Components of the IMP
This section explains the different components of the Identity Management Pallet
Since the Identity management pallet directly interacts with the front end, it is made up of different components. These components include:
Identity Struct
An Identity Struct is a JSON data structure that contains information about an individual's identity. This data structure is used to represent and manage the attributes and characteristics of a user’s digital identity within the hub.
The IdentityHub supports linking, unlinking, and verifying multiple identities in batches to reduce the number of needed calls. It also supports linking multiple identities to one litentry account.
In order to achieve this, multiple fields are packed into one single identity
struct and multiple identities
as an array in the identity
field. A typical example of a single identity struct in the pallet is shown below:
Only identity type
and address
in the fields are required, other fields are optional:
type
- Types of identities to be linked, e.g. Twitter, GitHub, discord, substrate, EVM
address
- concrete address or handle, e.g. 0x1234
, twitterHandle
webtype
- web2
or web3
metadata
- placeholder for potential metadata, it makes it more extensible as well.
needVerification
- By default, the optional fields are false and only used when linking the identities. if the stated identity type and address need verification. When it’s false, the given identity information will still be stored in TEE, but marked as “untrusted/unverified”; when it’s true, a challenge code will be generated and broadcasted as events for further verification.
web2ValidationData
- This is only used when verifying web2 identities e.g. the URL link
to the public post where an encrypted message is included.
web3ValidationData
- This is only used when verifying web3 identities, e.g calling extrinsincs.
ID Graph
An identity Graph is a data structure that represents the relationships between different identities that belong to the same individual. It represents the relationship between a user’s different accounts and can be used to map out a user’s aggregated identity through any of the associated identity data. The IdentityHub aims to provide the tool to generate an identity graph for the use of generating a user's verifiable identity data for both Web2 and Web3 data.
At its core, it is a collection of information that links together all of the different identities that belong to a single individual. This information includes the identity information in the Identity Struct
such as identity type, address, web2 and, web3 data, and other identifying information. By linking all of this information together, an Identity Graph provides a comprehensive view of an individual's digital identity.
An identity graph is retrieved from multiple associated identity pairs with verifiable identity verification proofs. An identity pair is a pairing of two web3 addresses or a pairing of a web3 address and a web2 account, it proves the joint ownership of the two associated accounts.
Data structure
An ID graph is composed of a list of the Web3 and Web2 accounts owned by the owner and their corresponding proofs.
Identity pair
Each ID graph is extracted by ID pairs. An ID pair is made of two decentralized verifiable ownership claims. Each ID pair claims the joint ownership of two accounts, it can be a pairing of two web3 addresses or a pairing of a web3 address and a web2 account. Everyone can verify and trust the ID pair.
Merging
An ID pair is the smallest combination of an ID graph. For ID graphs that have a common address, one ID graph will be merged into the other ID graph and keep only one.
Shielding Key
A shielding key is a 256-bit AES-GCM cryptographic key pair that is generated randomly and protected by the user password. Its public key is used by the Litentry TEE worker to encrypt user-sensitive information when passing back the data. It is used to encrypt all the data in the communication between the user and the Litentry Parachain. The shielding key is generated in the user’s local environment and used by the IDHLS to isolate sensitive user data from the IDH server and all other third parties.
Overall, it is an extra layer of security on top of your Substrate private key (Account) used exclusively to encrypt your data for transmission and ensure only you or the Enclaves can decrypt it.
It is important to note that there are two types of shielding keys;
User shielding key - This key is applied to the on-chain data returned by TEE. TEE shielding key- is used in the other direction (user -> TEE) and is publicly visible.
Last updated
Was this helpful?