Identity
EWP uses Ethereum addresses as the sole identity primitive. Identity is proved by signing, not by registration.
Key Concepts
Ethereum Address as Identity
Every node has an Ethereum address (e.g., 0x742d35Cc6634C0532925a3b844Bc9e7595f3aB1d). This address:
- Is derived from a secp256k1 keypair
- Follows EIP-55 checksummed format
- Remains stable across node migrations and URL changes
No Registration Required
There is no on-chain registration, no identity registry, and no central coordinator. A node proves its identity by:
- Signing messages with its private key
- Including its address in the signed message payload
- Publishing its public profile at
/ewp/profile
Authentication
All cross-node write operations use EIP-712 structured data signatures:
{
"domain": {
"name": "epress world",
"version": "1",
"chainId": 1
},
"types": { ... },
"primaryType": "CreateConnection",
"message": { ... }
}
The receiver:
- Recovers the signer address via
ecrecover - Compares it to the identity field in the message
- Validates the signature cryptographically
Profile Endpoint
GET /ewp/profile returns:
{
"address": "0x742d35Cc6634C0532925a3b844Bc9e7595f3aB1d",
"url": "https://alice.example.com",
"title": "Alice's Node",
"description": "Personal publishing node",
"ewpVersion": "1",
"createdAt": "2024-01-01T00:00:00.000Z",
"updatedAt": "2024-06-15T12:30:00.000Z"
}
When description is not set, its value MUST be null (not absent, not "").
URL Changes
A node may change its canonical URL. The NodeProfileUpdate message type allows a node owner to broadcast URL changes to followers:
{
"ownerAddress": "0x...",
"url": "https://new-url.example.com",
"title": "Updated Title",
"description": "Updated description",
"timestamp": 1735000000
}
The timestamp must be strictly greater than the previously accepted value to prevent rollback attacks.
When a NodeProfileUpdate carries a new URL, followers MUST fetch GET /ewp/profile from the new URL and confirm the returned address equals ownerAddress. This prevents URL hijacking attacks.