ethereum-oasis-op / baseline-grants

The Baseline Protocol has a yearly grant program for funding various R&D initiatives, implementation developments, and other community projects. This repo is used to track grant applications, bounty ideas, and payment requests for grant work.
19 stars 22 forks source link

[GR] BL Grant Proposal RFP #1 - Incorporating DIDs and VCs into Open-Source Digital Asset Wallets #69

Closed cybereum closed 2 years ago

cybereum commented 2 years ago

DIDs and VCs for Open-Source Digital Asset Wallets as a service using DAO

Details on Grant Work

We will outline a scheme and method for incorporating W3C Decentralized Identifiers (DIDs) and W3C Verifiable Credentials (VCs) as for identity and credential authentication with the Baseline Protocol Standard. The architecture will describe universal VC and DID custodial schemes for Web3 non-custodial wallets. We will focus on implementing a VC for the Baseline protocol. We will create a minimal viable ecosystem (MVE) and build the pilot solution for this implementation. Our goal is a transparent and participative model where DID/VC holders, issuers, and verifiers can partake in the governance, voting, and evolution of the identity structures that they use. The baseline community will become a decentralized business network where VCs are participatively verified. We envisage non-fungible identifier tokens issued by DAO specific to each VC use case. The DAO will possess transparent governance and authentication rules. Governance tokens will be held by the issuing bodies and may also be held by issuers and verifiers depending on the VC use case. However, along with the rules, token ownership and voting will be transparent. A public registry will maintain the identity tokens and their associated public keys such that the association is revealed to verifiers to whom the identity holder grants access. This system will constitute a Decentralized Public Key Infrastructure (DPKI) for the Baseline Protocol and for other enterprise use cases where VCs are required.

Motivation and Overview

Identity is a lynchpin of a decentralized ecosystem. Several use cases are being held back from realization because of the absence of a dependable universal solution for demonstrating or proving identity.

In the case of credentialing for commercial and regulatory purposes, combining transparency with privacy, and decentralization with authority are key challenges. We look at the balance between these factors and propose DAO for authenticating participants in business processes. The key entities involved in the Scheme are:

All these entities will hold authenticated identities or VCs in the form of non-fungible identity tokens (NFIT). In the typical verification use case, an entity acting as a verifier will divulge its identity NFIT to the holder whose identity it is verifying.

Scheme We will describe a general scheme for using DAO to authenticate and issue VCs with transparency and security. We will describe a method to VC that can work with the Baseline Protocol. Design of Identity DAO for the VC use case will be customized for that use case. As with the recent NHS implementation for digital passports (Implementing Self-Sovereign Identity (SSI) for a digital staff passport at UK NHS, M. Lacity et al. 2022), we plan to use the Sovrin Network to allow authorized verifiers to verify digital credentials by querying the public distributed ledger without requiring a trusted third party. The nonprofit Sovrin Foundation manages the Sovrin Network, providing support for the network’s open-source governance, operations, and community engagement.

Fig1 Fig. 1 - VC/DID Token issue

Fig2 Fig. 2 - VC/DID Token verification (one possible scheme)

The properties of the DAO are as follows:

Token Design The NFIT token design will be specific to the VC represented by the DAO. It will implement W3C Decentralized Identifiers (DIDs) and W3C Verifiable Credentials (VCs). The NFIT will aspire to transitive trust, so that other enterprise use cases outside of Baseline may use it for credentialing in their projects. The W3C defines a verifiable credential as “a tamper-evident credential that has authorship that can be cryptographically verified.” The properties of the VC are as follows:

  1. Tokenized identity: The VC is a non-fungible identity token (NFIT)
  2. Sovereignty: It is stored in the User’s wallet or in a decentralized storage system such as IPFS where access to verifiers is only possible with the holder’s consent. The token becomes the holder’s Self-Sovereign Digital Identity
  3. Portability: The VC can be shared outside the Baseline ecosystem
  4. Persistence: The Tokens are stored on the blockchain or in a decentralized file system.

DAO Rules Every participant has: 1 non-fungible identity token (NFIT) and a fungible governance token. Thus, every identified participant has a stake in the governance of the identity It must be noted that for other VC DAO, the governance tokens may only be held by governing and issuing authorities. For instance, for university diplomas, a plurality of governance tokens may be held by university authorities. Upon the expiration of the term, a transaction is automatically triggered for an extension. While decentralization is important for DID, a strongly federated structure is more apt for VCs which will be reflected in the DAO design for Baseline Credential management. DAO VC implementation will depend on the use case. As required by the Baseline CORE Specification, the credential holder proves control over the VC used in a BPI to a verifier by explicitly granting access.

We are discussing tokens to be used for the implementation. Tokens that we can use 1) for the NFT identity token (ERC 725 Ethereum Identity Standard, or ERC-721/ERC-1155), and 2) for the governance (ERC-20 or ERC1155). We are open to suggestions from the community.

Value to the Baseline Protocol

Business Processes (BP) integrated with identity requirements are key parts of the Baseline Protocol. Our reference implementation will be for a strongly federated identity and credential management for the Baseline Protocol. We will build a DAO that can authenticate participants in business processes. It will verify and grant identity VC tokens to participants in a Baseline Protocol Instance (BPI) such as firms. As a new BPI is created participants are identified by their NFIT VC to be added to it. In a project signed transactions are traceable to real-world entities by counterparties.
All of the entities that possess an NFIT will also possess a governance token to participate in the functioning of the Baseline DAO.

Downsides / Execution Risks / Limitations

DAO is a step out from most DID schemes that are being explored. DAO governance issues are still emerging and not fully understood.

Deliverables / Schedule / Milestones

There are 2 types of VC that we would like to deliver. We will deliver a VC scheme using DAO which authenticates users by verifying user claims about their credentials in order to participate in a BPI. We also plan on creating a second DAO when a VC DAO for the issue of tokenized University Diplomas.

Fig3 Fig. 3 - DAO for VCs

Budget and Justification

We assume that a minimum of 2 man-months by 2 people is required for the work in this grant. Assuming a 50% absorption, the work will be completed over a period of 4 months. Budgeting 45 USD/hour for the developers leads to a project budget of 30,000 USD.

Applicant Background

Therecanbeonlyone1969 commented 2 years ago

@cybereum -> if this is a proposal to meet the requirements of the RFP from Issue #63, then it missed the intent of the RFP.

In a nutshell, the RFP asks for a wallet that allows the user to manage their keys for DIDs, VCs, and Digital Assets together. Ideally, the key controlling a digital asset is also linked to a DID which is referenced in one or more VCs that establish legal identity, represent a KYC outcome, as well as an AML check for SOFs.

Such that a user has a wallet that works for both identity and asset use cases as well as the combination of both as I outlined above.

We had a grant that integrated did:elem and VCs into BRI1 -> @kthomas please, elaborate a bit more if you could.

kthomas commented 2 years ago

Thanks for the feedback @Therecanbeonlyone1969

I met with @cybereum earlier today and am working to get a few @theosirian PRs rebased (i.e., https://github.com/provideplatform/ident/pull/10 and https://github.com/provideplatform/provide-cli/pull/16).

After those are rebased and merged (@theosirian 🙌🏻 ) we can properly document and surface this work within BRI-1 and the core client API (in the core baseline package).

This work is fantastic and should absolutely be surfaced. It also involved integrating didkey into Vault... i.e., https://github.com/provideplatform/vault/tree/feat/didkey-wip-rebased

Ticks literally all the boxes for the awarded grant. I will make sure we marshal it the rest of the way, as I have mentioned multiple times @Therecanbeonlyone1969

I can attempt to present on the current state of the rebase/merge and confirm it can be run within the robust e2e test suite within the BRI-1 reference implementation at the next convening of the TSC. We could then discuss alignment on what is needed for the current outstanding grant topics and how to optimize these next awarded grants.

I hope this helps for today :) 🙏🏻

GoldenBit0 commented 2 years ago

7/25/22:

Ananth: This should be parked for now. There should be a discussion on how baseline will handle VCs. Wants to open the discussion on how to go about including VCs. The time is not right, and this should be reopened once there is more input. However, VCs are extremely important

GoldenBit0 commented 2 years ago

view BLIP going forward - https://github.com/eea-oasis/baseline-blips/issues/29