User Identities
Important
This page serves to explain the basics of user identities in the context of building apps. To learn more about Verified Identities on Mercata, please visit the Verified Identities Page.
All users on Mercata have a verified User identity stored on the Certificate Registry/Identity Dapp on the Mercata Main Chain. A user’s primary identity information is contained in an authenticated X.509 certificate.
Developers should use the getUserCert SolidVM built-in to get user certificates in their smart contracts, and query the "CertificateRegistry"/"Certificate" tables in the Cirrus API to read certificate data from their application.
The CertificateRegistry application exists at address 0x509 on the Mercata Main Chain, as a nod to the X.509 Certificate standard.
Since user identities are verified and guaranteed to exist for every user on STRATO Mercata, application developers can use these X.509 certificate credentials to identify users making transactions in their apps.
In general, there 3 general places where identity needs to be accessed:
- VM/Smart Contract Logic
- Application Middleware
- Application UI
The latter two methods will both typically use the STRATO Cirrus API to query the Certificate SQL table, rather than making “getter” function calls on contract data, or accessing raw contract state of a singular contract.
Using Identity in Contracts
Developers can use the built-in SolidVM identity functions to get an address’ verified identity:
function getUserCert(_address address) returns (mapping(string => string));
This function returns a mapping containing the fields from the subject’s identity:
commonName- The account's registered Common Name (CN)
organization- The account's registered Organization (O)
organizationalUnit- The account's registered Organizational Unit (OU)
country- The account's registered Country (C)
publicKey- The account's registered Public Key
DER encoded- This is identical to the account's public key in STRATO's Vault
certString- The DER encoded string of the user's X.509 certificate
expirationDate- The Unix timestamp of the expiration of the certificate and can be parsed as an
intto be used in mathematical contexts.
- The Unix timestamp of the expiration of the certificate and can be parsed as an
Almost all of the same fields can also be queried on the Certificate table in the Cirrus API.
The tx built-in also has identity-related fields relating to the tx.origin address:
.organization- The organization of the
origin
- The organization of the
.organizationalUnit- The organizationalUnit of the
origin
- The organizationalUnit of the
.username- The common name of the
origin
- The common name of the
.cert- The certificate string of the
origin
- The certificate string of the
Identity in the Cirrus API
Since certificates are stored as Smart Contracts on-chain, their data can be accessed directly using the Cirrus API:
GET /cirrus/search/Certificate
Once Certificate data has been fetched, it can be used programmatically in the application backend to complete business logic based on real-world user credentials, or displayed in the UI to show Asset ownership information, or other data fields where real-world user information is important.