[NeoID] Design, Discussion and Implementation

[SueNEO]

NeoID is an important feature of Neo3, which provides digital identity solution on Neo blockchain. NeoID is a decentralized ID solution that is compatible with centralized ID solutions. Currently we have an ID solution implemented on Neo2, which is SeraphID, designed by Swisscom Blockchain. We also have an AthenaID whitepaper draft, designed by NGD research team.

This issue summarizes all the possible design schemes for NeoID on Neo3. And we plan to make the decision after discussion with the community and choose a solution to implement.

1. NeoID Design Goals

• Put the control of a user's identity data back in their own hands to solve some "trust" pain points in the real world, such as the risk of information leakage and data silos.

• Meet most ID application scenarios, including identity authentication, digitalization of assets, KYC, etc..

• Ease of use. Makes developer’s work easier.

2. NeoID Solutions

Solution 1: SeraphID

SeraphID is designed by Swisscom Blockchain, which is a good partner of NEO. The implementation of SeraphID has already been finished on Neo2, various tools are available.

SeraphID is a Self-Sovereign identity framework which enable your dApps to support decentralized identity system. Self-Sovereign identity allows users to be in control of their own data and decide what to share and to whom. This solution relies on the W3C standards providing DID and verifiable claims functionalities. It is a simple solution, which has met the requirements of most applications.

More details: #1305

If we use SeraphID as the official ID in Neo3, we can make some improvements on it if necessary. The main task will be migrating existing code to Neo3 which needs only a little workload.

Solution 2: AthenaID

AthenaID is designed by NGD, it is relatively more advanced and have more features, but it is also more complicated to implement.

AthenaID aims at providing a truly decentralized identity system that can return data rights to users. It is a highly scalable system that transforms “trust or not” into “how much trust” with the newly proposed rating mechanism which allows users to customize trust evaluation models flexibly.

More details: #1306

If we use AthenaID as the official ID in Neo3, we can still make some improvements based on the draft plan if necessary. It will take two people for three months to implement the solution, accroding to the preliminary estimates.

Solution 3: Moonlight

Moonlight is designed by Moonlight team, a group with substantial development experience in the Neo ecosystem. It is already in development by the team.

Moonlight is a self-sovereign identity solution. This implementation uses a hybrid on-chain/off-chain approach to identity which is designed to support industry standard application workflows.

More details: #1313

3. Comparison between the solutions

4. Next Steps

If you support solution 1, vote 👍 and give your reasons. If you support solution 2, vote ❤️ and give your reasons. If you support solution 3, vote 🎉 and give your reasons. If you have other solutions, you can comment in this issue and open a new issue addressing the design of your ID solution if necessary. We will update your solution in the issue if the design is quite complete.

We will summarize the discussion result and make a decision in Dec, and then implement it.

[eryeer]

@SueNEO Seems AthenalID have more advantages from the table in 3. Comparison between the solutions. Could you please list the specific scenarios and advance in this table?

[shargon]

Can be updated the comparison table with MoonLight too?

[Tommo-L]

I think SeraphID is function available and W3C-compliant, just like our built-in oracle, keep it simple and useful 😂 AthenalID is pretty good, but not W3C-compliant, and a litte complex to implementation. Therefore, I recommend we can implement NeoID based on SeraphID

[doubiliu]

Still need to study the implementation details more carefully, choose a solution with higher engineering reliability, or based on the existing solution, and then compatible with subsequent solutions

[SueNEO]

The comparison table will be updated with Moonlight after their detailed design is provided.

[vncoelho]

Such a nice and organized thread! Nice job to all involved and all proposals.

[eaba]

AthenaID being "relatively more advanced and have more features"

[lllwvlvwlll]

Regarding timeline and work required, I believe the Moonlight solution will have a release which is closely aligned with the closure of this decision making process (it is being actively worked on right now). This would make the workload effectively identical to that of seraphID.

Further, there is a resource optimization consideration here as well. I believe the Moonlight team will be implementing its solution whether it is selected here or not; which will introduce market and solution redundancy.

I should also add that the team is open to introducing features and actively collaborating to meet community needs...so if there are features required by the community; we can discuss adding them to our solution. We also want it to be successful for obvious reasons.

[EdgeDLT]

These solutions don't seem directly interchangeable. To my understanding, AthenaID is much more complicated than it needs to be for the more basic/common NeoID uses, and could even prove detrimental for those use cases due to the lack of compliance with existing standards.

That being said, it is still a very interesting system that could extend the application scenarios for NeoID. I think the best solution is to use either Moonlight or Seraph as the core implementation of NeoID, then pursue Athena as an extension to it.

It seems to me that Athena can generate its trust ratings and local trust graphs based on the standard components provided by Moonlight/Seraph. Could also help make it less complicated to implement.

Edit: On Seraph vs Moonlight, my vote is for Moonlight. I don't claim a perfect understanding of how they differ technically, but I do know that the Moonlight team is competent, well regarded in the community for its long-term support of Neo, and is professionally invested in the success of its solution. That is good enough for me, I believe they will do the best job with it.

[jsolman]

I think it is important that the end user can make claims and verifiers can verify them without either of those entities having to deploy a contract. It seems like SeraphID does not support this case.