Profila / Catalyst

Cardano Catalyst funded projects - documentation, project management & code
1 stars 0 forks source link

[RFW0004] User Registration and Identification via PRISM #1

Open ProfilaMitchell opened 2 years ago

ProfilaMitchell commented 2 years ago

Table of Contents

Housekeeping

Make sure to clearly understand Type-A and Type-B requests, and the relavant limitations. Failling to follow the guidelines pertaining to the two acceptable types of RFWs will automatically lead to disfqualification of the RFW.

Take time to complete each section below with as much detail as is required to establish a comprehensive understanding about the underlying product specification.

ALL BELOW FIELDS ARE REQUIRED

The Problem

There is currently no DID creation when a user registers on Profila

User Story

As a Profila user I want to create a DID through Profila so I can use the platform

Request Type A/B

Type B

Owner

Mitchell Goudie

Summary

The issuing of DIDs (Decentralized identifiers) and verifiable credentials is being introduced to the Profila registration and sign-in process for people and brands.

Is This Really Necessary?

Privacy and agency is a core Profila promise to people, and Profila aims to guarantee to people that any brand on Profila is verified and real and Profila promises brands that only real, verifiable people are on the Profila platform. To deliver these promises it is the "best way" to implement verifiable digital identities for both people and brands on Profila using a next generation trust infrastructure like Atala Prism coupled with Magic Link.

Motivation

By implementing a verifiable digital identity for people and brands on Profila we deliver on the promise of ensuring people interact with real brands and brands interact with real people, and can share information that is from a trusted and verified source. The scope of this request:

Named Concepts

Examples, Risks & Assumptions

  1. Explain concretely what will manifest as a result of this RFW.
  1. Explain how is it different from what is already manifesting i.e. what we already have?
  1. Explain what Profila users/brands will experience as a result of this RFW. How will they feel as a result of it? How will they benefit as a result of it?
  1. If applicable, provide sample messages for any new messages the system will display as a result of this RFW.
  1. Define what is out of scope in this request.

The UI implementation of the registration process for both brands and users is out of scope, housed in respective RFWs

  1. What are the data protection, privacy and security assumptions made for this request (example, should this be GDPR, HIPPA (healthcare), NIST compliant etc. - Speak to Michiel or Ipek!)

Identity management security risks such as:

  1. Explain how this user story will be supported (i.e customer support - if the user story fails technically, how will the user be supported).

Support Flow If the user cannot register successfully at any point in the flow, they will need to contact Profila to notify them of this issue, as well as have the issue resolved.

User Logic

Tech Support Logic

  1. Explain how this user story impacts revenue or billing (if applicable).
  1. State any additional risks identified as a result of this user story.

Success Metrics

Once the user or brand registers on the platform, a P-DID or B-DID is created respectively

Conceptual Design

NOTE: These steps do not account for the use of 'Magic Link' like technology within the registration process (link used to sign in/register, no password is created)

User Registration Flow 212701454-cd7124e2-8a6d-41c4-8be0-c77154e293bd

Brand Registration Flow 212701706-77f206fa-deb7-4354-a0d2-36cff95b6367

Drawbacks

The use of MagicLink with Atala mandates the creation of a DID for the user or brand. The drawback resulting from this is that this DID would be separate from an existing Atala DID that the user has. The amalgamation of DIDs is not currently possible, however it does not pose any drawback in relation to usability of the platform.

Alternatives

There are DID technologies which provide more autonomy for the user (managing their own seed phrase and keys), however, seed phrases hinder initial sign up and ease of use for users. This has been evaluated and resulted in the use of MagicLink with Atala Prism which enacts Profila as the custodian of the user's private keys.

New Data

A Profila ID - each person and brand will be assigned a Profila platform ID that will become the platforms unique identifier per person and brand. TBD if this is the DID, as DIDs may not be used by all users/people or brands. (ISS: DIDs must be used by all end users)

Verifiable credentials of people and brands - min and desired credentials TBD for people and brands

Public keys and private keys for the person and brand that are managed by Profila

Business release date

A rough timing for the planned release for the specification possibly resulting from this request.

Delivery of the full DID scope is requested by the end of Q4/December 2022. The Profila registration and sign-in process, upon which this RFW depends, is requested by the start of Q4/October 2022.

IpekSahiner commented 1 year ago

User Flow Diagram for the user (Individual) and Brand registration: Team please review: @shawnjensen @MichielVanRoey @parhelium @ProfilaMitchell @lucasbragg RFW0004  User Registration and Identification via PRISM #1_Brand Registration