Notary Application: Keyko

[aaitor]

Notary Application

PLEASE NOTE ANY APPLICATION SUBMITTED BEFORE THE FINALIZATION OF THE GOVERNING FIP OR THIS REPO WILL BE DISCARDED

A copy of this application can be found here: https://docs.google.com/document/d/1N0shBH7-GTcGU_O0QXEx-XlmEJeAWKHbT9sMlKC6-d8/edit?usp=sharing

To apply as a notary, please fill out the following form.

Core Information

• Name: Keyko GmbH
• (Optional) Affiliated Organization:
• Website / Social Media: www.keyko.io
• On-chain Address(es) to be Notarized: f2m6qyszn47pd35bqs46on3ebwoo7fd242gog2gbq
• Region of Operation: EU
• Use case(s) to be supported: Personal user storage; datasets made available via Nevemined, Keyko’s in-house built data sharing solution with IPFS integration. (Nevermined is domain agnostic, so can pull in assets from anywhere.)
• DataCap Requested: 500TB

Please respond to the questions below in pargraph form, replacing the text saying "Please answer here". Include as much detail as you can in your answer!

Long Term Network Alignment

Time Commitment

Describe the nature and duration of your affiliation with the Filecoin project. Please include relevant Github handles, miner ids, significant projects or contributions (with links).

As an organization, Keyko has been engaged directly with the Filecoin project since July 2020. Protocol Labs reached out to the Keyko team to build the Verified Clients application for the Filecoin ecosystem. During this project we have implemented a critical solution for the allocation of DataCap to Verified Clients. Given that Verified Clients influence the quality multiplier attached to rewards, Verified Clients will have a significant role in influencing quality of the Filecoin network. To be trusted to execute this project is an honor. 
The development of this functionality has led to modifications of core actors as well as Lotus. In addition, Keyko has provided configuration and tools to handle multisig accounts and implemented, from the scratch, different libraries, frontend applications, backend services, and design flows based on github issues and automation capabilities.

The Keyko team members (with corresponding Github handles) that have been involved in the Verified Client project are: Dimitri de Jonghe (https://github.com/diminator), Aitor Argomaniz (https://github.com/aaitor), Don Gossen (https://github.com/dgossen), Jose Pablo Fernandez (https://github.com/josepablofm78), Jernej Pergelj (https://github.com/jernejpregelj), Sami Makela (https://github.com/mrsmkl), Tian Yuan Zhao (https://github.com/tosfan4ever) and Ivan Alberquilla (https://github.com/ialberquilla). The project repos are here: https://github.com/keyko-io?q=filecoin&type=&language=. 
Prior to this engagement, the majority of Keyko’s engineering team were core developers and co-founders of Ocean Protocol. During this time, the team worked with integrating IPFS into the core Ocean Protocol stack. 
As a team and across organizations over time, we have fostered a relationship with Juan Benet to push the boundaries of data usage in the Web3 space. 
A number of individuals on the team are also FIL holders.

Stake Exposure

Please cite total token at stake (currently available, locked as collateral, vesting over time) and any substantiating evidence.

Currently the only token holdings are held privately by individuals on the team. Keyko does not currently retain any FIL.

Industry Reputation

In-protocol Reputation

Please describe (in detail) your activity and tenure as a member of the Filecoin community. Please note (with links where possible) any contributions made to implementations of Filecoin, the spec, documentation, or to substantially help the Filecoin ecosystem grow.

Over the last 6 months, the Keyko team has contributed to the definition and implementation of one of Filecoin’s core functionality for Verified Clients, including the role of Notaries. Keyko’s contributions are summarized below:

**Frontend App**

* Root Key Holder View - This allows RKH to propose new Notaries and approve proposals from others. These actions require the use of a Ledger wallet to sign messages (transactions) in a safe manner. Also the RKHs can get a list of current Notaries along with their remaining DataCaps.
* Notary View -  This allows Notaries to get a list of pending requests of DataCap from clients and, after checking the information provided, verify the client onchain and assign the requested DataCap. This also requires sending signed messages using the wallet.
* Client onboarding - The people or organizations interested in uploading data to Filecoin as Verified Clients have a landing page where they will be directed to the correct flow to request DataCap depending on their needs. 

**Github Flows**

One of the main goals of the verification process is traceability and auditing, so the requests and the final decision of the notary are made in a transparent way for the community. To achieve this, the verification request flow, the notary assignment and the final decision are based on semi-automated Github issue templates that are also integrated with the frontend to help ease the work of notaries.

**Automated Verification**

Filecoin has a rich ecosystem of apps built around its core functionalities. These apps also have their own users that can upload data to Filecoin in a transparent way. Consequently, the users of these apps also need to be verified. However, the manual flow provided by the notaries doesn’t fit the needs of these apps.

Taking into account that these apps have their own registration process, we can conclude that these users are trustworthy enough to be verified and assign them enough DataCap to use the app. For these cases, Keyko has implemented microservices that allow apps to request DataCap on behalf of their users in an automated fashion.

The majority of Keyko’s work on Filecoin can be viewed in Github.

The Keyko team made contributions to the spec actors and to Lotus, as well as to the Verified Clients application that will help secure DataCap within the network. 
Specifically, the following PRs were made:
- https://github.com/filecoin-project/lotus/pull/3164  
- https://github.com/filecoin-project/go-fil-markets/pull/332  
- https://github.com/filecoin-project/lotus/pull/3002  
- https://github.com/filecoin-project/lotus/pull/2480  
- https://github.com/filecoin-project/lotus/pull/2440  
- https://github.com/filecoin-project/lotus/pull/2405 
For more information into the spec actors and Lotus contributions, please reach out to Sami Makela.

In-protocol Security

Please describe your contributions to the security of Filecoin and the duration over which you've made contributions. Please also include any links or references who might be able to substantiate your contributions (e.g. if you've filed several bugs, please cite who you've communicated with on the Filecoin side).

The Verified Client solution is designed to help ensure that the storage made available by the Filecoin network is put to proper use and that desired work is suitably rewarded. Viewed holistically, the Verified Client solution is a security implementation for Filecoin. Consequently, the work that the Keyko team has done on this solution will help secure the network. 

External Reputation

Please describe the nature of your organization, including the country of registration, size of the organization, and time since inception.

Keyko is a Swiss based technology company focused on promoting the growth of Unstoppable Digital Ecosystems. We offer unparalleled expertise in the creation and application of large scale data sharing technologies, and are a leader in leveraging decentralized open source platforms like Ethereum, Celo, etc. 
Keyko has a proven track record delivering complex data sharing solutions encompassing access control, blockchains, smart contracts, Big Data, regulatory compliance, data governance and scalability. Keyko has bootstrapped itself, starting in September 2019, and has grown to 22 passionate team members.
Over a span of less than two years, the team at Keyko has directly launched, or helped launch, three major networks, including Filecoin, Celo, and Ocean Protocol. We’ve also been engaged heavily in the DeFi space, including building and managing Bancor’s governance DAO for their v2 impermanent loss-immune AMM. We are also engaged with a number of large Web2 organizations like Orange, KLM, and Shell, to merge Web3 tech with existing Web2 capabilities.
Lastly, we have incubated a number of products, including Nevermined. Nevermined is the world's first enterprise-grade data sharing ecosystem, designed to "pierce the corporate veil" and allow organizations of all shapes and sizes to securely discover, share, and accrue value from their data by opening up their assets for others to use, either internally or externally to your organization. It includes built in Federated Learning capabilities, as well as remote computation orchestration so you can run analytics remotely on secure 3rd party data assets. In addition, we built a governance application that facilitates decentralized/remote voting on ecosystem proposals which seems to be generating good traction given the current macro conditions.

Please share any relevant details to help substantiate information about your organization (website, named officers, links to social media profiles).

- Website - https://www.keyko.io 
- Named Officers: Donald Gossen, MD & CEO; Mark Messow, MD
- Management LinkedIn Profiles
  * Don Gossen
  * Aitor Argomaniz
  * Dimitri De Jonghe
  * Brian Haacke
  * Mark Messow

Please share any relevant external information regarding your organization (e.g. news articles, social media profiles, etc.)

**Keyko**

- Blog Posts - https://medium.com/keyko
- LinkedIn - https://www.linkedin.com/company/keyko-gmbh 
- Twitter - https://twitter.com/keyko_io 
- Open Source Github Repo - https://github.com/keyko-io 

**Nevermined**

- Website - https://www.nevermined.io/
- Blog Posts - https://medium.com/nevermined-io 
- LinkedIn - https://www.linkedin.com/company/nevermined 
- Twitter - https://twitter.com/nevermined_io 
- Open Source Github Repo - https://github.com/nevermined-io

Diversity and Decentralization

Use Case Diversity

(Optional) Any additional information you'd like to share about the use case(s) you plan to support?

We plan to support multiple use cases with the main intention of making data available for Keyko and Nevermined users. The main use cases we would like to provide are:
a. Use Filecoin as a repository for data assets. Nevermined (Keyko product) makes existing data in traditional silos (cloud and on-premise repositories) available for consumption. We believe that adding support to Filecoin would allow data providers and data scientists to make better use of this data without relying on centralized infrastructure providers like Amazon or Google Cloud. 
b. Nevermined supports solutions where the algorithm and computation workflow developed by a data scientist can be executed where the data resides (aka DISC - Data In-Situ Computation). The integration of Nevermined and Filecoin would allow data scientists to run computation natively in a miner’s infrastructure, allowing them to be data and compute providers at the same time.
c. At Keyko, we work to bring decentralized capabilities to existing solutions. We are working in different ways with different kinds of NFTs to digitally represent a physical asset. It would be very interesting to us to on board existing offchain assets into Filecoin and proxy those assets via NFTs or NTT (Non Transferable Token). 

Allocation Plan

Concreteness of Allocation Plan

Allocation Strategy

How do you plan on allocating the DataCap requested above? Please describe your allocation strategy with as much specificity as you can.

DataCap’s analog in the traditional finance and commodities space is credit. Credit is issued to known counterparties with established history, with the credit amount signifying the counterparty’s “quality multiplier” within that domain space. Treated in a similar fashion, Keyko can leverage existing Credit Risk analysis methodologies and, if necessary, software products for our own “DataCap Risk” assessment requirements. 
In a more orthodox setting, formulating a credit risk model requires a conservative outlook while precedent is established. Correspondingly, Keyko initially plans to take a relatively reserved approach and engage only with known parties to our ecosystem. In particular, we will approach users of Nevermined like KLM, Shell, UBS, Orange, etc., as well as Keyko partners like Polar Squad, Outlier Ventures, etc., to leverage our DataCap. This approach will limit exposure to malicious behavior and should provide a solid foundation to test the allocation processes. 
Once comfortable with the baseline allocation processes, Keyko will begin to advance its allocation strategy by employing a scored based DataCap assessment model. Similar to a credit scoring model with tiering or grading assignments, like FICO scores from B- to A+++, Keyko will create a model based on assessable parameters such as requested allocation amount, historical activity, previous satisfactory dealings, and reputation signals within the network. To begin with, leveraging a decision matrix, like the one developed by Jonathan, will assist us in criteria setting.
Over time, the assumption is that credit-style reputation systems will begin to emerge within the Filecoin ecosystem that Keyko can begin to leverage to validate potential DataCap recipients. In line with traditional Credit Risk modelling, external risk validation and scores will be augmented with our own internal analysis of a potential recipients profile. This data capture and analysis can potentially be aided by the integration of an existing Credit Risk solution. 
It is Keyko’s intention to begin by capturing vetting information via Github in an open fashion. Recording requests via a public repository will aid transparency in the decision making and allocation processes, as well as with any potential dispute resolution scenario. 
Keyko assumes that only Personally Identifiable Information (PII) would need to remain private. In the case that PII is present/required, Keyko intends to use the data ephemerally so as not to establish itself as a Data Controller under GDPR. Additionally, Nevermined could be used to access and analyze certain data, like PII, that is not available on-chain and must remain secure. 

Are there any internal processes you plan on impelementing regarding the target, amount, or rate at which you'll allocate DataCap?

The rate and amount at which DataCap is allocated is dependent entirely on demand by targets. As stated previously, Keyko will begin by focusing on targets known locally within our ecosystem first. This will help in creating and validating a strong allocation process and target identification methodology. 
Once the foundation of this process is in place, Keyko will work on extending the existing automated allocation process that we have currently built into the Verified Clients solution. This could potentially incorporate a credit risk style Data Risk solution to help with allocation efficacy and reduction in allocation rate latency.
Regarding PII, this information will be handled securely only by limited, known Keyko actors and stored ephemerally, where applicable, to reduce the risk of a data breach. 

How do you plan on securing the DataCap to ensure your organization (and its delegated members) are the ones allocating the DataCap?

At a minimum, we plan to use a Ledger Nano hardware wallet to secure address keys associated with our DataCap allotment. Keyko has an existing internal process for managing these assets that can be reviewed by Filecoin, if required. 
We are also experienced with key rotation, and may implement a multisig approach to DataCap management should the need arise.

Client Due Diligence

How will you vet your Client to ensure they are spending that DataCap responsibly?

The amount of Due Diligence or Know Your Customer (KYC) analysis that needs to be done is a function of the requested amount. Small requests obviously carry the burden of less risk and, correspondingly, may require less validation. Large requests, however, may necessitate extensive review before the DataCap allocation can be made. 
Regardless of the requested amount, a client should be assigned a DataCap Risk Rating score upon making a request. The following is an example of the decision matrix Keyko will employ when justifying or denying an allocation:

![image](https://user-images.githubusercontent.com/1726644/101881321-86efe780-3b94-11eb-8d8b-2057baa783d1.png)

Standard KYC has three core components, each broken down into corresponding criteria. These components are: 
1. Customer Identification Program (CIP);
2. Customer Due Diligence;
3. Ongoing Monitoring.
Keyko will employ a permutation of the above when validating client requests. 

**CIP**
For low DataCap request sizes, simply validating the requester's network and online reputation may be sufficient. In this case, validating their associated Filecoin addresses and history, along with rudimentary online presence like Twitter profile, would have merit. 
For large DataCap request sizes, however, the following CIP information may be requested from the requester:
- Full Name
- Government Issued Documentation
  * Passport
  * Driver’s License
  * Government ID Card
- Document Number
- Document Issue and Expiry Date
- Address of Residence (for Address Verification)
  * Utility Bills
  * Bank Statement
  * Rent Agreement
  * Employer Letter
  * Insurance Agreement
  * Tax Return
- Image of the Person
- Date of Birth (for Age Verification)
- Nationality

In addition to the above, for organizations requesting DataCap, the following information may be required:

- Public Articles of Incorporation
- Tax Number
- Signatory Authorization 
  * Power of Attorney 
  * Letter of Board Approval
  * Public disclosure of signing authority

(Please note that the above is just a guideline of information that may be requested by Keyko depending on the DataCap size request and the associated DataCap value. Receiving and auditing this information is incredibly onerous for both the requester and Keyko, so establishing alternative means of verification must also be pursued, preferably in conjunction with the other Notaries.)

**Due Diligence**

Due Diligence is that act of validating that the submitted information is in fact valid, authentic, and non-dubious. Given that the Notary role is an unremunerated role within the network, Keyko does not plan to perform the same level of Due Diligence as a financial institution (i.e. Anti-Money Laundering checks). However, validating the cohesion of submitted CIP information, like cross checking email name and domain against LinkedIn name and employer, is a relatively simple act of checks and balances that can be performed manually (at least initially). 

**On-Going Monitoring**

After an allocation is made, Keyko may need to remain diligent that the client is allocating their allotment as intended. This may require monitoring clients from time-to-time, as well the client’s network/public reputation.

What questions will you ask to ensure the Client can properly handle the DataCap you intend to allocate to them?

1. Please tell us who you are and provide corroborating evidence (i.e. links to Github, Twitter, email, website, LinkedIn, etc.).
2. What is your Filecoin address?
3. How long have you been engaged with Filecoin?
4. Do you already hold FIL?
5. Have you previously deployed DataCap?
    a. If yes, 
        - Can you please identify the Notary that granted the DataCap?
        - Can you please explain how it was leveraged (i.e. use case, distribution, involved Miners, etc.)?
        - Were you successful in deploying your full DataCap allotment?
        - Did you encounter any disputes or arbitration issues when deploying your DataCap?
6. How much DataCap are you requesting?
7. Have you ever been associated with malicious actors in the Filecoin network?
    a. If yes, please describe the situation.
8. Please explain why you are requesting this amount of DataCap? What is the use case that you intend to support?
9. Please describe, to the best of your ability, the downstream effects that this DataCap will have.
10. Please describe the end user of this allotment.
11. Do you have any pre-existing relationships with Miners?
      a. If so, can you please identify the Miners?
      b. If not, can you please articulate your plan to attract and validate a Miner’s ability to support the proposed use case? 
12. How many Miners will you deploy your DataCap to?
13. Which regions do you plan to deploy the DataCap to?
14. Please elaborate on how you plan to leverage your DataCap allotment to support the concept of decentralized data storage.

Depending on the level of KYC required based on the DataCap request, the following questions may also be required:

15. Please describe your organization in more detail:
      a. Company Legal Name
      b. Public Registry Information. Please include company officer information
      c. Nature of your business
      d. Number of employees
      e. Website
      f. Social media information (Twitter, LinkedIn, etc.)

What processes will you employ to confirm that a Client is not improperly over-allocating DataCap to a single entity?

Understanding a client’s decentralization motivations, as well as the use case, will be critical in evaluating allocation impropriety. However, certain incentives could be utilized, like increased DataCap size for greater Miner diversification. Making Miners aware of the hosting opportunities will also be critical in leveraging their ability to attract clients for greater decentralization.
Monitoring impropriety will initially be done in an ad hoc fashion as guidelines and standards are established. Keyko’s plan is to rely on our network, as well as to court new relationships with high  caliber Miners, so that our network can help us police improper allocations.

Bookkeeping Plan

Do you plan on keeping records of your allocation decisions? If so, with what level of specificity do you intend to respond to any audit requests?

Keyko’s existing Treasury function is quite robust, and can be leveraged to ensure proper functioning of the system. Currently we are planning to use the Fielcoin Notary repo for client requests; however, please note that we are still validating the pros and cons of this approach and may choose to accept requests via a separate, open repo. Regardless, because we plan to leverage an open Github repository for all requests, evaluations and approvals, the allocation decisions should be fully transparent and publicly available. The only foreseeable issue will be in the case that some validation against PII must be performed, in which case information must be kept private and secure. 
As stated previously, Keyko plans to mitigate these risks initially by working with members of our existing network, and gradually expanding our allocation capacity over time.
Lastly, we could go so far as to employ software designed to track allocations, and make this information publicly available. For instance, we are using Polychain’s accounting project for our Celo validator. This solution could be repurposed for DataCap allocations that are then publicly available for any audit requests.
In the event of dispute, it is Keyko’s assumption that the Root Key Holders will provide an arbitration function, so working with them to understand what type of information they need to adjudicate a dispute will be critical.

Do you plan on conduct your allocation decisions in public (e.g. Github repo), private (e.g. over email, Telegram, etc), or both?

Keyko will conduct its allocation decisions in public via Github, with the possibility of migrating to an automated decision making/voting tool in the future, like the solution we built for Bancor. 

Track Record

Past allocation

Have you previously received DataCap to allocate before? If so, please link to any previous applications.

No, we have not previously received DataCap.

Cumulatively, how much DataCap have you previously successfully allocated?

Not applicable.

Have there been (or are there still) any disputes raised against you from your previous DataCap allocations?

Not applicable.

[jnthnvctr]

Hi @aaitor based on your application, we have scored as follows: https://docs.google.com/spreadsheets/d/1TXzfT9idQHEFAD5pbCQ6Kayeqjb7J0oPWwOJQ-Q10k4/edit?usp=sharing

Eligibility score: 2 Unrounded score: 1.7

[jnthnvctr]

Hi @aaitor - as mentioned on the governance call yesterday, your team was in the top of your region for being a prospective Notary! Prior to confirming your role as a Notary, there are a few items that need to be affirmed:

1. Please acknowledge the region of operation in which you tend to primarily focus: [EUR]

2. Please confirm each of the following items below (you can do this by adding a line under each section agreeing that you'll abide by these operational principles.

• Upfront Disclosures: Prior to being confirmed as a Notary, Notaries are expected to disclose all relevant addresses which they control, have a financial stake in, or are strongly connected to by other means. For the disclosure, the Notary should state the relevant addresses and the nature of the relationship.

• Promoting Client Best Practices: Notaries agree to educate approved clients about the best practices for using their DataCap (e.g. how to request additional services from miners, storing data redundantly across many miners, etc). Some reference information can be found here.

• No Self Dealing: To prevent conflicts of interest, Notaries should not allocate DataCap to Clients over which they control the private keys, or to a Client who intends to specifically spend the allocated DataCap with an address affiliated with the Notary. When in doubt, Notaries should bias towards transparency (i.e. public disclosure) or to getting a different Notary to handle the individual request.

• Operating in good faith: Notaries hold a position of trust in the network, and as such it is expected that they operate keeping the Principles of this mechanism in mind. While each form of abuse cannot be exhaustively defined, Notaries are expected to bias towards caution and act in a way that promotes transparency. Notaries should expect to potentially receive requests or questions for allocation decisions (within reason) - and should make decisions with this in mind.

3. Please list any addresses you are affiliated with below - stating the nature of the relationship. Please refer to the first bullet point in (2) for the definition of "affiliated", and bias towards transparency when in doubt.

4. Please affirm that you will abide by the allocation / client due diligence plan you laid out above.

5. (If ready) - Please confirm the address that should receive DataCap.

[jnthnvctr]

Additionally, if you plan on being listed in the Filecoin Plus Registry - please confirm what information you'd like to have displayed below. Please note that public requests currently write to a public repository (and we can work with you to configure the requests as needed).

"name": "Your Name", "use_case": [ "List", "of", "Use Cases" ], "location": "EUR", "github_user": "notaryc", (optional) "website": "google.com", (optional) "max_datacap_allocation": "100 GB", // To indicate to clients what size allocations you might support. (optional) "private_request": "false", // set as true if you plan on supporting private requests. (optional) "email": "youremail@a.com", // only needed if you are supporting private requests "info": "" // You can use this to share information with Clients about your allocation strategy / reqs

[dkkapur]

@aaitor - when possible, please explicitly acknowledge and confirm the previous points raised by @jnthnvctr so we can proceed with confirming you as a Notary.

[aaitor]

@jnthnvctr , here the answers:

1. Please acknowledge the region of operation in which you tend to primarily focus: [EUR]

Yes, I confrom the region of operation is Europe

2. Please confirm each of the following items below (you can do this by adding a line under each section agreeing that you'll abide by these operational principles.

• Upfront Disclosures: Prior to being confirmed as a Notary, Notaries are expected to disclose all relevant addresses which they control, have a financial stake in, or are strongly connected to by other means. For the disclosure, the Notary should state the relevant addresses and the nature of the relationship.

Yes, we confirm

• Promoting Client Best Practices: Notaries agree to educate approved clients about the best practices for using their DataCap (e.g. how to request additional services from miners, storing data redundantly across many miners, etc). Some reference information can be found here.

Yes, we confirm

• No Self Dealing: To prevent conflicts of interest, Notaries should not allocate DataCap to Clients over which they control the private keys, or to a Client who intends to specifically spend the allocated DataCap with an address affiliated with the Notary. When in doubt, Notaries should bias towards transparency (i.e. public disclosure) or to getting a different Notary to handle the individual request.

Yes, we confirm

• Operating in good faith: Notaries hold a position of trust in the network, and as such it is expected that they operate keeping the Principles of this mechanism in mind. While each form of abuse cannot be exhaustively defined, Notaries are expected to bias towards caution and act in a way that promotes transparency. Notaries should expect to potentially receive requests or questions for allocation decisions (within reason) - and should make decisions with this in mind.

Yes, we confirm

1. Please list any addresses you are affiliated with below - stating the nature of the relationship. Please refer to the first bullet point in (2) for the definition of "affiliated", and bias towards transparency when in doubt.

We don't have any Filecoin address yet. We will provide as soon as we create them.

2. Please affirm that you will abide by the allocation / client due diligence plan you laid out above.

Yes, we confirm

3. (If ready) - Please confirm the address that should receive DataCap.

We don't have any Filecoin address yet. We will provide as soon as we create them.

[aaitor]

This is the multisig address we will use to receive and manage the datacap: f2m6qyszn47pd35bqs46on3ebwoo7fd242gog2gbq

[jnthnvctr]

Request Approved

Address

f2m6qyszn47pd35bqs46on3ebwoo7fd242gog2gbq

Datacap Allocated

100TiB

[filecoin-plus-bot]

The request has been signed by a new Root Key Holder

Message sent to Filecoin Network

bafy2bzacebg4wi2gmwnuuigbfiec7kiq44ec2cu6bp264oh6bl3eqfgfo57kk