Identity Management

Signature anchoring leverages Bitcoin’s legacy signature scheme. Thus, a signer is identified by his Bitcoin address (a cryptic number like 10cbJgAXivkAMXwfckMKSrTSrHWk3UCQWh). While it may be sufficient for some use cases, it is not human friendly, and there is an obvious need to retrieve the identity of the signer from his Bitcoin address.

Woleet is carefully following the evolutions of decentralized identity management on the blockchain. This field, also known as « self-sovereign identity » aims at giving a better control to individuals on their identity information. While many researches are in progress, there is no standard yet.

Meanwhile, Woleet has chosen to leverage a proven and widely used identity verification system: the Certification Authorities. Certificate Authorities are the trusted third parties issuing the TLS certificates used to secure the web. Thanks to these certificates, you can securely surf the web and be sure you are talking to Google, your bank or your energy utility company.

Wherever the identity of a signer needs to be verifiable, an identity verification URL is added to the signature proof: this URL is served by the organization who performed the identity verification of the signer (KYC) and is protected by the organization's TLS certificate (which is bought by the organization from a Certification Authority who verifies his identity).

This identity URL allows to retrieve the identity of the signer from the Bitcoin address used to sign. Optionally, a challenge can be provided to verify if the organization actually controls the key pair used to sign (which is the case if the organization signed the document on its own or if the signer delegated his signature to the organization). This challenge guarantees that the signature was produced by the organization identified by the TLS certificate of the identity URL.

Once retrieved, the identity claimed by the organization can be compared to the one claimed by the signer (which is usually included in the set of signed data).

Organization can serve their own identity URL by hosting their own Woleet.ID Server Edition or by providing their custom implementation of the identity URL specification.

📘

Identity URL API

You can find the documentation of the identity URL API as provided by Woleet.ID server here


Did this page help you?