A Domain in IXO represents the on-chain identity record (DID Document) of a Digital Entity, providing management capabilities for verification methods, services, and access controls. Each Digital Entity is anchored by its Domain, which forms a core component of its Digital Twin implementation. Managing Domain settings allows you to configure how your Digital Entity interacts with other participants and services on the IXO network.
IID Document Management
The IXO ID (IID) Module provides a comprehensive set of methods for managing a Domain’s properties on IXO blockchains. Each Domain has a unique identifier that resolves to a W3C-standard DID Document following the IXO ID Method specification. IIDs are IXO’s implementation of the W3C DID standard, extending it with specific features for cross-chain identity and interoperability in the Interchain ecosystem while maintaining full compatibility with the DID specification. Key differences from standard DIDs:- Cross-chain resolution through IBC (Inter-Blockchain Communication)
- Native integration with Cosmos SDK modules
- Extended verification methods for blockchain-specific operations
- Built-in support for IXO’s domain-specific digital twin features, such as Linked Resources, Linked Entities, Linked Claims, Accorded Rights, and Accounts
Prerequisites
Before managing Domain settings, ensure you have:- An IXO wallet with sufficient tokens for transaction fees
- The Domain’s IID (identifier)
- Appropriate signing authority (you must be a controller of the Domain)
- The IXO SDK installed (if using programmatically)
Domain Management Operations
The following sections outline the key operations you can perform on your Domain’s IID Document.Document Updates
Document Updates
Document updates allow you to modify multiple properties of your Domain’s IID Document in a single transaction.When to use: When you need to make multiple changes to your Domain document at once, such as updating verification methods, controllers, and services simultaneously.Important considerations:
- Updates replace existing properties, so include all current values you wish to keep
- Fields not included in the update will remain unchanged
- Document updates are atomic - they either succeed completely or fail
Verification Methods
Verification Methods
Verification methods define the cryptographic keys and proofs your Domain can use for authentication, authorization, and secure communication.When to use: Add verification methods when you need to enable specific cryptographic operations for your Domain, such as digital signatures or key exchange.Important considerations:
- Each verification method must have a unique ID within the Domain
- Different verification types support different cryptographic algorithms
- Relationships determine what operations a verification method can be used for
Services
Services
Services allow your Domain to expose functionality to other entities. Each service has an ID, type, and endpoint.When to use: Add services when you want to expose APIs, messaging endpoints, or other functionality through your Domain.Important considerations:
- Service endpoints should be secure and reliable
- Service types should follow standards for interoperability
- Services can be discovered through the IID Document
Controllers & Resources
Controllers & Resources
Controllers determine who can modify the Domain’s IID Document, while linked resources and accorded rights define what resources and rights are associated with the Domain.When to use: Add controllers when delegating management permissions, and add resources or rights when declaring assets or capabilities associated with your Domain.Important considerations:
- Controllers have full management capabilities over the Domain
- Linked resources can reference any external asset related to the Domain
- Accorded rights represent permissions or capabilities granted by the Domain
Context & Deactivation
Context & Deactivation
Context provides semantic meaning to your Domain document, while deactivation allows you to temporarily disable your Domain.When to use: Add context to improve interoperability with systems that understand specific vocabularies. Deactivate a Domain when you want to temporarily suspend its operations.Important considerations:
- Contexts should reference well-known semantic vocabularies
- Deactivating a Domain doesn’t delete it but prevents its use
- Deactivation can be reversed by setting state to false
Domain Management Workflow
Following these steps will help you effectively manage your Domain settings on IXO blockchains.1
Update Document Structure
Update your Domain’s IID Document structure by:
- Modifying verification methods
- Updating service endpoints
- Adding or removing controllers
- Managing linked resources
2
Manage Verification
Handle verification methods and relationships:
- Add new verification methods
- Set verification relationships
- Handle method revocation
- Update verification proofs
3
Service Management
Configure and manage Domain services:
- Add new service endpoints
- Update existing services
- Remove deprecated services
- Configure service mediators
4
Access Control
Manage Domain access and permissions:
- Add Domain controllers
- Grant specific rights
- Set capability invocations
- Configure capability delegation
Implementation Guide
Each step in the process above corresponds to specific API calls in the IXO SDK. Expand the accordions above to see the code examples for each operation, or follow the detailed guides below for common domain management tasks.Common Domain Management Tasks
Example: Creating a Service-Oriented Domain
1
Create the Domain IID Document
First, initialize a basic Domain document with a controller:
2
Add Service Endpoints
Add service endpoints to make your Domain functional:
3
Set Up Verification Methods
Add verification methods to enable authentication:
Example: Updating Domain Controllers
1
Retrieve Current Controllers
First, get the current list of controllers:
2
Add New Controller
Add a new controller to the Domain:
3
Update Verification Relationships
Ensure the new controller has appropriate verification relationships:
Troubleshooting
Transaction Failed: Unauthorized
Transaction Failed: Unauthorized
Invalid Verification Method
Invalid Verification Method
Verification methods must follow W3C DID specifications.Solution: Ensure your verification method has all required fields and follows the correct format.
Service Endpoint Unreachable
Service Endpoint Unreachable
Services added to your Domain should be operational.Solution: Verify that your service endpoint is publicly accessible before adding it to your Domain.
Related Resources
IXO Identity
Learn about the IXO identity system and how Domains fit into the broader identity framework.
Verification Methods
Explore different verification method types and their cryptographic properties.
Service Types
Discover standard service types and how to implement custom services for your Domain.
W3C DID Specification
Review the W3C standard that defines the Decentralized Identifier specification.