Digital Identifiers
Understanding and managing digital identifiers for cookstove projects in the Emerging platform
Digital identifiers are the foundation of the Emerging platform’s dMRV system, enabling secure, verifiable tracking of all entities in your cookstove projects without compromising privacy or data sovereignty.
Product Overview
The Emerging platform’s Digital Identifier system provides a standardized way to uniquely identify and authenticate all entities in your cookstove projects. Built on decentralized identifier (DID) technology through the Impact Hub public blockchain network, this system enables:
- Unified Entity Registry: Create globally unique identifiers for households, devices, projects, and distribution agents
- Self-Sovereign Control: Maintain full ownership and control of your identifiers without central authority
- Verifiable Credentials: Issue and verify claims about entities in your project ecosystem
- Digital Twin Creation: Generate blockchain-based digital representations (NFTs) of real-world entities
- Secure Authentication: Cryptographically verify the identity of entities interacting with your project
This documentation explains how cookstove project implementers can interact with the platform to generate and manage identifiers and credentials for all project participants and assets.
User Personas
Project Managers
Need to register projects and manage the overall digital identity ecosystem
Field Agents
Register households and devices during distribution and monitoring activities
Technical Integrators
Connect existing systems to the Emerging platform using APIs
Verification Bodies
Validate entity credentials and verify claims
Use Cases / User Stories
Project Registration
As a Project Manager, I want to register my cookstove project on the Emerging platform so that I can create a verifiable digital record of my project activities.
- Acceptance Criteria:
- Project receives a unique DID in the format
did:ixo:entity:[unique-identifier]
- Project metadata is securely stored and linked to the DID
- Project appears in the Organisation’s dashboard after registration
- Project receives a unique DID in the format
Household Registration
As a Field Agent, I want to register households participating in the cookstove program so that I can track their participation and impact.
- Acceptance Criteria:
- Each household receives a unique DID
- No personally identifiable information (PII) is stored on the blockchain
- Household registration can be done online or offline with later synchronization
- Household appears in the project’s registry after registration
Device Registration
As a Field Agent, I want to register cookstoves distributed to households so that I can track their usage and performance.
- Acceptance Criteria:
- Each device receives a unique DID
- Device is linked to the household DID
- Device specifications and distribution date are recorded
- QR code or other identifier can be generated for physical tagging
Agent Authentication
As a Project Manager, I want to authenticate field agents so that only authorized personnel can register households and devices.
- Acceptance Criteria:
- Each agent receives a unique DID
- Agents can authenticate using mobile devices
- Agent activities are tracked and linked to their DID
- Agent permissions can be managed by project administrators
Functional Requirements
Unified Registry Identifiers (DIDs)
The Emerging platform implements standard, globally unique identifiers for all entities in the dMRV system. Decentralized identifiers (DIDs) are generated by the decentralized registry (Impact Hub public blockchain network) for each household, device, project, and agency.
Key Features:
- Globally Unique: Each DID follows the format
did:ixo:entity:[unique-identifier]
- Self-Sovereign: DIDs are issued and controlled by the Organisation that creates them
- Persistent: DIDs remain valid for the lifetime of the entity they identify
- Resolvable: DIDs can be looked up to retrieve associated information
- Verifiable: DIDs enable cryptographic verification of associated claims
Digital Twin NFTs
When a DID is created, the IXO Protocol blockchain creates a Digital Twin NFT (non-fungible token) for each real-world entity. This means:
- Data, services, rights, accounts, and claims associated with the DID can be owned and controlled by the DID owner
- The cryptographic keys associated with a DID enable authentication by its controller
- Verifiable claims can be submitted, and verifiable credentials can be issued, using the identifier as the subject
Registering an Entity
To register a DID using the platform, you can use either the web interface or the API:
Using the Web Interface:
- Navigate to the “Registry” section in the platform dashboard
- Select “Create New Entity”
- Choose the entity type (Project, Household, Device, or Agent)
- Complete the required metadata fields
- Submit the registration request
The platform handles all blockchain interactions and covers transaction fees through your platform subscription.
Using the API:
For programmatic registration, use the msgCreateEntity
function:
When using the API directly, a small transaction fee (gas) in IXO tokens is required to add this record to the blockchain.
Success Response:
Upon successful creation, you’ll receive a response similar to:
Entity Metadata
Each entity in the registry contains metadata that provides additional information and context:
Required Metadata:
- Entity Type: Specifies the category (Project, Household, Device, Agent)
- Controller: The DID of the entity that controls this identifier
- Status: Current state (Active, Inactive, Suspended)
Optional Metadata:
- Validity Period: Start and end dates for the entity’s validity
- Credentials: Array of credential identifiers associated with the entity
- Location: Geographic coordinates (for physical entities)
- Custom Properties: Additional fields specific to the entity type
Verified Status
The entity metadata includes a verified status (True or False) which may only be set by the Market Relayer account of the platform operator.
Verification Process:
- Entity is registered with initial verified status set to False
- Platform operator (Market Relayer) reviews the entity according to established criteria
- If approved, the Platform Operator sets verified status to True
- Verified status is visible in entity queries and can be used by applications
The criteria and process for verifying entities, as well as the governance procedures, are determined by the Platform Operator, which typically operates as a decentralized autonomous Organisation (DAO).
Editing an Entity’s Domain Record
The entity domain record (DID Document) can only be modified by a Controller account:
Using the Web Interface:
- Navigate to the entity details page
- Select “Edit Entity”
- Modify the desired fields
- Submit the update request
Using the API:
To update an entity’s domain record, use the msgEditEntity
function:
Only the fields included in the request will be updated; omitted fields remain unchanged.
Entity Accounts
Each Digital Twin Domain entity has one or more accounts that may hold digital assets:
Key Features:
- Asset Ownership: Entity accounts can hold tokens, NFTs, and other digital assets
- Delegated Control: Entity owner can authorize other accounts to operate the entity accounts
- Granular Permissions: Controls can be set for spend amounts, token types, and time periods
- Ownership Transfer: When entity ownership is transferred, all assets move with the entity
Adding an Entity Account:
To add a new entity account, use the msgCreateEntityAccount
function:
Adding or Removing Entity Controllers
Entity controllers have full authority to manage the entity’s domain record and accounts:
Adding a Controller:
- Navigate to the entity details page
- Select “Manage Controllers”
- Add the DID of the new controller
- Specify controller permissions
- Submit the update
Removing a Controller:
- Navigate to the entity details page
- Select “Manage Controllers”
- Select the controller to remove
- Confirm the removal
- Submit the update
Note that an entity must always have at least one controller. A controller may include a Group Account, which may have governance rights over the entity.
Transferring Domain Ownership
To transfer ownership of an entity to another controller:
Using the Web Interface:
- Navigate to the entity details page
- Select “Transfer Ownership”
- Enter the DID of the new owner
- Confirm the transfer
- Sign and submit the request
Using the API:
Use the msgTransferEntity
function:
Upon successful transfer, all entity accounts and assets are transferred to the new owner.
Authenticating an Entity
Authentication verifies that an interaction is authorized by the entity controller:
Authentication Methods:
- Key-based: Using the cryptographic keys associated with the controller
- Credential-based: Using verifiable credentials issued to the entity
- Multi-factor: Combining multiple authentication methods for higher security
Authentication Process:
- Client application requests authentication from entity
- Entity provides authentication proof using one of the registered methods
- Platform verifies the proof against the entity’s domain record
- If valid, the authentication is confirmed and access is granted
Non-functional Requirements
Security
- All DIDs must be cryptographically secure and tamper-proof
- Private keys must never be transmitted or stored unencrypted
- Authentication must use industry-standard protocols
Performance
- Entity registration should complete within 30 seconds
- DID resolution should occur in under 3 seconds
Scalability
- The registry must support millions of entities
- Performance should not degrade significantly as the registry grows
Privacy
- No personally identifiable information (PII) should be stored on the blockchain
- All sensitive data must be encrypted and stored off-chain
- Access to entity data must be controlled by the entity owner
Compliance
- The system must comply with relevant data protection regulations
- All transactions must be auditable and traceable
Assumptions & Constraints
Assumptions
- Users have basic understanding of digital identifiers and blockchain concepts
- Internet connectivity is available for synchronizing offline registrations
- Project implementers have the necessary permissions to register entities
- Mobile devices are available for field agents to register households and devices
Constraints
- Blockchain transaction fees (gas) may apply for direct API usage
- Internet connectivity may be limited in some field locations
- Entity registration requires cryptographic key management
- Some operations may require approval from multiple controllers
Appendices
Glossary of Terms
- DID (Decentralized Identifier): A globally unique identifier that doesn’t require a centralized registration authority
- Digital Twin: A digital representation of a real-world entity
- NFT (Non-Fungible Token): A unique digital asset that represents ownership of a specific item
- Controller: An entity that has the authority to manage a DID
- Verifiable Credential: A tamper-evident credential with authorship that can be cryptographically verified
- dMRV: Decentralized Measurement, Reporting, and Verification
Related Documentation
Was this page helpful?