GuidesAPI ReferenceChangelogDiscussions
Woleet.io

Identity management

Suggest Edits

Signature anchoring leverages Bitcoin’s legacy signature scheme. Thus, a signer is identified by his Bitcoin address (a cryptic number like 10cbJgAXivkAMXwfckMKSrTSrHWk3UCQWh). While it may be sufficient for some use cases, it is not human friendly, and there is an obvious need to retrieve the identity of the signer from his Bitcoin address.

Woleet is carefully following the evolution of decentralized identity management on the blockchain. This field, also known as « self-sovereign identity » aims at giving a better control to individuals on their identity information. While many researches are in progress, there is no standard yet.

Meanwhile, Woleet has chosen to leverage a proven and widely used identity verification system: the Certification Authorities. Certificate Authorities are the trusted third parties issuing the TLS certificates used to secure the web. Thanks to these certificates, you can securely surf the web and be sure you are talking to Google, your bank or your energy utility company.

Wherever the identity of a signer needs to be verifiable, an identity URL is added to the signature proof: this URL is served by the identity server of the trusted organization who verified the identity of the signer (ie. you did the KYC) and is protected by the organization's TLS certificate (which is bought by the organization from a Certification Authority who verifies his identity).

This identity URL allows to retrieve the identity of the signer from the Bitcoin address used to sign. Optionally, a challenge can be provided to verify that the organization's identity server still controls the key used to sign (which is required in the case of electronic seals). This challenge guarantees that the signature was produced by the organization identified by the TLS certificate of the identity URL.

Once retrieved, the identity claimed by the organization can be compared to the one claimed by the signer (which is usually included in the set of signed data).

Organization can serve their own identity URL by hosting their own Woleet.ID Server Edition or by providing their custom implementation of the identity URL specification.

📘

Identity URL API

You can find the documentation of the identity URL API as provided by Woleet.ID server here

Updated about 2 years ago