PRISM Verifiable Credential badges

[GENERAL] Name and surname of main applicant

Björn Sandmann

[GENERAL] Email address of main applicant

sandmann@codedata.solutions

Additional applicants

Ed Eykholt

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

5

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

No dependecies.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Project will be fully open source. The compiling of the source may depend on external components that are available only in binary form.

[METADATA] Category of proposal

Identity Solutions

[IMPACT] Please describe your proposed solution.

The Problem

To determine if websites, service providers, or projects of any kind can be trusted, in the Web 2.0 world we use review systems, trust badges or simply the search rank on the results page of a search engine. Often, however, these signs of trust are manipulated, paid for and fabricated by fake reviewers. Projects put fake endorsements of well-known companies or people on the website, or use company logos of trusted companies as advertisements without their consent or knowledge.

 

A solution

Web 3.0 offers the possibility of making statements by companies or people about one another cryptographically verifiable. Trusted entities (e.g., domain experts) can delegate their hard-earned trust to others by endorsing their work. A few examples:

 

• You completed a course on Plutus or PRISM, you could now show a verifiable badge of completion by embedding it into your Github profile, website or any other page.
• IOG has confidence in a Catalyst project and makes a positive statement about them: instead of a mere HTML text on a project web page, a visitor can cryptographically prove the statement and trace it back to a DID of IOG.
• A startup is sponsored (e.g., by Microsoft) and would like to embed the Microsoft logo on the website to establish trust with new customers. Instead of simply embedding a JPG, the permission issued to use their badge, which may be time-limited, can be checked. As soon as the permission expires, the logo/badge of certification also disappears from the website.
• The use cases are numerous and come to light most notably when previously unknown persons/market participants emerge on the scene, whose trustworthiness cannot be assessed by traditional means (research, sufficiently large number of reviews). The crypto space itself is the best example of this dilemma: nowhere is one more reliant on third-party testimonies about trustworthy and quality projects, and nowhere is the misuse of false credentials greater than in the crypto space. The proposal is by no means limited to web3, and instead should allow everyone to verify third-party statements on websites.

 

Technically, the project is based on Atala PRISM and uses DIDs to identify both the identity of the person making the statement (Issuer) and the recipient of the statement (Holder). The statement itself is called Verified Credential and could be just a short note, a lengthy review, or a picture (logo or badge representing some kind of achievement). The core of the project consists of a web service that periodically checks statements that have already been published for their validity and provides a customizable JavaScript snippet to display the given statement on a website or online-shop.

 

For a visitor of the website, the statement is initially a piece of JavaScript code which gets evaluated and rendered. By clicking on the statement, the visitor can cryptographically trace the statement and verify its authenticity. The revocation of statements by their respective issuers is by design possible and an essential feature. In contrast to Web 2.0, statements that are no longer valid cannot be displayed any longer, instead of sitting unchanged on a website forever.

 

A technical overview of the implementation can be found on the website: https://blocktrust.dev/webcredentials

 

The service consists of a web portal, with three sections geared towards the different use-cases:

 

Management Area (Holder)

In the management area, website owners can use a DID to register (e.g., using the blocktrust identity wallet) and provide proof of domain ownership (document upload/nameserver entries) or control over a page (e.g. GitHub). With that proof, an API token and a JavaScript snippet is generated, which can be placed on the page by the domain owner. Basic customizations (color scheme, number of statements to be displayed) can be made. In the next step, invite links can be created to be sent to the issuers who should provide the content of the credential or who should just sign the already prepared credential. Alternativly the Holder can directly send an existing Credential (Presentation Proof to be precise) to the platform itself. This happens via DIDComm and the WACI Present Proof flow. In this case, no one else is needed to issue a Credential as it already exists.

 

Certifier Area (Issuer)

Logging into the certifier area is done by receiving an invite-link and authenticating with a browser wallet. After logging in, it is possible to proceed with the authoring of one's own statement or the signing of a statement crafted beforehand by the future holder. Different templates for endorsements, reviews, or the embedding of logos are available.

With the completion of this process, the statement is cryptographically signed by the issuer and is now available as a Verified Credential on the Cardano blockchain.

We believe that the signing process must be as simple as possible. If somebody wants to get an endorsement from someone everything has to be prepared, and paid for so that the endorser just has to follow the link, quickly review it and click on a “Sign”-button in this identity wallet.

Verifier API and Portal

As the credential appears in the one's browser, it is automatically cryptographically verified in the background. This is necessary because statements, once made, can be revoked or become invalid. The power to withdraw statements is always completely in the hands of the issuer. Through different caching techniques and periodic verification, the statement always remains up-to-date and matches the data found on the blockchain. For performance reasons, an array of optimization techniques can be used to make the rendering of the statement on the website as fast as possible.

Clicking on a verifiable statement/logo/badge on a website takes the user to the service's verifier portal to obtain detailed cryptographic evidence of the statement's origin to ensure that the statement was actually issued by the expected entity

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

As a usable product, this proposal adds immediate value for the Cardano identity ecosystem around PRISM:

• The use of DIDs are a prerequisite of these cryptographically signed statements. Thus, the proposal promotes not only the direct adoption of DIDs and the use of Atala PRISM but also the entire SSI ecosystem.
• Through the publicly visible use of the Verified Credentials on websites, the project also creates a multiplier that generates a much stronger growth effect than verified credentials that are private in nature and have no external visibility (e.g., credentials in a user's wallet that rarely need to be presented).
• Existing and newly founded projects can get trust delegated to their project based on statements made by trustworthy and known entities. The willingness to try out new scripts or projects increases significantly if it is evident that a project is verifiably supported.
• Cryptographically verifiable endorsements can also be used in online-stores to promote sales. The cryptographically verifiable way of proving the origin of a statement is superior to the often expensive and very questionable trust badges of existing providers in the Web 2.0 world.
• Other parties, like politicians, well-known personalities, magazines and journalists or product testers can use the system to support trustworthy projects o. products. This includes not only companies, but also social institutions and NGOs, which typically depend on trusted recommendations.

In short, this proposal is not only aligned with the challenge, but also helps the ecosystem as a whole to grow by focusing on what is the hallmark of Cardano: reliability and trust.

[IMPACT] How do you intend to measure the success of your project?

Success can be simply measured by how often these badges are used and embedded. Additionally, we would gauge success by the community's interest in the project itself on GitHub. We are very much open to ideas and improvements, such as integrating additional credential types in the future.

But success is not measured by user numbers, but by the progress and success of the entire ecosystem. With this proposal, we are delivering a tool to make our ecosystem even better at what it is already good at: delivering great and trustworthy solutions.

But it is not all about projects which like to get a verifiable badge or endorsement on their webpage. It’s also about individuals, who complete courses and want to show off what they have achieved. Maybe just to build their reputation as an expert, but perhaps to finally get a new job.

[IMPACT] Please describe your plans to share the outputs and results of your project?

During development, we will write a blog entry every two weeks at www.blocktrust.dev/blog, which will provide information about the advancement of the work. This allows the community to follow the progress during this busy time. In the blog entry we will report on the technical details of the work and at the same time state whether we are within the predicted time window of release.

Regarding the code: The project will be fully open-source under Apache 2.0 and developed in a public accessable GitHub repository.

We are well aware of the trust put into a funded project like this by the community and are happy to be as transparent as possible. In the end, this proposal is all about trust.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

Blocktrust has been an active participant in the Cardano ecosystem since early 2022, developing SSI solutions using Atala PRISM from the start. Over the last year and a half, we have been building projects and libraries based on PRISM. Many of these are open-source and all of them provide value. Some notable ones include:

• Identity Wallet for the Browser (https://blocktrust.dev/identitywallet)
• Analytics Platform (https://analytics.blocktrust.dev)
• Credential Builder (https://credentialbuilder.blocktrust.dev)
• DIDComm Mediator (https://mediator.blocktrust.dev)
• Plus a collection of open-source libraries for use with PRISM, which can be found here (https://github.com/bsandmann)

Several of these projects, such as the wallet and the Analytics Platform, have been funded via Catalyst and are either nearing completion or awaiting the close-out report. Other projects have been completed due to ongoing interest in the ecosystem.

Looking at our reports or our blog, you'll see we're constantly sharing videos, posts, new projects, and code. We plan not only to continue doing that, but even to scale up our effort by hiring at least one additional developer.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

• The primary aim is to offer an open-source solution for the display of public credentials, such as achievements, roles, or endorsements.
• Another objective is to gain traction both within and outside the Cardano community, with an increasing number of people incorporating verifiable credentials into their websites and profile pages. As previously indicated, this can be precisely quantified. A success benchmark would be the creation of at least 500 Trust Badges within four months post-launch, with a potential additional 5,000 Trust Badges within one year of launch. Organic growth is anticipated in all scenarios, but actual numbers could be significantly lower or higher.
• We also aspire to contribute to the growth of the ecosystem. The technology of Atala PRISM provides us with a unique growth factor that distinguishes us from numerous other blockchains.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Milestone 1: Project start, architecture and setup (1 month)

Key activities: Development

Planned Finishes: 2023-11-01

Acceptance Criteria: Progress report, providing the repository, intial concept presentation, first code

Cost: 34,250 ADA

Milestone 2: Development towards an MVP (1 month)

Key activities: Development

Planned Finishes: 2023-12-01

Acceptance Criteria: Progress report, showcasing the MVP in a video

Cost: 34,250 ADA

Milestone 3: Refinement and new features (2 month)

Key activities: Development and design UI and badges

Planned Finishes: 2024-02-01

Acceptance Criteria: Progress report, showcasing the features in a video

Cost: 56,000 ADA

Milestone 4: Finalization and rollout (1 month)

Key activities: Development, creating documention and initial promotion

Planned Finishes: 2024-03-01

Acceptance Criteria: Progress report, showcasing the complete application in a video. Links to samples for different kind of working embeddings.

Cost: 34,800 ADA

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Milestone 1: Project start, architecture and setup (1 month)

The first milestone is about project setup, the basic application architecture and writing the first code

• Setup of the cloud services
• Basic architectural building-blocks in code
• Bootstrapping of the management, certifier, and verifier API

 

Milestone 2: Development towards an MVP (1 month)

For the second milestopne, it is all about getting the core of the application and the backend-services ready:

• Implementing a basic version of the frontend (most likely written with Vue or Blazor)
• Setup of a Testing-suite (Unit- & Integration-Tests)
• Integration of a continuous integration pipeline
• Proof of concept showcase of the full pipeline, including simple JS-snippets for websites.

Milestone 3: Refinement and new features (2 months)

After milestone 1 we already should have an MVP and will continue refining the product for milestone 2. This includes:

• Working on fleshing out all three portals and APIs to a production-level quality with basic functionality.
• Setup of CDNs and a caching strategy for fast delivery of the embedded credentials
• Integration of different wallets and support of authentication using DIDs.
• Developing of basic customization features for the JavaScript-snippets in the Portal
• Designing and preparing templates to use.
• Testing and launching the product for first selected users to gather feedback.

 

Milestone 4: Finalization and rollout (1 month) 

For the last milestone it is all about bringing the software to the users, but also to prepare everything to run on mainnet:

• Integration of payment-mechanism for the ability to run on mainnet (including smart-contracts to refund payments for credentials which were paid for, but not signed by an invited issuer)
• Creating documentation and learning material so that everyone understands how to integrate the web-credentials into their profiles and websites.
• Getting promotion material ready and run a small educational marketing campaign to make it more known in the space.

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

Team:

Backend-Engineer working for 100 h/month over 5 months: 500 hours total. With a rate of 70 USD, this would amount to 35,000 USD = 125,000 ADA

 

Designer: Concept and design of the project website, marketing material and endorsement icons/badges. Estimated 70 h of work at a rate of 70 USD/h. Totaling 4,900 USD = 17,500 ADA

Marketing:

As outlined before, a small marketing effort starting with the MVP should be accounted for. Estimated 40 h of work over a time span of 2-3 months at 70 USD/h. Totaling 2,800 USD = 10.000 ADA

 

Infrastructure Costs:

Servers and Infrastructure for the initial 5 months of development plus additional 7 months after launch with a budget of 160 USD/month. 1,920 USD = 6,800 ADA

 

Overall 159,300 ADA

A contingency for budget overruns is not necessary in our opinion, since we are already below our normal hourly rates and are willing to take financial cuts to be able to implement this project. Delays or increased costs will be covered by us personally.

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The team is experienced and has worked with PRISM for a long time, shipping a wide range of products, projects and services. With this experience the work is very much focused and efficient.

The solution itself provides an excellent method of showcasing verifiable credentials, which are typically stored in one's wallet. This exposure to a wide audience serves as a beneficial strategy to make more people notice, and hopefully, use digital identities on Cardano.

We computed effort, in hours, and multiplied that by a below-market rate of US$70 per hour (in both Germany and USA) for the expertise of our team. Then we devided this by a recent price of Ada, US$/ada = 0.28. By doing the, the team is taking a downside risk if the price of Ada drops from that point.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept