Decentralized Access Control to a resource; usecase of SSI and DID

[Vishwas1]

Decentralise access grant to a resource.

In case of hyperfyre, associated DID with an ORG can be termed as "resource". And access of the ORG simply means , whoever controls that DID , has access to the ORG.

Let's see, how we can implement team management in Hyperfyre using DID.

Prior knowledge

There is concept of Multiple DID controller to a didDoc - this means that more than one DID controllers can control (update/delete) a particular did Doc.

Team management using DID on Hyperfyre

• Now, Imagine there is User1 creates an ORG in hyperfyre. Creating ORG simply means, registering DID for ORG with controller as User1 -> User1 can modify the ORG DID.
• The User1 now creates a team under ORG and invites User2 on the HF platform.
• User2 accepts the invite -> this means, a new controller (User2) gets associated to ORG DID => which then means that User2 now has access to the ORG DID.
• Similarly other Users can get associated with ORG DID.
• Now anyone of these User;s will do DID auth to access the ORG DID.

Actions	State of Org1 DID Doc	Who has access?
User1 creates Org1	{"id": "did:hs:org1", "name": "ORG1","controllers": ["did:hs:user1"], "authentication": [ "did:hs:user1#key1" ] }	User 1
User2 accepts the invitation	{"id": "did:hs:org1","name": "ORG1","controllers": ["did:hs:user1", "did:hs:user2"],"authentication": ["did:hs:user1#key1","did:hs:user2#key1"]}	User 1 & User 2
User3 accepts the invitation	{"id": "did:hs:org1","name": "ORG1","controllers": ["did:hs:user1", "did:hs:user2", "did:hs:user3"],"authentication": ["did:hs:user1#key1","did:hs:user2#key1","did:hs:user3#key1"]}	User 1 , User2 & User3

[Vishwas1]

@vikramIde commented

Yahi to kiya hai Arcana walon ne

[Vishwas1]

Verifiable Conditions

• https://w3c.github.io/did-spec-registries/#verifiablecondition2021
• https://w3c-ccg.github.io/verifiable-conditions/

we can make use of this for various ssi use case.

{
    "id": "did:example:123#1",
    "controller": "did:example:123",
    "type": "VerifiableCondition2021",
    "conditionAnd": [{
        "id": "did:example:123#1-1",
        "controller": "did:example:123",
        "type": "VerifiableCondition2021",
        "conditionOr": [{
            "id": "did:example:123#1-1-1",
            "controller": "did:example:123",
            "type": "EcdsaSecp256k1VerificationKey2019",
            "publicKeyBase58": "5JBxKqYKzzoHrzeqwp6zXk8wZU3Ah94ChWAinSj1fYmyJvJS5rT"
        }, {
            "id": "did:example:123#1-1-2",
            "controller": "did:example:123",
            "type": "Ed25519VerificationKey2018",
            "publicKeyBase58": "PZ8Tyr4Nx8MHsRAGMpZmZ6TWY63dXWSCzamP7YTHkZc78MJgqWsAy"
        }]
    }, {
        "id": "did:example:123#1-2",
        "controller": "did:example:123",
        "type": "Ed25519VerificationKey2018",
        "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }]
}```