Introduction

The new release of Polymesh introduces a feature where identities can create child identities (if they are not a child identity already). This feature is useful to represent relationships between identities.

Child identities make it easy to create multiple identities on Polymesh by letting existing users create new identities from a parent identity that inherits the parent identity’s CDD claims. An unlimited number of child identities can be created and tied to a parent's identity. Child identities can be detached from parent identities if needed on the condition that the child identity has its own CDD claim.

Child identities can be used for several use cases:

• For custodians to protect their user's assets.
• For large companies to create child identities per department or subsidiary.
• Could be used for smart contracts to protect assets it controls.

Learn more about child identities in the Polymesh blog.

Prerequisites

The child identity or identities must be the secondary key(s) of the primary key that initiates the call to create child identities.

To create secondary keys, follow one of the guides below:

• How to assign or remove a Secondary key on the Polymesh Portal
• How to assign or remove a Secondary key with the Polymesh App

How to create Child Identities on Polymesh

Create a Child Identity

Only the primary key can create child identities. The new primary key for each child identity will need to sign an authorization.

Open the Polymesh App then fill in the data:

• using the selected account: Select the account you want to sign the transaction. It should be the primary key.
• submit the following extrinsic: Select identity then createChildIdentity(secondaryKey)Click here to see this image at full resolution.
• secondaryKey: Select the secondary key that will become the primary key of the new identity.
  Click here to see this image at full resolution.

When all data are filled, click on Submit Transaction then confirm and sign the transaction with your wallet. 

Possible errors and explanations

• KeyNotAllowed: only the primary key can create a new identity. Ensure that the key which calls the function is a primary key.
• NotASigner: the secondary key is not a secondary key of the caller's identity. Ensure that the key is the secondary key of the identity.
• AccountKeyIsBeingUsed: the secondary key can't be unlinked from its current identity as it is likely a part of another identity.
• IsChildIdentity: the caller's identity is already a child identity and can't create child identities.

Unlink a Child Identity from its Parent's Identity

Child identities can be unlinked from their parent identity and receive their own CDD claim from a CDD provider.

Only the primary key of the parent or child identities can unlink the identities.

• using the selected account: Select the account you want to sign the transaction. It should be the primary key.
• submit the following extrinsic: Select identity then unlinkChildIdentity(childDid)
• childDid: Paste the child identity's DID you wish to unlink from its parent identity.

When all data are filled, click on Submit Transaction then confirm and sign the transaction with your wallet. 

Possible errors and explanations

• KeyNotAllowed: This means that only the primary key of either the parent or child identity can unlink the identities. Check if the account which signs the transaction is the correct one.
• NoParentIdentity: This means that the identity child's DID doesn't have a parent identity. Verify whether the identities are correct.
• NotParentOrChildIdentity: the caller's identity isn't the parent or child's identity. Verify whether the identities are correct.