NFT is a perfect container for DID credentials, since the issuer could be regard as the authority and the holder could be regard as the identity user. And different NFTs refer to different credentials. Multi-purpose NFT is a draft RFC standard for flexible usages. It could also be used for the DID life cycle, including the authorization, attestation, revoke, renewal, and so on. Here we give a general idea about the DID adoption, and hope it could inspire more user scenarios.
mNFT protocol has a three-layered structure, including the issuer, the NFT class, and the specific NFT. The issuer could be set to the trust root, or the authority, who takes charge of identity verification. A NFT class stands for a group of NFTs with the same features, like US citizen, driving license, qualified investor, and other credentials. And the NFT itself, is the final proof that the users hold.
Authorities could permissionlessly create an mNFT issuer cell to identify itself. Then they create NFT class to identify a specific type of credential, like nationality or wealth level. The authority could send the NFT class cell to their agency to help distribute the NFT/DID attestations. After the off-chain identity verification, the agency then create and send the attestation (NFT Cell) to the end user.
The authorities record the data hash of detail information about user’s identity in the DID NFT postscript data field. Raw information is not suggested to reveal on-chain because of the privacy consideration.
To revoke an attestation or DID NFT, the authority has to publish a revoke list on-chain, instead of burning the user’s NFT. Because no one could move user’s assets without their approval, even the issuer.
The DID NFT has to be set to untransferable to prevent fraudulent usage.
Usage & Proof
To use the DIDs, one could should their DIDs to the 3rd-party institutions that need verify the user’s identity. The user sign a specific text announcement with their wallet to prove the ownership of the DID NFTs. On receiving proof, the 3rd-party instituton turns to the on-chain revoke list to check the DID availability.
To access the raw information, the 3rd-party instituton need contact with the original authorities to get the information and check it with the on-chain hash. During this process, the authoritiies aka. the DID issuer could charge commission fee for the service.