Walletless SSI with Passkeys

[GENERAL] Name and surname of main applicant

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

[GENERAL] Requested funds in ada

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

This approach utilizes the new passkey standard to equip users with easy to handle cryptographic credentials, while decreasing the risk of phishing attacks.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

1. Keycloak
2. Prism

[GENERAL] Will your project’s output/s be fully open source?

[GENERAL] Please provide here more information on the open source status of your project outputs

The project will be licensed under a GNU General Public License v3.0 to allow unrestricted use by the public.

[SOLUTION] Please describe your proposed solution

Wallets store cryptographic key pairs and offer further management functionality such as signing to proof ownership. This is similar to the Web Authentication and Passkey standards that store cryptographic credentials on a users device, offering a similar level of security as Blockchain wallets such as Daedalus or Yoroi or Lace.

However, these standards do not require a recovery phrase, which could be phished from inexperienced users. Instead they employ biometric input to assure user intent and optional ecosystem specific cloud synchronization or cross ecosystem bluetooth sharing to move keys between devices.

This approach targets users who have little to no experience with wallet based crypto solutions, to make the complex world of SSI products widely available. The core idea is based on the federated identity model, which is widely known from products such as sign in with Google, Apple or Github, etc. Unlike these centralized solution, this approach utilizes DIDs and VCs instead of database entries to offer user storage.

The key contribution of this project is an extension to an open source identity provider called "keycloak", that allows storing and verifying user identifiers on the Cardano blockchain.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

This project opens up a more user friendly way to integrate the Cardano blockchain into existing authentication processes by offering an interface to the keycloak identity provider.

https://www.keycloak.org/

The impact comes in the form of a streamlined approach to SSI that lowers the barrier for entry by offering a simple alternative to wallets.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Capability

In fund 3, I delivered a small project around script address based accounting.

https://github.com/QSchlegel/Decentralized-Accounting

Since 2023, I am building an open source visualization focused blockchain explorer.

https://www.script-explorer.com/

Furthermore the walletless approach stems from my bachelor thesis and is designed for multiparty information exchange.

Feasibility

This approach requires an extension written in Java, a connector written in Javascript, and an understanding of DID methods. Though my past projects as well as studying computer science and economics at Technische Universität Berlin, I have gained sufficient experience to build this product.

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

Keycloak extension

An extension for the Keycloak identity provider that adds a user storage SPI (service provider interface), which offers user federation for DIDs and VCs from the Cardano Blockchain.

Users can register a public key through Keycloak then the extension passes the data to the Prism Connector API for further processing.

When a user logs in, his public key will be passed to Prism Connector API to be looked up on the blockchain.

The extension has to be usable after reading the documentation.

The extension will be available via GitHub.

Prism Connector API

A lightweight server that translates the CRUD operations from the Keycloak identity provider to the Prism DID method. It also serves as an administration platform for metadata sources.

The server has to be usable after reading the documentation.

The server will be available via GitHub.

Public Documentation

A webpage detailing project information and developer documentation.

The webpage has to provide all information necessary to run and integrate the project.

The webpage will be publicly available.

On going support

A discord server to build a community and offer support.

The discord server has to be moderated and support requests have to get answered for a period of one year after project completion.

Project Close-out Report

A video detailing the results of the project.

[RESOURCES] Who is in the project team and what are their roles?

Quirin Schlegel

linkedin.com/in/quirin-schlegel-7553ba197

https://github.com/QSchlegel

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

I work part time on this project, so I spent 20 hours amounting to 80 hours per month.

My wage is 25 € per hour, which is an average wage for a German developer.

As a result the total cost for 5 months amounts to 11.000 € at the current ADA rate of 0.4 € this equates to 27.500 ₳.

Extension 2 Months

Connector 2 Months

Documentation 2 Months

Report 0.5 Month

Support 12 Months

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The development cost for this project is modest and it offers a new use case for the Cardano blockchain.

Thus I would argue, that the project offers good value for money.

Additionally I will dedicate one year of support for anybody who is interested in integrating this solution.