BLOCKTRUST Credential workflow platform

[GENERAL] Name and surname of main applicant

Björn Sandmann

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Not Incorporated)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

8

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

A no-code SaaS toolbox for building SSI workflows that allow for easy integration. e.g. when a link is clicked, it issues a credential; or when a credential is provided, it generates a sign-in token.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

No dependencies.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

The project will be put under the Apache 2.0 licence.

[SOLUTION] Please describe your proposed solution.

The problem

The blocktrust team has been working on PRISM-related projects, including wallets, mediators, and analytics tools, for over a year and a half (see https://blocktrust.dev). Although PRISM has significantly evolved, its adoption isn't as widespread as we all had hoped. Our experience suggests that one major obstacle is the complexity, concepts, and language surrounding SSI, which is quite different from the general crypto space. Grasping the capabilities of an SDK and writing software to integrate it into one's projects, such as issuing a schema-compliant credential, onboarding user DIDs, or offering a way for a user to provide a credential to a website, is not trivial. Costly proprietary solutions that aim to lock you in without the ability to retrieve your credentials aren't viable options for the community either.

Identifying the gap

When looking at the challenges many projects face with integrating digital identity into their endeavors, it's apparent that these problems are often similar and can be grouped into two main categories:

• Projects that want to issue credentials, for instance, a project where a user should receive a credential for completing a course or where a user should receive a credential for being part of a selected group such as a DAO, or for paying a subscription fee.
• Projects that aim to verify a user's identity, either through a KYC-credential or a simple membership or social credential.

The Atala PRISM SDK (or the agent) provides methods for both these groups (which obviously often overlap), but it lacks the intermediate steps. It misses the ability to model all this in a workflow: if this, then that. Here are a few examples:

• If you fill out a form on a specific page, a previously defined credential is automatically sent to your provided wallet address.
• If you scan this QR code, you are registered and redirected to another page.
• If you send your KYC-credential to this address, it is automatically verified, and an API request is executed to a protected endpoint.
• If you use the sign-in button on my website, a JSON Web Token is automatically issued to you.

Of course, these features can be built out by each project, integrated with the PRISM SDK/agent in their respective codebase. However, it isn't straightforward, and in many cases, these are common problems which don't have be solved over and over again. Each project should focus on their core value proposition and not deal with the code details of SSI which they want to use DIDs and VC for these common use-cases. Think of this proposal as Zapier of IFTTT for SSI.

Bridging the gap

We propose building an open-source toolkit with an easy-to-use UI for enabling these workflows. One should be able to set up these default workflows and modify them to fit the requirements for issuing and validating credentials. We believe this can be achieved without the user writing any code related to SSI. The solution will be completely open-source, based on open standards (refer to the standards section below), and will include a version of the service hosted by us. This way, anyone can utilize it for their project integration. The primary goal of this proposal is to get the SSI adoption finally started. 

Technical details

The solution will be written in C#, compatible with .NET, and can be easily hosted on Windows, Linux, or macOS. It will be shipped as a Docker image, containing both the application and a PostgreSQL database. This allows everyone to run it in their preferred hosting environment, either locally or in the cloud.

The solution will be tenant-based and can be easily set up for a single tenant or multiple ones. Each tenant can establish multiple workflows (based on the "If this, then that" principle) which can be integrated into various projects. The following features are being planned:

Triggers are operations that the application can listen to. Once configured, they can be activated to receive inputs. The inputs could include:

• an endpoint to receive a previously defined POST-request, which may submit one or more of the following fields:
• W3C JWT Credential data
• Peer DID Address
• PRISM DID Address
• Key/Value Pair of Claims
• API-Key
• an auto-generated page containing a form with the same fields mentioned above, along with an arbitrary HTML formatted message.
• an endpoint to receive a previously defined GET request (a redirect) with multiple predetermined query-parameters.
• a DIDComm endpoint for receiving:
• Basic messages, Trust Pings and Problem report messages
• PRISM connect protocol request
• Propose Credential, Offer Credential or Request Credential messages (WACI)
• Propose Presentation or Receive Presentation messages (WACI)

Actions are optional operations that can extract, validate, or transform all or parts of the inputs into an output based on prior configuration. These actions can include:

• resolving a DID
• verifying a credential to ensure it:
• was issued by a predefined DID (or list thereof)
• follows a predefined schema
• contains certain key/value pairs
• checking input values to contain a specific value (e.g., authorization key or DID)

Outputs are executed depending on the action. These could include:

• calling a predefined endpoint on an arbitrary server
• issuing / revoking a credential to a specific DID or even multiples at once using DIDComm
• sending out arbitrary DIDComm messages (e.g., PRISM connect request)
• creating, updating, deactivating, or publishing a DID
• generating a QR code for an Out-of-Band connection
• sending out invites for onboarding

These building blocks of triggers, actions, and outputs can be arranged in an arbitrary manner. Some projects might only need a mechanism for sign-in with a DID, while other projects may require multiple interconnected workflows, from onboarding to credential issuing and various levels of verification. To drive adoption, we'll offer templates for the most common workflows.

In a later stage (not part of this proposal, to maintain a manageable scope), we could add further integrations, such as the ability to integrate with an KYC-provider, listen to operations on the blockchain like a specific metadata payload, a PRISM event (e.g., a new DID published), or a payment sent.

Open standards

To execute on this proposal we target the surface specification of the PRISM agent (2.5) and target the following open standards as they relate to a possible trigger or output in their current official specification: 

DID PRISM, DID Peer, W3C VC Model 1.1, DIDComm v2, Mediator Coordinator protocol, WACI Issue credential protocol, WACI Present proof protocol, Basic Message protocol, Problem Report protocol, Trust Ping protocol, Out of Band (OOB), PRISM Connect protocol

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

Our proposal tries to fill a critical gap in the Cardano ecosystem - the lack of an easy-to-use, adaptable, and open-source solution for managing digital identity workflows. Current solutions demand either deep expertise in the SSI sphere or involve costly proprietary systems that create vendor lock-in situations. Our issuing and credential workflow platform significantly mitigates these challenges by offering an interface that simplifies the process of setting up workflows for issuing and validating credentials. With this, projects can integrate SSI more effectively, focusing more on their core value proposition and less on grappling with the intricacies of SSI implementation.

By fostering a higher adoption of SSI within Cardano projects, our proposed solution enhances trust-based interactions across the ecosystem. SSI empowers users with control over their digital identities, improving security and privacy in their interactions. This, in turn, would strengthen the overall Cardano network, propelling the ecosystem forward in a robust, privacy-focused manner.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Blocktrust has been an active participant in the Cardano ecosystem since early 2022, developing SSI solutions using Atala PRISM from the start. Over the last year and a half, we have been building projects and libraries based on PRISM. Many of these are open-source and all of them provide value. Some notable ones include:

 

• Identity Wallet for the Browser (https://blocktrust.dev/identitywallet)
• Analytics Platform (https://analytics.blocktrust.dev)
• Credential Builder (https://credentialbuilder.blocktrust.dev)
• DIDComm Mediator (https://mediator.blocktrust.dev)
• Plus a collection of open-source libraries for use with PRISM, which can be found here (https://github.com/bsandmann)

 

The Identity Wallet and the Credential Builder have been funded with Project Catalyst and have been already successfully completed. We also have a nearly perfect record of submitting the monthly reports over 1,5 years.

Looking at our reports or our blog, you'll see we're constantly sharing videos, posts, new projects, and code. 

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

Software Architecture, Project setup and Start of development (1 month)

• Create a tenant as an Administrator
• Customize a tenant as an Administrator
• Sign in / sign out as a Tenant
• Update the tenants profile

Acceptance Criteria: Progress report, providing the repository

Cost: 25,000 ADA

Build out a basic trigger-action-output flow(2 month)

• The infrastructure to listen to arbitrary actions, process actions and outputs has to be set up. 
• A UI to create and config a basic flow for the following basic steps has to be created, so that
• a tenant can configure to a page with form-data so that a user could request a credential (provide DID)
• a tenant can configure a simple output, so that the DID will be issued a predefined credential to the wallet of the user via DIDComm (WACI)
• The previously configured flow can be saved, loaded, started and stopped.

Acceptance Criteria: Progress reports and videos demonstrating completed activites listed here

Cost: 50,000 ADA

Extend the basic-flow (2 month)

• A tenant can setup and configure a more advanced flow:
• The flow can now be triggered by a WACI based DIDcomm interaction to request a Credential
• A action can be configured to validate certain parts of the request
• The output could also then be issue the requested credential via DIDComm
• API endpoints are added receive messages from the outside (when hosted as a public service)
• API endpoints are added to trigger actions, and interact with the configured workflows through Http requests.

Acceptance Criteria: Progress reports and videos demonstrating completed activites listed here

Cost: 50,000 ADA

Generalize and improve (2 month)

• Most of the triggers, actions and outputs outline above in the impact section will be integrated.
• A configurable output to generate JWT Tokens will be added
• Basic templates for the most common workflows will be provided

Acceptance Criteria: Progress reports and videos demonstrating completed activites listed here

Cost: 50,000 ADA

Finalization, Documentation and Release (1 month)

• Bug fixing
• A documentation for integrators will be written and provided on a dedicated website
• The open-source projects gets also proper technical documentation and is in a mature state to receive external pull-requests
• The hosted service will go live

Acceptance Criteria: Progress report and video demonstrating the full application

Cost: 25,000 ADA

[RESOURCES] Who is in the project team and what are their roles?

Björn Sandmann (Lead developer)

10+ years of full-stack development with the .net Stack. Focused on identity and privacy solutions. PRISM Pioneer, Atala ASTRO, Plutus Pioneer, already funded & successfully finished proposals. Implemented all technical core functionality of products like the blocktrust analytics platform, the blocktrust mediator and the blocktrust identity wallet. Founder of blocktrust. On the Governace Commitee of the Hyperledger Lab for the Open Enterprise Agent (PRISM agent), Trust over IP Member, DIF member

LinkedIn: https://www.linkedin.com/in/codedata/

GitHub: https://github.com/bsandmann

Ed Eykholt (Development)

20+ years of software product and engineering team leadership. C# developer. Focused on blockchain and identity projects and products since 2015. Atala ASTRO. Working on PRISM related projects with blocktrust over a year. Trust over IP Member. On different working groups related to digital identity.

LinkedIn: https://www.linkedin.com/in/edeykholt/

Github: https://github.com/edeykholt

New Team Member

Blocktrust might hire or contract with an experienced full-stack C# developer to augment Ed and Björn's contributions. The project can still be successful without this additional person.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

Developer cost breakdown: 33 hr/week with 70 USD = 9,240 USD per month = 74,480 USD

Hosting costs for Milestone 1 to 5 while developing: with 200 USD per month = 1,600 USD

Total: 75,520 USD = 200,000 ADA (~0.38 USD/ADA exchange rate)

Project team: (architecture, design, software development, testing, DevOps, community, project management, documentation):

• Björn Sandmann (Lead developer)
• Ed Eykholt (Development support)
• New Team Member (Development support)

The total workload is estimated at about 30-35 hrs/week. Divided among three developers, this leaves plenty of room to also push forward other blocktrust projects, community work, marketing, and the ongoing technical support and maintenance of our digital identity infrastructure.

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

This project's cost is an investment that promises significant value to the Cardano ecosystem by eliminating the barriers that currently hinder the widespread adoption of Self-Sovereign Identity (SSI). Our approach essentially democratizes the integration of digital identity into various projects within the ecosystem, making SSI not just an esoteric coding problem but a practical solution to real-life use cases.

Our deep understanding and experience with the PRISM ecosystem, built over 1.5 years, ensures that we can effectively streamline the process of issuing and validating credentials for various projects. This platform will significantly reduce the time and resources required for project owners to learn, understand, and implement the deeper concepts and different protocols related to SSI, allowing them to focus on their core value propositions.

We computed effort, in hours, and multiplied that by a below-market rate of US$70 per hour (in both Germany and USA) for the expertise of our team. Then we devided this by a recent price of Ada, US$/ada = 0.38. By doing the, the team is taking a downside risk if the price of Ada drops from that point.

[IMPORTANT NOTE] The Applicant agrees to Fund Rules and also that data in the submission form and other data provided by the project team during the course of the project will be publicly available.

I Accept