BLOCKTRUST production-ready DIDComm Mediator

[GENERAL] Name and surname of main applicant

Björn Sandmann

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Not Incorporated)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

5

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

We aim to elevate a our existing Mediator implementation to production-level quality, complete with a user interface, tenant-based management, and support of live-delivery with WebSockets.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

No dependencies.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

We intend to put the project under the Apache 2.0 license.

[SOLUTION] Please describe your proposed solution.

For many, this is a new concept. So, before delving into the specifics, let's briefly discuss what a DIDComm is. DIDComm v2 is a messaging protocol that facilitates the secure transfer of messages from one wallet (or agent) to another. The specification for DIDComm v2 is about a year old and is rapidly becoming the standard for message encoding in the world of digital identity. Atala PRISM v2 implemented DIDComm in the spring of this year, using the protocol to send Verifiable Credentials from one wallet to another. Interestingly, DIDComm is just a base protocol, and the exchange of credentials is just one of its many potential use cases. Others could include text messaging or even file transfer. We have already implemented several of these protocols, and we will delve into more detail about them later. But first, let's answer the question: what exactly is a mediator?

To simplify it a bit, we can compare a DIDComm Mediator to an email server. To send an email from one client to another, you need at least one email server. For most people, this is a 'free' service (we all know what this implies). It means that someone is hosting an email server for you, and you connect to that service regularly to check for new messages. A DIDComm Mediator isn't much different. It is a hosted service to which you connect to receive your messages, such as your credentials. However, instead of using an email client, we connect with our identity wallet, which communicates using DIDComm instead of IMAP, POP3, and SMTP. Also, we use Decentralized Identifiers (DIDs) instead of email addresses. Therefore, if you want to send a message to someone else's wallet, you need the other party's DID. Resolving the DID into a DID-Document gives you the 'Endpoint' of the other party, to which you can send a message. This endpoint could be, for example, https://mediator.blocktrust.dev/, our current Mediator implementation. This ultimately means that everyone needs their own mediator if they use their own wallet, like our identity wallet at https://blocktrust.dev/IdentityWallet. There is a small exception to this rule: If you use a hosted cloud wallet, you might not strictly need one. However, using a hosted cloud wallet is akin to using Gmail. All your data, including your cryptographic keys, reside with a single provider. But really, who wants that?

The state of development

Given that DIDComm and DIDComm Mediators are relatively new concepts, there aren't many available implementations currently. The majority are indeed within the Cardano Ecosystem. It began with a project from RootsID, followed by our Blocktrust Mediator, and, as of a few weeks ago, the PRISM team is also developing a Mediator. So, why should a Mediator be funded when there are currently three implementations? The answer is simple: all of them are in a proof-of-concept state. Our team recently demonstrated the interoperability between our wallet, our mediator, a PRISM PoC app for chatting, and the RootsId wallet at the Internet Identity Workshop (IIW) in April this year. While these basic scenarios involving three different participants mostly worked, it's now time for the next step:

Moving into production.

A solution that functions most of the time isn't sufficient for a large user base consisting of hundreds, thousands, and hopefully even more users in the near future. The code needs refining to cover not only the happy path, ideal scenarios when everything works but also to provide useful assistance when things go wrong, such as when a message is incorrectly formatted.

Moreover, none of the current mediators feature a UI that allows users to view how many messages are stored for them or their tenants, or to determine how much space these messages occupy on disk. Currently, there is also no convenient method for backing up messages or transferring them to another mediator. While we often take these features for granted in email servers, existing DIDComm Mediators aren't there yet.

We'd also like to enable WebSocket connections to a Mediator, negating the need to constantly check for new messages.

Additionally, creating an open-access Mediator (i.e. using it without without any restrictions) isn't a viable solution for a production application. The ability to create and manage different tenants (i.e., users), allocate space and resources to them all through a UI and an API is essential. This will allow the construction of service offerings around a mediator, contributing to a maturing and competitive ecosystem.

Finally, all these developments need to be reviewed and undertaken in an open-source manner. You can view the code of our current implementation here: https://github.com/bsandmann/blocktrust.Mediator

The ultimate goal of this proposal is to create a mediator that someone could simply set up on their own server or in the cloud.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

A production-ready Mediator that is easy to set up is an important step towards a mature ecosystem.

Is is an required part of infrastructure for digital identity.

It aligns with other advancements in the ecosystem, such as the release of PRISM v2, the initial releases of Wallets (like RootsId Wallet, or the blocktrust identity wallet), and many other small building blocks.

A production-ready Mediator with support for setting up tenants could also potentially serve as a new service offering, thus creating a revenue stream for people or organizations (for example, StakePool Operators) that already host infrastructure for the ecosystem.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Blocktrust has been an active participant in the Cardano ecosystem since early 2022, developing SSI solutions using Atala PRISM from the start. Over the last year and a half, we have been building projects and libraries based on PRISM. Many of these are open-source and all of them provide value. Some notable ones include:

 

• Identity Wallet for the Browser (https://blocktrust.dev/identitywallet)
• Analytics Platform (https://analytics.blocktrust.dev)
• Credential Builder (https://credentialbuilder.blocktrust.dev)
• DIDComm Mediator (https://mediator.blocktrust.dev)
• Plus a collection of open-source libraries for use with PRISM, which can be found here (https://github.com/bsandmann)

 

The Identity Wallet and the Credential Builder have been funded with Project Catalyst and have been already successfully completed. We also have a nearly perfect record of submitting the monthly reports over 1,5 years.

Looking at our reports or our blog, you'll see we're constantly sharing videos, posts, new projects, and code. 

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

Implement missing pieces of the protocols (1 month)

• Explanation about what protocols have to be added / modified / hardened
• Implementation of the missing protocol features
• Creation of a interoperability test-suite for the supported protocols

Acceptance Criteria: Progress report, providing the repository

Cost: 30,000 ada

Implement Websocket connection to instant delivery (1 month)

• Adding WebSocket (SignalR) support for the live-delivery feature of the Pickup protocol (https://didcomm.org/pickup/3.0/)
• PoC integration of the Websocket connection also in the blocktrust identity wallet to showcase and test the feature

Acceptance Criteria: Progress report, Interaction with the DIF user-group

Cost: 30,000 ada

Adding an User-Interface (1 month)

• Build a WebApp for the Mediator, so that a user can sign-in into his mediator (using the registered PeerDID and the PRISM onboard and authenticate feature).
• Interface to see the messages (still encrypted at this point), manage the connected PeerDIDs, see the used ressources and statistics for the messages

Acceptance Criteria: Progress report, Video showing the UI for users

Cost: 30,000 ada

Ressource allocation (1 month)

• Build a separate WebApp for Admins (as well as a API endpoints) to manage tenants (create, read, update, delete) for the integration with other management software (e.g. for handling payment and pricing tiers).
• Provide statistics for each tenant and the possibility to change the ressouce allocation for each tenant.

Acceptance Criteria: Progress report, Video showing the UI for admins

Cost: 30,000 ada

Finalization, Hosting and Documentation (1 month)

• Provide a full documentation, so that everybody can setup up ones own Mediator instead of using hosted services
• Provide Docker images to be easily used for deployment in Azure / AWS or custom infrastructure

Acceptance Criteria: Progress report, Video showing the complete project and providing documentation 

Cost: 35,000 ada

[RESOURCES] Who is in the project team and what are their roles?

Björn Sandmann

10+ years of full-stack development with the .net Stack. Focused on identity and privacy solutions. PRISM Pioneer, Atala ASTRO, Plutus Pioneer, already funded & successfully finished proposals. Implemented all technical core functionality of products like the blocktrust analytics platform, the blocktrust mediator and the blocktrust identity wallet. Founder of blocktrust. On the Governace Commitee of the Hyperledger Lab for the Open Enterprise Agent (PRISM agent), Trust over IP Member, DIF member

LinkedIn: https://www.linkedin.com/in/codedata/

GitHub: https://github.com/bsandmann

Role: Lead developer

Ed Eykholt

20+ years of software product and engineering team leadership. C# developer. Focused on blockchain and identity projects and products since 2015. Atala ASTRO. Working on PRISM related projects with blocktrust over a year. Trust over IP Member. On different working groups related to digital identity.

LinkedIn: https://www.linkedin.com/in/edeykholt/

Github: https://github.com/edeykholt

Role: Development, UX-Design and Documentation

New Team Member

Blocktrust might hire or contract with an experienced full-stack C# developer to augment Ed and Björn's contributions. The project can still be successful without this additional person.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

Developer cost breakdown: 40 hr/week with 70 USD = 11,200 USD per month = 56,000 USD

Hosting costs for Milestone 1 to 5 while developing: with 100 USD per month = 500 USD

Operation for the rest of the year in production mode: 7 x 300 USD = 2,100 USD

Total: 58,600 USD = 155,000 ADA (~0.38 USD/ADA exchange rate)

Project team: (architecture, design, software development, testing, DevOps, community, project management, documentation):

• Björn Sandmann (Lead developer)
• Ed Eykholt (Development support)
• Optional new Team Member (Development support)

The total workload is estimated at about 40 hr/week. Divided over two/three developers this leave plenty of room, to also push forward other blocktrust projects, community work, marketing and the ongoing technial support and maintainace of our digitial identity infrastructure.

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

This project represents an investment that promises significant value to the Cardano ecosystem by eliminating the barriers currently hindering the widespread adoption of Self-Sovereign Identity (SSI).

It will help diversify the array of different mediators available and assist projects in hosting their messages independently, rather than relying solely on hosted services, or at the very least, enable them to evaluate different vendors.

Our deep understanding of and experience with the PRISM ecosystem, built over 1.5 years, ensure that we have a solid grasp of what is needed, and that we are capable of execution. Since we have already constructed a functioning, albeit basic, implementation of a mediator, we understand precisely what we are doing and can accurately estimate the required work.

We computed the effort in hours, and multiplied this by a below-market rate of US$70 per hour (applicable in both Germany and the USA) for our team's expertise. We then divided this by a recent Ada price of US$0.28/Ada. By doing this, the team is assuming downside risk if the price of Ada falls from that point.

[IMPORTANT NOTE] The Applicant agrees to Fund Rules and also that data in the submission form and other data provided by the project team during the course of the project will be publicly available.

I Accept