Decentralized Identity Manager: Access Control and Management

1.1 Decentralized Identity Manager Overview

Decentralized Identity Manager (DIM) is a robust tool for managing and verifying digital identities on the blockchain. Designed to enhance privacy, security, and control, it allows users to manage digital identities with secure access permissions, authenticate users, and control data-sharing across decentralized applications (dApps).

This guide provides an overview of access control and identity management functions and includes sample code for managing decentralized identities (DIDs) using blockchain-based methods.

---

1.2 Code for Digital Identity Management on Blockchain

Prerequisites

• Node.js and npm installed.

• The following libraries installed:

npm install ethr-did did-jwt vc-js web3

1.2.1 Creating a Decentralized Identifier (DID)

const { EthrDID } = require('ethr-did');
const Web3 = require('web3');

// Initialize Web3 provider
const web3 = new Web3('https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID');

// User's Ethereum private key
const privateKey = '0xYOUR_PRIVATE_KEY';
const publicKey = web3.eth.accounts.privateKeyToAccount(privateKey).address;

// Create a new DID for the user
const did = new EthrDID({ identifier: publicKey, privateKey });

console.log("User's DID:", did.did);

Output

User's DID: did:ethr:0xYourEthereumAddress

1.2.2 Issuing a Verifiable Credential (VC)

const { Ed25519KeyPair } = require('crypto-ld');
const { VerifiableCredential, signCredential } = require('vc-js');

// Generate a sample credential
const credential = {
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "https://example.com/credentials/1872",
  "type": ["VerifiableCredential", "IdentityCredential"],
  "issuer": did.did,
  "issuanceDate": new Date().toISOString(),
  "credentialSubject": {
    "id": did.did,
    "name": "Alice",
    "email": "alice@example.com",
    "accessLevel": "Admin"
  }
};

// Sign the credential with the DID
const signedCredential = await signCredential({
  credential,
  suite: new Ed25519KeyPair({
    controller: did.did,
    privateKey
  })
});

console.log("Signed Credential:", JSON.stringify(signedCredential, null, 2));

1.2.3 Verifying Identity and Access Permissions

const { verifyCredential } = require('vc-js');

// Verify the signed credential
const isValid = await verifyCredential({
  credential: signedCredential,
  suite: new Ed25519KeyPair({
    controller: did.did,
    privateKey
  })
});

if (isValid) {
  console.log("Credential is valid, user identity confirmed.");
} else {
  console.log("Credential verification failed.");
}

1.2.4 Access Control Example: Identity-Based Resource Access

const accessControl = (credential, requiredLevel) => {
  const userAccessLevel = credential.credentialSubject.accessLevel;
  if (userAccessLevel === requiredLevel) {
    console.log("Access granted.");
  } else {
    console.log("Access denied. Insufficient permissions.");
  }
};

// Example use
accessControl(signedCredential, 'Admin');

Output

Access granted.

---

1.3 API for Identity Management and Integration

1.3.1 POST /identity/create

Request

curl -X POST "https://api.capsurelabs.com/identity/create" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"user_id": "12345"}'

1.3.2 POST /identity/issue_credential

Request

curl -X POST "https://api.capsurelabs.com/identity/issue_credential" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"did": "did:ethr:0xYourEthereumAddress", "credential_data": {"name": "Alice", "accessLevel": "Admin"}}'

1.3.3 POST /identity/verify

curl -X POST "https://api.capsurelabs.com/identity/verify" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"did": "did:ethr:0xYourEthereumAddress", "credential": <signedCredential>}'