37sHNOQt74A==\n-----END PUBLIC KEY-----",
    "next_key_hash": "b410dd10dbe4c582583776c943e37613ecff16a51385fbc65b57b85474f4d1ca",
    "operation": "did_resetter_approve",
    "did_address": "did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "nonce": 1
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
    "message": "eyJjb25zZW5zdXMiOiAiZGlkX3JlZ2lzdGVyX3Jlc2V0dGVyc3xkaWQ6aWRpbjphZmI3YmE4OGM3NmVkYmRhNTVjMzQ0YjcwYWUwY2YwNTU2ZDc3MGVjMjU2ODIwZDcxODUwMDBkZTM5NTM5MWI1fGRpZDppZGluOjA0OGNhMjNjN2VkZmI3MTY1NWNiNmRjNTYyOGM4MzI3ODE2ZWRmY2IzNzc5NjNkZWVjYmEzYTNlOTFlNWY4YjAiLCAiY3VycmVudF9rZXkiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUllZm1NSWNMTG9wNG9nL1lZUjhOcmNaVFMzNzhcblJmT0RvWFUyN2R0WFY3akorb3BtczA0VlBnVHVxTExsVnlQcjZoZ1UyMTNlaTJNMzdzSE5PUXQ3NEE9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwgIm5leHRfa2V5X2hhc2giOiAiYjQxMGRkMTBkYmU0YzU4MjU4Mzc3NmM5NDNlMzc2MTNlY2ZmMTZhNTEzODVmYmM2NWI1N2I4NTQ3NGY0ZDFjYSIsICJvcGVyYXRpb24iOiAiZGlkX3Jlc2V0dGVyX2FwcHJvdmUiLCAiZGlkX2FkZHJlc3MiOiAiZGlkOmlkaW46MDQ4Y2EyM2M3ZWRmYjcxNjU1Y2I2ZGM1NjI4YzgzMjc4MTZlZGZjYjM3Nzk2M2RlZWNiYTNhM2U5MWU1ZjhiMCIsICJub25jZSI6IDF9",
    "signature": "MEUCIQCOKd+bLX69VEmLV8PA7X9/22el2X56WplZG+iCHV+hdAIgZnLZDi6yQ2/siv7VEhb1TeeGCvU/7Db22zSPzAD/GZQ="
}

2. Approves a resetter revocation:

{
    "operation": "did_resetter_approve",
    "did_address": "did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh0qHd7FcTODcLPj6Hy4QB8EXPq01\nL0yNT0aynCtrqee4fLKkWcOk5N2vz0TQ6yvogkNFD+N7fyHbcuEvnu5/ow==\n-----END PUBLIC KEY-----",
    "next_key_hash": "7b8fa478e5f445bac96c2960b71b4a6dbdf5bcedf14fd56915399e71d590c07b",
    "consensus": "did_revoke_resetters|did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5|did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "nonce": 6
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
    "message": "eyJjb25zZW5zdXMiOiAiZGlkX3Jldm9rZV9yZXNldHRlcnN8ZGlkOmlkaW46YWZiN2JhODhjNzZlZGJkYTU1YzM0NGI3MGFlMGNmMDU1NmQ3NzBlYzI1NjgyMGQ3MTg1MDAwZGUzOTUzOTFiNXxkaWQ6aWRpbjowNDhjYTIzYzdlZGZiNzE2NTVjYjZkYzU2MjhjODMyNzgxNmVkZmNiMzc3OTYzZGVlY2JhM2EzZTkxZTVmOGIwIiwgImN1cnJlbnRfa2V5IjogIi0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVoMHFIZDdGY1RPRGNMUGo2SHk0UUI4RVhQcTAxXG5MMHlOVDBheW5DdHJxZWU0ZkxLa1djT2s1TjJ2ejBUUTZ5dm9na05GRCtON2Z5SGJjdUV2bnU1L293PT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLSIsICJuZXh0X2tleV9oYXNoIjogIjdiOGZhNDc4ZTVmNDQ1YmFjOTZjMjk2MGI3MWI0YTZkYmRmNWJjZWRmMTRmZDU2OTE1Mzk5ZTcxZDU5MGMwN2IiLCAib3BlcmF0aW9uIjogImRpZF9yZXNldHRlcl9hcHByb3ZlIiwgImRpZF9hZGRyZXNzIjogImRpZDppZGluOjA0OGNhMjNjN2VkZmI3MTY1NWNiNmRjNTYyOGM4MzI3ODE2ZWRmY2IzNzc5NjNkZWVjYmEzYTNlOTFlNWY4YjAiLCAibm9uY2UiOiAyfQ==",
    "signature": "MEQCIC3/LHAO4W6J4hXxnFyjLBcuGPGrdq5ksyrbxcJcZO8TAiAwnn2UyKXYcFlxUDxTmMA9dHxFnzDCXDA7somw21Z3jA=="
}

3. Approve a DID reset:

{
    "consensus": "did_reset|did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5|did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "new_key_hash": "0874c5673691f7d08a6846fbfeb1f08595ea07c7002e18b2c382f3d4be7fc3f1",
    "current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEB1w2xiPd6UPTMd5zM3qLb66yNPVL\nkRwq7qM5Gmgf4+NDeJBWWxy/u8bL9VwTdPXhm9f91aHwPu5/BMln05SxPA==\n-----END PUBLIC KEY-----",
    "next_key_hash": "f91ce1eabfd805562d4c58ea59674129ef17a510022b2ade24593ca73d8c08b4",
    "operation": "did_resetter_approve",
    "did_address": "did:idin:048ca23c7edfb71655cb6dc5628c8327816edfcb377963deecba3a3e91e5f8b0",
    "nonce": 4
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
    "message": "eyJjb25zZW5zdXMiOiAiZGlkX3Jldm9rZV9yZXNldHRlcnN8ZGlkOmlkaW46YWZiN2JhODhjNzZlZGJkYTU1YzM0NGI3MGFlMGNmMDU1NmQ3NzBlYzI1NjgyMGQ3MTg1MDAwZGUzOTUzOTFiNXxkaWQ6aWRpbjowNDhjYTIzYzdlZGZiNzE2NTVjYjZkYzU2MjhjODMyNzgxNmVkZmNiMzc3OTYzZGVlY2JhM2EzZTkxZTVmOGIwIiwgImN1cnJlbnRfa2V5IjogIi0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVRRlZNNktNMDlzWjRVWm8zUE1tYkRlMSt6am5OXG5BcmF1TjlEUjBDTmVRb20ybi9COUFDVHZRT3pua0VCTTNiRW4xdmtkeWRiZExVcC9lcXRVWFdhbDlnPT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLSIsICJuZXh0X2tleV9oYXNoIjogImZmMjM4NThlYTAzYmZmZGQ0NTA2MjI3NGVlNzQ2ZmI4ZWFiOGU0ZmFkYTcyYzA0YmM1MjZjZmU5MjdjYzFlNDMiLCAib3BlcmF0aW9uIjogImRpZF9yZXNldHRlcl9hcHByb3ZlIiwgImRpZF9hZGRyZXNzIjogImRpZDppZGluOjA0OGNhMjNjN2VkZmI3MTY1NWNiNmRjNTYyOGM4MzI3ODE2ZWRmY2IzNzc5NjNkZWVjYmEzYTNlOTFlNWY4YjAiLCAibm9uY2UiOiAzfQ==",
    "signature": "MEQCIDdve4Sa1O52Dl3IoI1x9pkSssYP//qJps8RDH4ZCRVJAiApNRuwiT0zD3rUtaSE9KArV4OAs4qYkgbwAwZPvKNkCA=="
}
PreviousResetter RevocationNextGET DID Nonce

Last updated