The did:drop method is a Decentralized Identifier method designed for verifiable, autonomous drone delivery and geospatial logistics.
It binds a digital identifier (did:drop:<AppID>:<MissionID>) to a pointer—a Content Identifier (CID)—which references a W3C DID Document stored on a decentralized storage network (IPFS/Arweave).
It utilizes the Algorand blockchain for high-speed, low-cost verifiable state management of these CIDs. This structure establishes a verifiable link between an on-chain ledger record and a standardized off-chain document.
Access to the actionable coordinates requires an authorized party to resolve the DID and cryptographically verify the integrity of the fetched Mission Plan.
The DID format specifies a unique mission plan tied to a specific controller’s application registry:
did-drop = “did:drop:” app-id “:” mission-id
did: Required URI scheme identifier.drop: The method name.app-id: The Algorand Application ID of the controller’s Mission Plan Registry smart contract.mission-id: A unique, application-specific identifier (e.g., a hash or UUID) used as the Box key to retrieve the CID pointer on Algorand.Example:
did:drop:4839201:ORDER-9876-ALPHA
missionEndpoint property.backyard@alias) with the HRAL, mapping it to the full did:drop:4839201:ORDER-9876-ALPHA.To resolve a Mission Plan DID and retrieve actionable coordinates:
did:drop string.verificationMethod or controller state).missionEndpoint property.Note: The resolver receives the complete, verifiable Mission Plan Document which contains the usable coordinates.
The controller sends a DeleteApplication transaction to destroy the Mission Plan Registry smart contract. Alternatively, the controller sends an ApplicationCall to the Registry to explicitly delete the Box record for the MissionID.
The data model is split to leverage the strengths of the ledger (trust anchor) and decentralized storage (data availability).
missionCID (String/Byte Array): The Content Identifier (CID) pointing to the off-chain Mission Plan DID Document.controllerAddress (Address): The Algorand address of the controller who registered the mission.missionEndpoint (Object): Contains the actionable delivery data.| Property | Type | Description |
|---|---|---|
| id | DID | The full did:drop:<AppID>:<MissionID> being resolved. |
| controller | DID | The identity of the party that signed/created the document. |
| verificationMethod | Array | Key material used for cryptographic proof. |
| missionEndpoint | Object | The core payload. Must contain the delivery coordinates and mission parameters in plaintext. |
This protocol enforces cryptographic proof that the resolving party is authorized to consume the specific Mission Plan data.
did:drop:<AppID>:<MissionID> (Steps 1-4 of Read).The security of the did:drop method relies heavily on the proper management of cryptographic keys. Two distinct categories of keys are utilized in this specification:
• Usage: Required to Write (create, update, delete) the DID Box record on the Algorand blockchain. • Risk: Compromise of this private key allows an attacker to change the CID pointer, effectively hijacking the DID to point to a malicious Mission Plan. • Mitigation: Controllers should utilize hardware wallets or secure key management services (KMS) for the Algorand account that controls the AppID registry.
• Usage: Required to Sign the off-chain JSON-LD document. This key pair ensures the integrity of the landing coordinates. • Relationship: While the Controller’s Algorand address may serve as the verification method, the spec allows for key rotation where the signing key differs from the ledger update key. • Verification: Resolvers (UAVs) must strictly validate that the signature on the fetched JSON document matches the public key declared in the DID’s verificationMethod.
A critical security consideration is the binding between the on-chain pointer and the off-chain payload. • Immutable Linking: Because the Algorand Box stores the CID (Content Identifier), and CIDs are cryptographic hashes of the content, the off-chain data cannot be tampered with without changing the CID. • Anti-Spoofing: If an attacker uploads a malicious document to IPFS, they generate a new CID. Unless they also possess the Algorand Transaction Key to update the Box storage, the Resolver will simply ignore the malicious file as it does not match the authorized on-chain pointer.
The MAT protocol prevents replay attacks and unauthorized usage of valid DIDs. • Replay Protection: The MAT must rely on a zero-value transaction or logic signature that includes a current block round or timestamp. Resolvers must reject MATs that are outside a valid time window to prevent old authorizations from being reused.
Controllers must distinguish between availability and confidentiality. • Public Storage: Data stored on decentralized networks (IPFS/Arweave) is globally accessible and immutable. Even if the Algorand Box pointer is deleted, the historical data remains on the storage network. • Plaintext Warning: This specification currently describes the missionEndpoint coordinates as plaintext. Consequently, any party that resolves the DID and fetches the CID can view the landing coordinates. • Recommendation: If the mission parameters (e.g., specific customer location) are sensitive PII (Personally Identifiable Information), the Controller MUST encrypt the payload within the missionEndpoint object. In this scenario, the DID Document contains ciphertext, and only the authorized UAV holding the corresponding decryption key can read the coordinates.
• Ledger Correlation: The Algorand blockchain is a public ledger. Patterns of updates to specific MissionIDs can be correlated to track the frequency of deliveries by a specific Controller. • Identifier Persistence: The mission-id is a persistent identifier. To preserve privacy between distinct missions, Controllers are encouraged to generate unique MissionIDs (UUIDs) for every new order rather than reusing IDs, preventing external observers from building a history of a specific “slot” or “box.”
• Ledger Data: The did:drop method stores no PII on the ledger, only random identifiers and CIDs. • Off-Chain Data: Because IPFS/Arweave may not support deletion, Controllers must ensure that no immutable PII is embedded in the DID Document. If PII is required, it should be stored in a private, off-chain database referenced by the DID, rather than in the DID Document itself.