Last updated a month ago
The Internet Protocol doesn't provide an authentic identity layer, and most web authentication and authorization mechanisms today are vulnerable to exploits, correlatability, and loss of privacy.
This is the total amount allocated to KERI-based Authentication and Authorization Browser Extension by BLOCKTRUST. 3 out of 4 milestones are completed.
1/4
Identify all key risks and mitigate the most impactful ones
Cost: ₳ 30,000
Delivery: Month 1 - Apr 2024
2/4
Initial source code, builds, and demonstrable functionality
Cost: ₳ 25,000
Delivery: Month 4 - Jul 2024
3/4
End-to-end use cases and concept demonstration
Cost: ₳ 25,000
Delivery: Month 6 - Sep 2024
4/4
Publish publicly available release (may be labeled Alpha or Beta) via GitHub or Chrome Web Store
Cost: ₳ 20,000
Delivery: Month 7 - Oct 2024
NB: Monthly reporting was deprecated from January 2024 and replaced fully by the Milestones Program framework. Learn more here
A browser extension will leverage the KERI stack to allow users to create and manage DIDs, private keys, then authenticate (sign in) and authroize (via credentials) with compatible web sites.
The KERI protocol stack and some implementation libraries are under development under the Trust Over IP (ToIP) Foundation. These libraries implement critical functions such as key rotation, key log creation, and credential verification. We believe these are currently ready enough to build an initial concept implementation of the Authentication and Authorization Extension.
Apache 2.0 license and GitHub
n/a
Problems:
Since the Internet Protocol doesn't provide an authentic identity layer, various authentication mechanisms have been built, including password-based, authenticators (using shared secrets), federated identity via 3rd parties (OAuth), and passkeys (FIDO, U2F, and WebAuthN). However, none of these place the user in exclusive control of their own private keys for cryptographic signing, with a persistent identifier, recovery from a lost key, key pre-rotation, and multi/threshold signatures. Further, for authentication, the certificates required today often security flaws based on DNS or Certificate Authority system and process design.
Solution:
The BLOCKTRUST Authentication and Authorization Browser Extension will be a Chromium browser extension that leverages libraries and an agent from KERI projects (Signify-ts and KERIA). The extension itself will be built in C# Blazor WASM.
Identity and Credential Technology:
The KERI (Key Event Receipt Infrastructure) stack, which includes standards for credentials (ACDC) and encoding (CSER), is a set of emerging standards that address the above problems and is being incubated in the Trust Over IP Foundation, with the intention to standardize these via the IETF. We believe KERI will emerge as a very strong contender to existing identification, authentication, and authorization/credential solutions.
KERI has the promise of delivering identifiers (DIDs) and credentials that can be used in many settings, including traditional corporate settings and multiple blockchains, including Cardano.
Already, several of the KERI stack protocols have been implemented and available open-source.
The Global Legal Entity Identity Foundation (GLEIF) and their partners can provide a cryptographically and legally strong "root of trust".
Features:
The BLOCKTRUST Authentication and Authorization Browser Extension will include the following features:
Stretch Goals:
Engagement:
We'll engage with use cases, including existing Cardano projects who want to be regulatory compliant leveraging on-chain DIDs and Credentials, especially for legal entities and their authorized representatives. We'll engage in projects that want self-certifying identifiers leveraging a root-of-trust provided by GLEIF's Verifiable Legal Entity Identifier (vLEI) processes and technology. We'll engage with projects who want to establish their own root-of-trust, potentially related to roles in Cardano Governance.
Demonstrable Impact:
In addition to sharing engagement with other projects, we'll provide regular recorded demonstrations, and continue to build our Discord community. Ideally, we'll release an installable product via the Chrome Web Store.
By bringing in KERI-based solutions into the Cardano ecosystem, this helps bridge trust gaps between global legal entity organizational identifiers, identifiers that can be used on other corporate systems and blockchains including Cardano and Midnight. The logs generated from key events and nested credentials (ACDC) can be written to the Cardano blockchain (as proposed in F11 project by Roots ID, for example) and then consumed and validated by Plutus contracts! Together, these open up cross-chain innovations that will spur greater adoption of Cardano, and even migration to Cardano from other registries and ledgers.
These solutions will help establish trust between parties transacting on Cardano and beyond.
These features can enable new use cases mentioned in the challenge, including:
Additionally, in the future once authentic identities and credentials can be evaluated and used by Plutus contracts, a more decentralized governance system can be imagined and built for Cardano.
We have the capability, history, determination, and bandwidth to deliver.
Blocktrust delivered its Catalyst Fund 9 Identity Wallet, a project that successfully completed in November 2023, and the product of which is now available on the Chrome Web Store. Some of the extension technology is the same. This experience provides voters reassurance of our trustworthiness and accountability.
Given this experience and the demonstrable progress around the open-source KERI stack's specifications and implementations, we already have high confidence in our capability to deliver.
Goals:
Outputs:
Acceptance Criteria:
Goals:
Outputs:
Acceptance Criteria:
Goals:
Outputs:
Acceptance Criteria:
Goals:
Outputs:
Acceptance Criteria:
Goals:
Outputs:
Acceptance Criteria:
Ed Eykholt
20+ years of software product and engineering team leadership. C# developer. Focused on blockchain and identity projects and products since 2015. Atala ASTRO. Working on PRISM related projects with blocktrust over a year. Trust over IP Member. On different working groups related to digital identity.
LinkedIn: https://www.linkedin.com/in/edeykholt/
GitHub: https://github.com/edeykholt
Role: Project Lead, Lead Developer, UX-Design and Documentation
Björn Sandmann
10+ years of full-stack development with the .net Stack. Focused on identity and privacy solutions. PRISM Pioneer, Atala ASTRO, Plutus Pioneer, already funded & successfully finished proposals. Implemented all technical core functionality of products like the blocktrust analytics platform, the blocktrust mediator and the blocktrust identity wallet. Founder of blocktrust. On the Governance Committee of the Hyperledger Lab for the Open Enterprise Agent (PRISM agent), Trust over IP Member, DIF member
LinkedIn: https://www.linkedin.com/in/codedata/
GitHub: https://github.com/bsandmann
Role: Developer, UI Services
New Team Member
Blocktrust might hire or contract with an experienced full-stack C# developer to augment Ed and Björn's contributions. The project can still be successful without this additional person.
Summary: Cost 100,000 Ada
Milestone 1:
M2:
M3:
M4:
Final Milestone:
This project brings direct value in accelerating the implementation of many use cases involving trust for many participants in the Cardano ecosystem, especially for establishing strong identity for holders and verifiers of KERI ACDC credentials in the future. Without good identity, authentication and authorization with websites (including those used by dApps), they are prone to impersonation attacks and privacy leakage. Without this type of solution, the potential greater adoption of many dApps and enterprise solutions will be slowed, especialy for established corporations wanting to enter a trustworthy blockchain ecosystem. The benefits of establishing trustworthy and authentic identity and credentials that can be inputs to Plutus contracts far exceeds this project's cost.