Access rights

Some spaces may be restricted to certain identity owners, for instance for private spaces, events, age-restricted content, etc.

ONCHAINID provides a framework to add proved information to identities via claims.

A space can restrict access to identities that have a specific claim issued by a claim issuer they trust (for a company workspace or example, it would probably be a claim issued by the company itself).

Claims can be added on the identity contract, however this reduces a bit the privacy and usually induces transaction fees. The relying party (e.g. game server) can directly verify the existence on the claim without additional interaction with the identity owner.

Alternatively, claims can be generated, signed and stored off-chain by the identity owner, using for instance an identity wallet or an identity companion service. In this case the relying party (e.g. game server) must request the claim content as part of the authentication flow, either before and at the same time.

A claim is made up of the following information:

const claim = {
  identity: '0x... ONCHAINID address',
  issuer: '0x... Claim Issuer contract address',
  topic: '42',
  scheme: '1',
  publicData: { /* public data (optional) */ },
  privateData: {
    random: 'Some uuid',
    /* private data (optional) */
  },
  emissionDate: "2023-02-07T16:29:26.657Z ISO date of the time of claim signature",
  data: "0x... Data of the claim (should be a hash of the public and private data)",
  signature: "0x.. Signate of the claim (signature of a hash of the identity, claim topic and claim data)"
};

To verify a claim, the relying party must call the method isClaimValid() on the Claim Issuer smart contract.