BLOCKTRUST Identity Wallet (PRISM) v1.0 for Browser, with Shared Features

[GENERAL] Name and surname of main applicant

Ed Eykholt

[GENERAL] Email address of main applicant

ed.eykholt@gmail.com

Additional applicants

Björn Sandmann

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

10

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

Yes

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

We are aiming to align with the currently available version of the PRISM v2 specification (https://github.com/input-output-hk/prism-did-method-spec). Our objective is to create a solution that can work seamlessly between Blocktrust and the PRISM components.

We will contract for an external code security review.

We will engage an attorney for helping with our Terms of Use and Privacy Policy.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Project will be fully open source. The compiling of the source may depend on external components that are available only in binary form.

[METADATA] Category of proposal

Identity Solutions

[IMPACT] Please describe your proposed solution.

The solution we're developing builds upon the results of our Fund 9 Blocktrust Identity Wallet project (https://projectcatalyst.io/funds/9/f9-dapps-products-and-integrations/blocktrust-identity-wallet-prism), which we plan to complete by October 2023. At that stage, we'll have an Alpha version with the most essential features, which can be showcased. We encourage you to visit our website (https://blocktrust.dev) and watch the videos to understand better the progress we've made thus far.

The Wallet operates on the principles of self-sovereign identity (SSI) and utilizes Atala PRISM technology. Self-sovereign identity lets you have multiple digital identities (personas), composed of a decentralized identifier (DID) and a collection of verifiable claims, or Verifiable Credentials, about you.

These Verifiable Credentials (VCs) are generated by entities called Issuers. The VCs contain information about you (you're the Subject), and you hold them (making you the Holder). You can then present these verifiable claims to another entity called a Verifier.

Our Wallet not only receives these VCs from Issuers but also supports the roles of a Holder and a Verifier. It essentially lets you collect, store, and present your verifiable credentials.

The VCs are of type W3C JSON-JWT, and additional types will be added in the future. The communication protocols between agents (e.g. issuer-to-holder, holder-to-verifier) are based on Hyperledger Aries, and make use of a DIDComm v2 Mediator service, which the user can specify, one of those being Blocktrust's.

Additionally, our Wallet also uses DIDComm and a Mediator to implement secure, end-to-end encrypted chat messaging between you and another Wallet user or with any other compliant identity agent.

This Wallet is designed as a browser extension for desktop computers, with Chromium-based browsers. In response to our experiences and input from users, Blocktrust is enhancing the Wallet by adding new features, improving the user interface, and refining the underlying architecture.

Key points about our technical implementation include the use of .Net C#, Blazor, and the fact that it's set up as a browser extension with a Manifest v3 package (providing more safety than is offered by many password managers still based on v2).

Additionally, a significant portion of the code that will be developed in this Fund 10 proposal will be reused. A portion of shared code from the browser wallet will also form a common foundation for the Blocktrust mobile wallet apps for Android and iOS. Details about those mobile are provided in the separate Fund 10 proposals.

The primary architectural components are depicted below:

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Using decentralized identity wallets and agents such as Blocktrust's, developers of decentralized applications (dApps) or centralized solutions interfacing with the Cardano ecosystem will be better equipped to fulfill their goals. These often involve establishing trust between different parties and ensuring regulatory compliance. Without the availability of Blocktrust's wallet, developers could face increased risks. They may find their progress impeded or become overly reliant on another provider's identity wallet solution, limiting their flexibility.

[IMPACT] How do you intend to measure the success of your project?

We plan to gather user feedback through a specific Discord channel dedicated to this purpose. Additionally, we'll keep track of the number of times our product is downloaded from the Chrome Web Store after it's released for beta testing and when it's made generally available. These download numbers will give us tangible data about our product's reach. We're also currently investigating potential ways to generate revenue from the product in the future.

[IMPACT] Please describe your plans to share the outputs and results of your project?

Blocktrust will keep the Cardano community informed about our progress by providing updates as we achieve each of our milestones, typically on a monthly basis. We'll be communicating through Catalyst progress reports, our dedicated Discord channel, and videos showcasing the latest features of our product.

Occasionally, we may interact with the community in real-time during the Catalyst After Town Hall sessions. These sessions will give us an opportunity to show our progress and collect immediate feedback.

When it comes to actual product releases, such as the beta version and the v1 release, we will make them available for download on the Chrome Web Store.

We intend to evolve the wallet for many years to come based on users' feedback, our current strategy for our product suite, and our traction toward executing a successful business model.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

Blocktrust is committed to the vision of widely implementing top-notch Self-Sovereign Identity (SSI) solutions for the Cardano ecosystem.

Our team currently comprises two seasoned software engineers, both of whom have an track record of successfully delivered projects (as seen on our website). Throughout our Fund 9 projects, we've demonstrated an excellent collaborative spirit. To further boost our productivity during this project, we plan to bring on board an additional full-stack C# developer.

Our robust performance in the Fund 9 and earlier projects, as evidenced by our accepted milestone reports and informative videos, underscores our capacity to deliver high-quality results. We've also established good relationships with key members of the Atala PRISM team and several early adopters within the Atala Astros group.

In our nearly concluded Fund 9 wallet project, expected to complete by October 2023, we've surmounted unexpected challenges and exceeded our initial project scope. Notably, we began the project on the PRISM v1 infrastructure. However, after IOG discontinued its support for v1 following the launch of v2, we adapted. Our Fund 10 wallet and its underlying infrastructure will align with the publicly released PRISM v2 specification. Beyond the original scope of Fund 9, we've introduced additional features like DIDComm - a safe, decentralized, and encrypted peer-to-peer communication protocol.

As we proceed with the Fund 10 project, we anticipate encountering similar challenges and opportunities for enhancement. We are ready to tackle these head-on, with tenacity to ensure we deliver a product of substantial value.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

Project Goals:

*Improve the wallet's features and overall quality, moving from its alpha release state (expected upon the completion of the Fund 9 project) to public releases (including Beta and General Availability).

*Continue to expand and preserve our wallet's interoperability with W3C Verifiable Credentials (JSON-JWT), the Atala PRISM v2 specification for on-chain transaction metadata, DIDComm v2-based communications, and the Hyperledger Aries credential exchange protocol.

*Test and showcase the above-mentioned interoperability with other identity agents compatible with our system.

*Facilitate the resolution of significant, comprehensive use cases involving decentralized identifiers and verifiable credentials, which would be beneficial for the dApp developers community.

*Promote discussions with other Cardano teams that require DIDs and verifiable credentials, and be prepared to advise on how our features can be integrated into their workflows.

Our approach's validation will be gauged through feedback from the DApp teams. We anticipate this feedback to be based on their experience with our Beta and Generally Available releases, as well as their ability to incorporate these into workflows that help them address their end-to-end use cases and business scenarios.

The implementation of the wallet is coded in .NET C# Blazor as a Web Assembly (WASM) browser extension for Chromium-based browsers.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Before establishing the sequence of milestones, we constructed a comprehensive work breakdown structure (WBS). This structure outlines all the current and anticipated work areas and significant work items, including estimates of the effort each will require. We've made a snapshot of this WBS available here: https://shorturl.at/euvQT Please note that this link is not an official part of the proposal, as it contains more detailed information than what we are formally committed to delivering.

The WBS also contains certain items that fall outside the scope of this Fund 10 proposal, and these are clearly marked. This might be because those tasks are covered by a separate Fund 10 proposal or because we are indicating a future feature intention, where we welcome feedback about those from proposal reviewers. If reviewers believe these features are crucial and would benefit other projects if included, we encourage them to voice this opinion.

Following the creation of the WBS, we took into account task dependencies, resourcing requirements, and scheduling considerations. This was done with the aim of resolving the most significant project risks early on. Our milestone creation was designed to align with Catalyst's typical monthly payment schedule and to maintain a focused, agile approach to our deliverables. We've incorporated some slack into our schedule, which would allow us to participate in other activities, including the execution of additional Fund 10 proposals.

Upon successful funding of this proposal, we'll provide a precise Statement of Milestones.

Milestones 1-6, Development Iterations

Key Activities: Design, Development, and Testing

Planned Finishes: 2023-11-01, 2023-12-01, 2024-01-01, 2024-02-01, 2024-03-01

Acceptance Criteria: Progress reports and videos demonstrating completed activites after each milestone iteration. Release open source code by end of milestone 5

Cost per Milestone 1-6: 65,000 ADA per milestone, totaling 390,000 ADA .

Milestone 7, Beta Release

Key Activities: Finalize and publish the Beta Release

Planned Finish: 2024-04-01

Acceptance Criteria: Progress report and ability to download, install, and use the Beta release.

Cost: 15,000 ADA

Milestone 8, Completed Final Testing and Bug Fixes

Key Activities: testing and bug fixing

Planned Finish: 2024-05-01

Acceptance Criteria: zero critical or high severity bugs

Cost: 15,000 ADA

Milestone 9, Generally Available Release

Key Activities: Finalize and publish the Generally Available Release

Planned Finish: 2024-06-01

Acceptance Criteria: Progress report and ability to download, install, and use the GA release.

Cost: 15,000 ADA

Milestone 10, Collected Feedback, Project Closure

Key Activities: Engage with users and integrators

Planned Finish: 2024-07-01

Acceptance Criteria: Progress report and videos

Cost: 16,000 ADA

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Ultimately, we'll produce software releases and supporting website documentation. Along the way for each milestone, we'll also produce a progress report and a video demonstrating our progress.

The intended outcomes over time are to reduce overall project risk after each milestone and produce an increasingly more stable product design, highter quality code, and more automated tests.

The major releases are Open Source Code (M5), Beta (M7), and General Availability (M9). In addition to the software, we expect to receive increasing interest from dApp development teams, including enterprises, in their using the Wallet in their solutions.

We'll create an agile product backlog, and manage it through a tool such as Azure DevOps, Trello, or Google Sheets. We won't measure our development progress with detailed metrics (e.g. story points, planned/actual work, estimated remaining work). We will re-estimate remaining work compared with available work capacity occasionally. We may cut minor features or minor Ux enhancements if we are crunched for time, especially after the Beta Release.

Milestones and completed deliverables:

Milestone 1

Address architectural changes needed

Upgrade to .Net 8

Refactor code to enable cross-platform

Implement new UI Grid control for pages with lists

Improve overall navigation

Milestone 2

Harden code for browser extension and WASM

Update manifest v3 to assure minimum permissions are requested

Extend cryptography support to also include Ed25519 for PRISM DIDs

Complete wallet setup Ux flow to final design

Milestone 3

Refactor and harden the key vault and storage

Implement a Key Management Ux

Assure all Ux components in place and consistent

Assure complete implementation of about half of the SSI protocols

Implement tooltips and some level of in-app help

Milestone 4

Finish implementation of remaining SSI protocols

Conduct security review

Review Ux design as implemented

Verify proper globalization (locales)

Milestone 5

Review with attorney the Terms and Privacy Policy

Assure automated Unit Test for critical components

Implement more complete mock services for testing and demo

Finish implementing automated end-to-end integration tests

Finish automating UI tests

Release Open Source

Milestone 6

Complete writing of manual tests

Pre-beta manual testing

Bug fixes before Beta

prepare for Beta

Milestone 7

Update website

Release Beta

Begin to collect Beta Feedback

Attend IIW Conference

Milestone 8

Pre-release manual testing

Bug fixes before GA Release

Milestone 9

Generally Available Release

Milestone 10

Engage with potential dApp users

Produce polished videos

Catalyst close-out report

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

Project team: (architecture, design, software development, testing, DevOps, community, project management, documentation)

• Ed Eykholt = 320,000 ADA
• Björn Sandmann = 91,000 ADA
• New Team Member = 0 (if added, they will be allocated portion of above)

Third party products and services:

• hardware = 0
• software licenses = 0
• cloud services = 0
• code auditing / security review = 20,000 ADA
• legal services (Terms of Use and Privacy Policy) = 20,000 ADA

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

This project brings direct value in accelerating the implementation of many use cases involving trust for many participants in the Cardano ecosystem, especially for holders and verifiers of credentials. Without good identity wallets like Blocktrust's, the completion and adoption of many dApps and enterprise solutions will be slowed. That's a large opportunity cost to the Cardano ecosystem, which far exceeds this project's cost.

We computed effort, in hours, and multiplied that by a below-market rate of US$70 per hour (in both Germany and USA) for the expertise of our team. Then we devided this by a recent price of Ada, US$/ada = 0.28. By doing the, the team is taking a downside risk if the price of Ada drops from that point.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept