Open Grant: External Data Access Control & Credential Module

[KirstenPomales]

Lit Open Grant Proposal: External Data Access Control & Credential Module

Name of Project: External Data Access Control & Credential Module

Proposal Category: technical-design

Proposer: @talentlayer-labs

Do you agree to open source all work you do on behalf of this grant and dual-license under MIT, APACHE2, or GPL licenses?: Yes

Project Description

Today, diverse teams building in Web3 require access to third-party off-chain data. This data is often personal in nature and touches various regulatory frameworks including GDPR. Authenticity, access control and encryption of this data is necessary - currently there are no standard methods for enabling this.

The External Data Access Control & Credential Module is a framework and developer toolkit for…

1. Connecting to existing decentralized identity (DID) systems
2. On-ramping third-party off-chain data and creating an attestation of authenticity for said data, associated with a specific DID
3. Managing access control to the third-party data

Problem:

• Many teams need to bring in off-chain personal data for use in their DAPP
• Off-chain information often includes sensitive personal data that must be accessed and controlled for regulatory compliance and privacy reasons
• There is no accessible method for teams to import off-chain personal data and natively gate access control

Solution:

• A tool and standard framework that lets developers create diverse access-controlled off-chain data attestations for their hiring use cases
• A system that can be configured to pull in data from any third-party source
• A system that can be compatible with existing DID and user identity solutions

Implementation:

⭐ External Data Access Control & Credential Module

The standard framework that lets developers create diverse access controlled off-chain data attestations for their hiring use cases. We will use Lit actions to run the serverless function to check the user's data from external data sources, and then generate credentials attesting to the data in the Lit actions. Then Lit access control will then be used to encrypt and decrypt the user's data.

The issuer: A Lit action with immutable code that connects to an external API which generates an EAS attestation The holder: Any DID Schema: The schema of the data can be configured as builders please. Privacy rule: The privacy rule should be generic, so as to be configurable by builders.

🛠️ Demo Implementation: Github Data in TalentLayer IDs

A demonstrative implementation of External Data Access Control & Credential Module; using it for importing off-chain data from Github and associating it with TalentLayer

The issuer: A Lit action with immutable code that connects to the Github API which generate an EAS attestation The holder: A TalentLayer ID Schema: The schema of the data will be compatible with TalentLayer and github API Privacy rule: The privacy rule will be as follows: If a user holds a particular NFT linked to the DID, the info is public inside the community

Value

Lit Protocol’s Goals

⭐ Increase adoption of Lit Protocol

⭐ Create new develop tools that lower barriers to entry to using Lit

Benefit: Empowers Platform Builders to Easily Use Lit

Many teams building decentralized applications need to bring in third-party personal data for use in their platform. With that said, they don’t have the tools necessary to do so. The External Data Access Control Module will allow platforms to achieve this integration in a small fraction of the time previously necessary.

Benefit: Enables GDPR Compliance for Hiring Platforms

One big issue that builders of hiring platforms face is GDPR compliance. GDPR stipulates that users must be able to remove their personal data from a platform at any point. Considering that most platforms need to import some personal data from third-party sources, storing this data on-chain without proper access control becomes problematic. Lit Protocol enables teams to handle sensitive information on-chain while also allowing users to revoke access at any point; enabling compliance.

Deliverables

Technical Deliverables

1. The External Data Access Control & Credential Module code - A configurable codebase that platforms can use to add access controlled off-chain data/credentials
2. A demonstrative implementation of External Data Access Control & Credential Module; using it for importing off-chain data from Github and associating it with TalentLayer IDs
3. Documentation on how to integrate External Data Access Control & Credential Module

Project Specification

We recommend following along the various diagram provided in our Technical Schema and Architecture diagram in Miro. View it here.

We will create a lit action template for all marketplaces and resume builders where they will add any data source and format the data in the predefined credential format, and deploy the lit action.

Then when users register on their site and request for to add their off chain data on their profile, they will call a particular lit action, to get their off chain credentials.

If users what to hide some information from public view, they can encrypt any particular credential using the lit access control.

Where the access control condition will be decided by the DAPP which is going to implement this system, but for the scope of this grant, only the holders the DID community (Talentlayer) NFTs will be able to view the encrypted credentials. But the projects implementing this system, can also choose a more sophisticated system, for example show the encrypted credentials only to people who have some previous work history with the user.

Technical Architecture

Technical Schema - view in Miro

Development Roadmap

To develop this product, we will use an approach of first creating one specific example implementation (milestone 1 and 2) and then generalizing it for various applications (milestone 3).

Each estimation of work used a Fibonacci scale. The delivery dates will be derived from the start date of each milestone.

The number of days is not the number of days of development for one person; it’s a complete estimation of how many open days will be needed from start to a fully finished and validated work, including dev, UX, ui, text, review, validation, and deployment.

Milestone 1 - Use lit action to encrypt and decrypt data.

PEOPLE:

• @yashgo0018 - application engineering
• @0xromain - architecture & engineering review

BUDGET:

• $5,000.00

TIMELINE:

• Estimated Delivery: ~20 days

PROCESS:

• Create a credential format.
• Create an express function which takes a user's off-chain user profile and gets all his available history, then formats the data in the predefined credential format. For the first example, we will use Github as the example off-chain user profile.
• Create an interface where users will be able to login and choose the platform from where they want to fetch their web2 history, initially, it would just be Github, but the individual platforms will be able to add more. For the first example, we will use TalentLayer StarterKit boilerplate as the example interface.
• Create a toggle switch, where users will be able to encrypt the credential data using the lit access control, where the access control condition will be checking if the visitor is the holder of a specific on-chain credential. For the first example, we will use TalentLayer ID as the example credential.
• Add the credentials on the user’s profile page, and if the credential is encrypted and user doesn’t hold the specified on-chain credential, then show a blur.

Milestone 2  - Use lit action to get data from user's off-chain user profile and use the lit action not the server.

PEOPLE:

• @yashgo0018 - application engineering
• @0xromain - architecture & engineering review

BUDGET:

• $2,000.00

TIMELINE:

• Estimated Delivery: ~8 days

PROCESS:

• Take the logic out of the express function, and put it into a lit action for the off-chain user profile. For this example, we will use Github as the example off-chain user profile.
• Attest the data using the lit private keys.

Milestone 3 - Develop this into a generic framework that platforms can use independently, with configurable trust scores. Write documentation.

PEOPLE:

• @yashgo0018 - application engineering
• @kirstenpomales - documentation review
• @0xromain - architecture & engineering review

BUDGET:

• $3,000

TIMELINE:

• Estimated Delivery: ~13 days

PROCESS:

• Make the lit action more generic, where platforms will be able to add their own data sources.
• Make a trust score modal, where each platform will be able to set their own matrix for calculating a trust score of the user based on his off-chain credentials.
• Make documentation for adding more data sources and using the credentials on their websites.
• Make an example application using the credentials.

Total Budget Requested: $10,000

Maintenance and Upgrade Plans

TalentLayer Labs team members and the TalentLayer open-source community work to maintain all integrations built in the ecosystem. When updates are necessary, we ship them and then work with the platforms who had integrated the prior version to seamlessly transfer over.

In the short-term, we don’t believe that this integration will require consistent maintenance, aside from possible incremental improvements down the road.

Team

Team Members

Romain Martin - @0xRomain

Yash Goyal - @yashgo0018

Kirsten Pomales - @kirstenpomales

Team Member LinkedIn Profiles

Romain Martin

Yash Goyal

Kirsten Pomales

Team Website

https://www.talentlayer.org/

Relevant Experience

Romain Martin - Technical Lead, TalentLayer

• 12 years of experience as software developer and system architect
• former CTO of sports data startup with over a million daily users
• 4 years as solidity developer and technical lead on various startups

Yash Goyal - Open-Source Contributor, TalentLayer

• 5 years as backend developer, 3 years as solidity developer
• Extensive experience building blockchain tech POCs as a freelancer
• Won 6+ blockchain hackathons in the past year

Kirsten Pomales - Executive Lead, TalentLayer

• 4 years leading teams building blockchain technology
• grew an IEEE blockchain governance research organization over 2 years to 200 opensource contributors
• founder of multiple venture backed software startups

Team code repositories

TalentLayer - https://github.com/orgs/TalentLayer/repositories

TalentLayer Labs - https://github.com/orgs/TalentLayer-Labs/repositories

StarterKit Frontend - https://github.com/TalentLayer-Labs/starter-kit

Additional Information

How did you learn about the Lit Open Grants Program?

Through David Sneider at ETH Paris.

Please provide the best email address for discussing the grant agreement and general next steps.

kirsten@talentlayer.org

[debbly]

Hey @KirstenPomales, thanks for opening this grant up!

Some additional questions - can you elaborate more on how someone might connect to existing decentralized identity (DID) systems and create an attestation of authenticity for said data, associated with a specific DID? Especially more on the implementation/dev roadmap? This dev road map goes over how you might build with for talentlayer specifically and we're interested in seeing a generalizable tool

[KirstenPomales]

Hey, @debbly the document has been updated with more information on the generalization of the module.

[debbly]

Hey @KirstenPomales, great!

We are about ready to move forward, one thing we want to note for the acceptance of the External Data Access Control & Credential Module is that it must use the new ID encrypt feature that is in the Lit JS SDK V3.

[KirstenPomales]

Would be a pleasure to use the ID encrypt feature - aligns well with our goals.

[debbly]

@KirstenPomales Awesome, we're approving the grant and will get a contract to you shortly.