Woleet.ID Server Edition is an open source server and client web app to host inside your organization's IT system. It allows to manage the identity of your corporate users, and allows them to sign data using this identity. A user identity is made of a bitcoin address (derived from a bitcoin key pair) allocated by the server, and of personal identity data (e.g. name, email address, organisation, etc.) provided by the administrator of the service. In short, Woleet.ID Server links bitcoin addresses to personal identity data.
The user interface of Woleet.ID Server Edition is restricted to administrators. It allows to:
- Create a user and set his personal identity data.
- Create a bitcoin address/key pair for a user.
- Configure API tokens allowing to access Woleet.ID Server API.
/sign endpoint is not exposed externally and allows authenticated users to sign some data using their bitcoin address (key pair). It can also be used to sign on behalf of users, provided that the caller provides a suitable API token.
/identity endpoint (also called "Identity URL") is exposed externally and can be used by any third party to verify that your company actually owns a given bitcoin address (key pair) and to retrieve the personal identity data linked to this bitcoin address.
Woleet.ID Server Edition is designed to protect the confidentiality and the integrity of bitcoin private keys, even in case of rooting of the hosting server: private keys are always encrypted in the database using an encryption key that the administrator needs to provide each time the server starts, and key management functions are isolated inside a secure module preventing access to private keys values by scanning the process memory.
In case of suspicion regarding a private key, it can be suspended/resumed via the user interface. In the same way, API tokens and users can be suspended/resumed.
Finally, any modification of the database managed by Woleet.ID Server is logged and can be inspected.