Skip to content

Identity Contracts


This section is intended to guide you through all the functionalities offered by the Identity contracts. First, lets recap the types of contracts and how they are related and finally explore what we can do with them.


In the current state contracts are available for ethereum networks.

General assumptions

  • Device: This document supposes a user/entity accessing the contract through any device like a computer, mobile phone, tablet, IoT device, remote server. Later in this document the term device refers to any of the mentioned here.

  • User: The end user who creates their digital profile identifier either through the IndetityManager or direclty by deploying an instance of the Proxy smart contract.

Types of contracts

Two contracts are used in order to create and manage identifiers.

Proxy contract

The Proxy smart contract **represents a DID. This contract Allows to:

  • Set one or more ethereum addresses as the owner/owners of a proxy instance.

  • Allows to forward any message to any other contract in the network where the proxy contract has been deployed.

  • You are totally free to deploy a proxy contract instance without depending of any other contract. When it is done you can set an address as the owner of that contract.

  • Another way to deploy a proxy instance is by using an Identity Manager contract. The identity manager is explained in the next section.

  • Forward any message to any other contract. This is the main method in this contract.

Interested to see all the details about the Proxy contract?. Please refer to the following documentation

Identity Manager contract

This contract is aimed to be used as a layer of abstraction when making actions related to your identifier. Later in this document called IM. This contract is not owned or administered by anyone.

Authorization levels in the Identity Manager Contract

The following authorization levels are currently supported in the Identity Manager contract:

Those levels can be applied to any device with a configured private key.

  • fw: Allows the device to forward messages through the IdentityManager contract.
  • auth: If assigned to a certain device you can create an offline logic that includes querying to the IM contract if the device has authentication capabilities; it allows developers perform authentication processes.
  • devicemanager: Allows to add a new device from which the user can access their profile.
  • admin: A user with this capability is able to transfer its proxy instance to a new IdentityManager.

Available actions in the Identity Manager

Those actions can be categorized in three groups:

Identity lifecycle through the Identity manager

Administrative actions

  • Add/Remove capabilities to a device
  • Check capabilities a certain device is granted in the Identity Manager Contract.
  • Forward messages through the IdentityManager: The identity Manager serves as a proxy to deliver messages to any existing contract in the network when the Identity Manager contract lives.

Identity Manager contract deployment

  • The IdentityManager contract can have many flavours. In this version we use solidity in order to make it deployable on ethereum networks.

  • As a developer who want to use the Kaytrust solution you do not need to deploy the IdentityManager contract, instead simply consume its methods though our available Kaytrust SDKs: