What is a NYM and how does this relate to a VERINYM

Question

In the Hyperledger Indy docs and code I often see reference to a NYM but I cannot find a clear description of what this means including in the official glossary.

What is a NYM and how does this differ from a VERINYM?

Answer 1

DID's are broadly classified as Verinym or Pseudonym.

Creation of a DID that is known to the ledger is know as a Verinym, and the transaction used for creating a Verinym is known as a NYM transacition.

Check the getting started tutorial for more details.

Answer 2

There is additional information about NYMs available from the documentation here (on hyperledger-indy.readthedocs.io) and here (github.com):

So from the second link:

NYM

Creates a new NYM record for a specific user, endorser, steward or trustee. Note that only trustees and stewards can create new endorsers and a trustee can be created only by other trustees (see roles).

The transaction can be used for creation of new DIDs, setting and rotation of verification key, setting and changing of roles.

• dest (base58-encoded string):

Target DID as base58-encoded string for 16 or 32 byte DID value. It may differ from the from metadata field, where from is the DID of the submitter. If they are equal (in permissionless case), then transaction must be signed by the newly created verkey.

Example: from is a DID of a Endorser creating a new DID, and dest is a newly created DID.

• role (enum number as integer; optional): Role of a user that the NYM record is being created for. One of the following values
  • None (common USER)
  • "0" (TRUSTEE)
  • "2" (STEWARD)
  • "101" (ENDORSER)
  • "201" (NETWORK_MONITOR)

A TRUSTEE can change any Nym's role to None, thus stopping it from making any further writes (see roles).

• verkey (base58-encoded string, possibly starting with "~"; optional):

Target verification key as base58-encoded string. It can start with "~", which means that it's an abbreviated verkey and should be 16 bytes long when decoded, otherwise it's a full verkey which should be 32 bytes long when decoded. If not set, then either the target identifier (did) is 32-bit cryptonym CID (this is deprecated), or this is a user under guardianship (doesn't own the identifier yet). Verkey can be changed to "None" by owner, it means that this user goes back under guardianship.

• alias (string; optional):

  NYM's alias.

If there is no NYM transaction for the specified DID (did) yet, then this can be considered as the creation of a new DID.

If there is already a NYM transaction with the specified DID (did), then this is is considered an update of that DID. In this case only the values that need to be updated should be specified since any specified one is treated as an update even if it matches the current value in ledger. All unspecified values remain unchanged.

So, if key rotation needs to be performed, the owner of the DID needs to send a NYM request with did and verkey only. role and alias will stay the same.

Example:

{
    "ver": 1,
    "txn": {
        "type":"1",
        "ver": 1,        
        "protocolVersion":2,

        "data": {
            "dest":"GEzcdDLhCpGCYRHW82kjHd",
            "verkey":"~HmUWn928bnFT6Ephf65YXv",
            "role":101,
        },

        "metadata": {
            "reqId":1513945121191691,
            "from":"L5AD5g65TDQr1PPHHRoiGf",
            "digest": "4ba05d9b2c27e52aa8778708fb4b3e5d7001eecd02784d8e311d27b9090d9453",
            "payloadDigest": "21f0f5c158ed6ad49ff855baf09a2ef9b4ed1a8015ac24bccc2e0106cd905685",
            "taaAcceptance": {
                "taaDigest": "6sh15d9b2c27e52aa8778708fb4b3e5d7001eecd02784d8e311d27b9090d9453",
                "mechanism": "EULA",
                "time": 1513942017
             }
        },
    },
    "txnMetadata": {
        "txnTime":1513945121,
        "seqNo": 10,
        "txnId": "N22KY2Dyvmuu2PyyqSFKue|01"
    },
    "reqSignature": {
        "type": "ED25519",
        "values": [{
            "from": "L5AD5g65TDQr1PPHHRoiGf",
            "value": "4X3skpoEK2DRgZxQ9PwuEvCJpL8JHdQ8X4HDDFyztgqE15DM2ZnkvrAh9bQY16egVinZTzwHqznmnkaFM4jjyDgd"
        }]
    }

}

Answer 3

A NYM (short for “Verinym”) is associated with the Legal Identity of an Identity Owner and is a Hyperledger Indy specific term for a data object, which holds DID data of one concrete identity returned during DID resolution. While a NYM can be read from a Hyplerledger Indy Node by any client, a NYM can only be written to a Hyperledger Indy network as long as the writing entity possess the proper permissions.

From the page: https://hyperledger.github.io/indy-did-method/

Answer 4

I have the same question when I just get into the code. Then I found this in an English dict website:

nym = nim = nom = name

for example: pseudonym :)