Domains
In order to manage identities using OpenKeyChain, a root domain needs to be created first.
A root domain is a logical equivalent of an individual PKI. Certificates issued under a domain are not compatible with certificates issued under different domains.
Usually, a single domain represents a single organization or an application.
Representation
Each domain is a logical entity; domains and certificates are represented similarily under blockchain.
Domain Organization
Under each domain, other domains and certificates reside.
A domain with a parent as another domain is called a "subdomain." A domain with a child is called a "parent domain."
A domain without any parent is called a "root domain."
Lifecycle
Registration
In order to create a domain, a domain certificate needs to be created.
An OpenKeyChain certificate is composed of a private key and a public key pair, using elliptic curve cryptography with secp256k1 curve.
The certificate created is associated with a domain through a registration record on blockchain.
A registration record is represented as a transaction using OpenKeyChain colored coin protocol. The registration record must conform to OpenKeyChain colored coin standards in order to be recognized as one.
Revocation
In order to revoke a domain created, the domain certificate used to create the domain must be used to create a revocation record on blockchain.
If the domain has a parent domain, the parent domain can revoke the domain on behalf of the domain being revoked.
Last updated