Decentralized Identity Service

This microservice leverages EIP-4361

Introduction

Phase 1 of our decentralised identity service focuses on designing a microservice that combines user authentication, nonce generation, and user data management into a unified solution. This document outlines the architecture, workflows, data models, and benefits of the proposed microservice.

• Goals of Phase 1

  • Design a microservice that integrates Identity and User Data functionalities.

  • Implement endpoints for nonce generation and user authentication.

  • Utilize the Siwe library for cryptographic operations.

  • Ensure a user-centric and secure authentication process.

Microservices Architecture

The decentralized identity microservice is a single, self-contained component responsible for handling user authentication and user data operations. It leverages a microservices architecture to ensure modularity and separation of concerns.

Interaction with Siwe Library

The microservice interacts with the Siwe library to generate cryptographically secure nonces for user authentication. It also employs Siwe for signature verification to enhance the security of the authentication process.

Endpoints and Workflows

• Endpoint: /nonce

  This endpoint generates a nonce that users sign to prove their ownership of an Ethereum address.

• Endpoint: /login

  This endpoint facilitates user authentication by verifying signed nonces and creating new user records if needed.

Decentralized Identity Microservice

• Identity and User Data Integration

  The microservice combines the functionalities of identity verification and user data management. This integration streamlines the authentication process and ensures consistency in user-related operations.

• Data Model: User Model

  The User Model includes fields like user_id and publicKeyAddress to uniquely identify users and store their Ethereum public key addresses.

Nonce Generation and Signature Verification

• Generating Secure Nonces

  Nonces are generated using the Siwe library to ensure cryptographic randomness and security during the authentication process.

• Signature Verification Process

  The microservice employs the Siwe library to verify user signatures on provided nonces, confirming ownership of the corresponding Ethereum private keys.

User Authentication and Record Management

• User Existence Check

  Upon authentication, the microservice checks if a user record exists based on the provided Ethereum public key address.

• Creating New User Records

  If the user record does not exist, a new record is created with a generated user_id and the associated publicKeyAddress.

Benefits of a Unified Microservice

• Simplification and Efficiency

  The unified microservice design simplifies the architecture, reducing complexity and overhead in managing separate components.

• Consistency and Scalability

  A single microservice ensures consistent user data operations and allows for scalable resource allocation as needed.

Service Design

Sequence Diagram

Generating JWT Tokens

• Role of JWT Tokens

  After successful user authentication, the Decentralised Identity Microservice generates a JSON Web Token (JWT). This JWT serves as a secure token for further authentication and authorization within the microservices ecosystem.

• JWT Generation Process

  • Upon successful user authentication, the Decentralised Identity Microservice generates a JWT using a secret key known only to the microservices.

  • The JWT includes claims such as the user_id and a timestamp.

  • The generated JWT is returned to the user as part of the authentication response.

Conclusion

• Achievements of Phase 1

  Phase 1 establishes a foundational microservice for decentralised identity, providing secure user authentication and data management.

• Future Enhancements

  This phase sets the stage for future enhancements, including verifiable credentials and advanced user interactions, building upon the robust foundation established.