Login with DID

[GENERAL] Name and surname of main applicant

Eric Duneau

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Individual

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

Full spec and implementation of a "Login with DID", including a Digital Identity Wallet + mobile App able to receive Verifiable Credentials and present proof for login, and a sample demo.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

Depends on AtalaPrism / Identus as base layer

[GENERAL] Will your project’s output/s be fully open source?

No

[GENERAL] Please provide here more information on the open source status of your project outputs

Open source components (MIT):

• the Digital Wallet browser extension will be fully open-source
• the library connecting to Identus will be fully open-source
• the JS oAuth extensions will be fully open-source

Not open source:

• the Mobile App will not be open source
• the backend for processing authentication via oAuth will not be open source

[METADATA] Horizons

Authentication

[SOLUTION] Please describe your proposed solution

Context

Our identities and networks are fundamental to who we are, yet in the Web 2.0 era, we lack ownership of the data that encapsulates them. Our social, personal, and professional connections are controlled by others. But in the new Web 3.0 era, can we reclaim full custody of our data and digital identities? Is it possible to securely transact in a self-sovereign digital world? And can we embrace stricter regulations while preserving our freedom from prejudice or censorship? 

 

These questions drive us to seek solutions that empower individuals, enhance security, and ensure privacy in the digital world, with Data Minimization principles at the core. Our proposed solution aims to establish a framework that allows individuals to retain control over their data and digital identities, whilst still offering a high level of security and convenience of access.

 

Through a convenient, secure, and private Digital Wallet App, end-users can access apps and dApps while maintaining ownership, stay in control of their personal information, and share only the minimum required to get authenticated and/or authorized.

 

Making use of our system’s APIs, developers will have the opportunity to Login with DID into their apps and dApps with minimal effort. This enables them to provide users with a seamless and trusted experience, where individuals can securely interact with decentralized applications while retaining control over their data and identities.

 

Let’s see in detail the a use case that we propose to cover with our solution.

 

Authentication and Authorisation use-case

Let’s review a basic use case, and where the authentication / authorization fits in.

 

1.    Sue manages her decentralized identity and Verifiable Credentials on her phone via the Digital Wallet App. She has created several “did:prism” Decentralised Identities within the app. She now wants to register with the online service AiForGood.

 

2.    AiForGood have already integrated Login with DID for authenticating users into their online services.

 

AiForGood are wary of their online reputation. They have decided to only accept pre-registered validated users. Basically, they do not want bots in their community of real users. 

 

The developers at AiForGood have pre-set their registration requirements with Login with DID: they want to receive the following four assurances for a new registration to be valid:

a.     a valid name for the user ;

b.    confirmation that the user has had an online presence for at least 2 years ;

c.     confirmation that the user is over 18 years of age ;

d.    confirmation that the user has a first-degree social network of at least 200 users. 

 

AiForGood accept a list of accredited VC issuers which they disclose on their registration page. This includes LinkedIn. The registration page could look like this:

 

3.    Sue sees on the AiForGood registration page that she could share ALL her private credentials with AiForGood via a Social Login, or that she could share only minimal credentials via the option of authenticating using her Digital Wallet.  

 

She also sees that AiForGood accept LinkedIn as proof for completing the “minimal credential” registration process. 

 

Sue uses her Digital Wallet App to automatically connect to LinkedIn with one of her multiple Digital Identities. She requests the issuance of a LinkedIn Social VC. She receives the Verified Credential, associated with her chosen Digital Identity, for free in her wallet within less than a minute. 

 

4.    Still with her Digital Wallet App, Sue scans the QR Code that is presented to her on the AiForGood’s registration page. This QR code initiates a secure connection between Sue and AiForGood. It also embeds the requirements set by the developers at AiForGood. 

 

Sue accepts the connection, and for the first time, she sees that she is required to produce the four conditions as described above. She is pleased that she does not even need to share her surname, a picture of herself, nor her email address, which a direct “Sign-in with LinkedIn” into AiForGood would have shared automatically if she had taken such option, in addition to the constant tracking by LinkedIn of her activity in AiForGood, which does not sit well with her exasperation of being tracked everywhere online. 

 

5.    With her newfound Self Sovereign Identity, Sue has the choice to share any accepted VC with AiForGood. But she also has the choice to select which data she accepts to share. 

 

Sue wants to share the strict minimum requirements. She will share her pre-selected DID, in the form of an pseudo-anonymous value such as “did:prism:12345…”. In addition to that, in the AiForGood database, she will be known as Sue, over 18, more than 2 years of online presence, and more than 200 connections on LinkedIn. Nothing more. She purposely removes the sharing of most private data embedded in the LinkedIn VC, and click the share button on her mobile app.

6. Sharing the VC from the app triggered an API call into the backend of the Digital Wallet, which then connects to Identus, and gets the credentials for submitting Sue’s pre-registration into AiForGood. 

The Digital Wallet's backend validates within a few seconds that Sue can be registered as a user in AiForGood

  

7.    The AiForGood’s backend receives the notification that a new user meets their requirements for login. It automatically triggers the issuing of two Verified Credentials that the AiForGood service issues with their own DID, for the benefit of Sue’s shared DID: 

 

a.    an Authentication VC into AiForGood’s website

b.    a “Level one” Authorization VC

 

Less than a minute after having shared a LinkedIn VC with AiForGood, Sue receives in her Digital Passport app the two VCs issued by AiForGood.

 

From this moment, neither Sue nor AiForGood need a third-party in the middle to prove authentication between them. They become direct trust parties through the issuing of AiForGood’s authentication VC for the exclusive benefit of Sue.

 

8.    Since all pre-registration requirements were met and the Authentication VC was issued in the background, AiForGood’s website automatically redirects Sue to the Login page, where a new QR code appears. Still within her Digital Passport mobile app, Sue scans this new QRCode.

 

9.    A notification message is sent to Sue’s mobile to accept the login into AiForGood and proposes that in addition to the Authentication VC, she uses her Authorization “level one” credentials. Sue accepts and she is automatically redirected to the AiForGood’s secure area, post authentication. She is also automatically granted the “level one” authorization level, which allows here to participate into the AiForGood discussion forums. 

 

10. After a few weeks of participation into AiForGood’s forums, Sue received automatically a “Level two” Authorization VC from AiForGood. This authorization level will give her moderator rights on the forum. She is thrilled of having received an automatic upgrade which reflects her contribution into AiForGood’s community of users.

 

 

The significance of the use case above is important to understand. It shows that a web3 identity, whilst improving the end-user’s data privacy, can also improve the onboarding process and the access to a web2 application.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

Recognizing the critical role of digital identity in driving blockchain mass adoption, the Login with DIDproject directly addresses this challenge and offers substantial benefits to the Cardano eco-system. Its core objective is to deliver a robust and production-ready solution for the essential use-case of authentication via proof of ownership, enabling access to both web2 Apps and web3 dApps (smart contracts).

 

The requested funding will primarily support the comprehensive development of an end-to-end solution, incorporating valuable input from prominent working groups such as the Atala PRISM Pioneers and the ToIP's Governance Framework Working Group.

 

The final product will provide multiple integration entry points, ensuring seamless adoption by any App or dApp built on Cardano. Through oAuth integration, authentication and authorization can be effortlessly achieved, typically within an hour of integration. Additionally, the availability of API integration will empower verifiers to directly verify Verified Credentials (VCs) within their applications, facilitating real-time credential notifications.

  

In summary, the implementation of a production-ready Login with DID will bring significant advantages to the Cardano eco-system. It will serve as a gateway for integrating Digital Identity seamlessly into any application (web2) and any dApp or smart contract built on the Cardano Blockchain. This integration will improve user experience, increase security, lower the risk and cost of data theft, promote interoperability, offer compliance solutions to current and future web3 financial regulations, and ultimately foster wider adoption of blockchain technology throughout the eco-system.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

I have already delivered one project relating to End-User Authentication with Wallet, and I am in the process of delivering one relating to Digital Identity on Cardano:

• Sign-in with Cardano: this was a F8 project which has been downloaded over 1,000 times (https://github.com/incubiq/sign_in_with_wallet) It allows end-users to Authenticate via their Cardano wallet (like you have "sign-in with Facebook", you can now "sign-in with wallet". Login with DID could be seen as an extension of "Sign-in with Wallet", where instead of using a sign message with wallet private key, we will use a VC with DID wallet private key.

• Identity solution for Autonomous AIs living on Cardano: this project is now nearly finished (see here: https://milestones.projectcatalyst.io/projects/1100164) ; it is making use of an open source repo (https://github.com/incubiq/ai_identity) which I am building, and acts as an identity layer built on top of a Identus Agent Node, to simplify the creation and management of Digital Identities and Verifiable Credentials. We will benefit from reusing this library in this project.

I have also delivered in the past, a entire solution with a mobile App and a secure cloud backend, to allow for end-user authentication into any application via a scan of QRCode. See more details on https://authenly.com

Building on those past experiences, I believe that I am well prepared to deliver this project, which is basically the combination of (i) Authenticating with a Wallet ; (ii) Managing Digital Identities (DIDs) and Verifiable Credentials (VCs) ; (iii) and using a mobile App to scan a QRCode for instant authentication into any connected App.

The approach is very much validated already by the foundational layers delivered with those three past projects. In short, here is the approach I will take:

• Instead of a "Login with a Crypto wallet", I will now develop an open source SDK to "Login with a DID"
• To make it user friendly, I will build a browser extension to act as a Digital Identity Wallet, which the end-user will use for authentication purposes, and transaction signing.
• the Identity Agent Node delivered in the "Autonomous AI identity solution" will be repurposed to deliver all digital identity related credentials.
• A mobile App (and cloud backend) will be built to allow the scanning of an authorisation QR code, and the presentation of a VC/Proof for login
• A sample webapp will be delivered to show the full integration of Login with DID from the receiving app point of view
• Integration of the end-to-end solution will be delivered in Prod

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

M1 - Finalise all specifications

We will use the first milestone to finalise the specifications and provide small proof of concepts where necessary (see below). In particular, those areas whose specifications and technology choices will be refined are:

• How we will use Identus ; including the question of its hosting, at least for Testnet ; also including the question of simplifying access to Identus and DID/VC creation/management.

• Digital Identity wallet Browser extension: we will review all constraints associated with the delivery of a browser extension for a "light Cardano wallet" which will mostly act as a Digital Identity wallet

• Mobile App + Cloud backend: we will review the design of a cloud backend and a mobile App for allowing fast login (likely via a scan of QR Code) using already issued credentials

Milestone outputs

• up to date GitHub repo
• prototypes validating tech choice where applicable
• detailed specifications of sub-systems where applicable
• video recording explaining tech choices

Acceptance criteria

• Proof of Concepts and Specs are delivered
• There is no major blocking point to deliver the full solution

Evidence of milestone completion

• GitHub is updated with all milestone deliveries
• Specs are delivered
• Video recording of all progress

M2 - Digital Identity Wallet Browser Extension

This Milestone is about the delivery of Digital Identity Wallet in the form of a (Chrome/Brave) Browser Extension.

It includes those high level intermediate deliveries:

• Implement a Chrome/Brave compatible extension squeleton and connect it to Cardano JS APIs
• Pass phrase issuance for first time users
• Authentication into the Digital Identity Wallet and security related code
• Managing User's profile and preferences
• Ability to show DID and valid Verifiable Credentials (VCs) issued to the user
• App settings, plug it on TestNet and MainNet
• Test scripts and docs

Milestone outputs

• up to date GitHub repo
• A working browser extension which can act as a Digital Identity Wallet
• The wallet can show DIDs and VCs
• Video recording of the working browser extension

Acceptance criteria

• A DID can be displayed, VCs can be displayed (note: issuance of DIDs and VCs is done in a later milestone)
• It works on Chrome / Brave

Evidence of milestone completion

• GitHub is updated with all milestone deliveries
• A user can create Digital Identity wallet, and request issuance of a DID.
• Video recording of all progress

M3 - Mobile App and Backend Cloud

This Milestone is about the delivery of an App which will simplify login, via a simple scan of QRCode. The App will also connect to a backend which we will deliver in this milestone.

It includes those high level intermediate deliveries:

• Implement specs from M1
• Connect the App to the Digital Identity Wallet (same pass phrase)
• Connect the App to a backend for securing authentication and authorisation
• Ability to list VCs / Proofs from the App
• Ability to scan an "authentication" QR Code from the App
• SDK, Test scripts and docs

Milestone outputs

• A working App (in iOS TestFlight only at this stage) which can be used to Login with a DID and VCs
• A working backend which does the job for authentication and authorization, including the oAuth2 redirects
• Video recording of the App

Acceptance criteria

• A user can use the App in TestFlight mode to login into a sample web2 app
• No Personal Identifiable Information were shared during the login

Evidence of milestone completion

• The App can perform a Login with DID/VC
• Video recording of all progress

M4 - Delivery of a prod-ready solution

This Milestone is about the delivering all components in production. This includes:

• capturing Credentials from at least one social media app
• the hosting of an Identus Node (either by us, or using a production node from others if available)
• the delivery of the browser extension in final release
• the delivery of the App at least on the AppStore
• a prod-ready cloud backend, fully hosted
• any final documentation for using the product
• a marketing website to present the final solution and where all information can be accessed

Milestone outputs

• A production-ready mobile App (at least on AppStore)
• A solution for Identus in a prod-ready access
• A sample webapp to showcase the full integration of Login with DID
• A marketing website from which all docs and downloads can be accessed
• Video recording of the packages solution

Acceptance criteria

• A user can download the Digital Identity Wallet browser extension and create a profile with at least one import of one social media credential
• A user can download the mobile App and connect it to the Digital Identity Wallet
• A user can Login with DID/VCs into a web2 sample app

Evidence of milestone completion

• A marketing website is available
• Identus is accessible from Prod
• The mobile App is on AppStore
• The user can perform a Login with DID/VC in a prod environment
• Video recording of all progress

Final - Close-Out report

This is the final milestone, including a close-out report, community engagement, marketing, and demo video recordings.

Milestone outputs

• up to date GitHub repo
• A working end-to-end solution, where one can login into a sample webapp via a Digital Identity wallet, and the use of Credentials.
• Video proof

Acceptance criteria

• A useable solution (within the perimeter of agreed specs)

Evidence of milestone completion

• GitHub is updated with all milestone deliveries
• Video recording of an end-to-end demo

[RESOURCES] Who is in the project team and what are their roles?

Project Lead

The project team consists of Eric Duneau, who will manage, design, develop, and test the entire project. Eric brings extensive experience in the software industry, with over 20 years of experience and prior experience as CEO/CTO of a $30 million software business. After successfully selling the business in 2019, Eric has redirected his focus towards AI and Digital Identity projects on Cardano.

 

Eric has a proven track record of delivering projects within the Cardano eco-system, including the following projects won and completed through Catalyst:

-      Fund 8, Sign-in with Cardano: https://cardano.ideascale.com/c/idea/62330

-      Fund 7, NFT Picture Profile AI Generator: https://cardano.ideascale.com/c/idea/60921 

Then another 3 Catalyst projects are ongoing, all closely associated to Digital Identity:

-      Fund 11, Identity solution for Autonomous AIs living on Cardano https://milestones.projectcatalyst.io/projects/1100164 (last milestone remaining)

-      Fund 12, Conditional Transfer of Digital Assets via Digital Identity and Verified Credentials

https://milestones.projectcatalyst.io/projects/1200085 (in progress...)

-      Fund 12, Reinventing Voting with Digital Identity, Trust and Anonymity

https://milestones.projectcatalyst.io/projects/1200194 (in progress...)

Eric will handle the majority of the project's tasks, as it has been the case for all past projects delivered to date. There are no plans for subcontracting any part of this project to a third party.

Important note 

It is important to address any concerns regarding the sole founder risk. While there may be perceived risks associated with a project delivered by a single person, Eric has demonstrated a strong track record of accountability and successful project delivery within the Cardano eco-system over the past two years. 

 

Notably, Eric has individually delivered projects that have outperformed teams with similar project proposals as “Sign-in with Cardano”, some of which have yet to deliver any value even after a year since being awarded contracts. Therefore, it is crucial to assess the consistent track record of successful deliveries of the applicant, rather than solely focusing on the sole founder aspect.

 

Furthermore, this setup eliminates the additional third-party risk and removes concerns about funding availability due to fluctuations in the ADA/USD exchange rate and/or inflation. It is highly advantageous to have the assurance of a stable financial setup for the project right from the start.

Eric's full commitment and expertise, backed by a 12-month budget, ensures the delivery of those critical software infrastructures for the Cardano community. Building upon past successes, this project will contribute to the growth and advancement of Cardano.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

The cost of the entire project is calculated at ₳193,412, but was discounted by 36.5% to deliver high value for money. The original cost was calculated as follows:

• Cost per hour: dev at $85 ph ; test and risk mgt at $55 ph ; doc and marketing at $35 ph
• Total number of days = 110, for an average of $75 per hour across the project
• ADA/USD conversion rate: 0.34 (taken on 9th Oct 2024)

The table below explains the real (original) cost per each activity:

In summary, the final budget retained for each milestone is as per below:

• Milestone 1 (Finalise all specs) : ₳25,000 (20%)
• Milestone 2 (Digital Identity Wallet) : ₳25,000 (20%)
• Milestone 3 (Mobile App and Backend Cloud) : ₳45,000 (37%)
• Milestone 4 (Prod-ready solution) : 25,000 (20%)
• Final Milestone (Close-out Report) : ₳2,500 (2%)

Note: it is acknowledged that the rules for percentage of cost to be allocated into each milestone may force a slightly different split, which we will comply with at the moment of milestone submission. However, the current split of cost has been adopted for now as it is the one that matches the most the real work effort.

Total = ₳122,500 ($41,650 ; 110 days ; $47.33 per hour)

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The value for money can be evaluated by considering the cost in relation to the high impact and high value of the deliverables, as well as the low execution risk. Furthermore, the project's "part open-source" nature provides an additional benefit that will undoubtedly be leveraged upon its delivery.

High-impact / high-value deliveries

This project encompasses three significant and high-value deliveries that are currently missing in the Cardano / PRISM eco-system, representing a substantial value for the Cardano eco-system:

1/ Digital Identity Wallet

The project aims to create a Digital Identity Wallet, as a browser extension, that can be utilized by both web2 and web3 applications for end-user authentication and authorization. This will enhance user experience and security across a wide range of applications, improving the adoption of Cardano-based solutions.

2/ Mobile App

The development of a Digital Identity App will enable an "scan and connect" user experience, where the data passed to the receiving application is controlled by the end-user. This will ultimately contribute to the growth and maturity of the Cardano eco-system.

3/ Defining Digital Identity Standards

This project could also play a pivotal role in defining the standards for integrating Digital Identity into all Cardano wallets. Currently, no standard has yet been issued, and the adoption of DID and VCs in wallets has not even started. Helping towards the creation of clear and consistent standards for identity management will promote interoperability, enhance security, and facilitate the seamless integration of identity solutions across the eco-system.

Excellent value for money

Eric is the main designer, developer, and architect of the solution. He comes with 30 years of software development expertise, having delivered large mission critical software for over 20% of the Fortune 500 companies as well as governmental organizations of over 1m users. Eric is based in the UK, where he generally commands a rate many times the $47 per hour agreed for this project.

In terms of cost, the project budget represents less than 2.5% of the total allocated budget for the funds available in its category Launch. This allocation has been carefully determined to provide excellent value for money while considering the magnitude of the benefits that the successful delivery of this project will offer to the entire Cardano community. 

Low risk

The project carries minimal risk in terms of financing, as it does not rely on paying a third-party nor involve currency exchange risks. Additionally, it is not exposed to high technological risk as it leverages technologies either delivered in previous projects or made available by the Cardano eco-system. In terms of timing, the project is planned to be delivered within 110 days, but is scheduled on a full 12 months, therefore giving at least double the time to deliver, making it very low risk. Finally, in terms of execution, the funding ensures the full commitment and dedication from the critical resource responsible for delivering the entire project.

Gaining foundational open-source components

Moreover, all the source code associated with the Identity Wallet browser extension, as well as the library connecting to Identus, and the connector oAuth libraries, will be open-sourced. This decision ensures that the Cardano eco-system can leverage and build upon these valuable assets, encouraging collaboration, innovation, and community-driven development.

 

Delivering the most pressing solution built on Prism/Identus

I have taken part of the Atala Prism cohort for around 2 years now, and in May 2023, I was selected to present to Charles Hoskinson a "Top 3" project for Atala Prism: Login with DID (see video in the links section). It was my belief that this project was so fundamental, that the IOG team would build it as the most needed project on top of Atala Prism. However, not only this did not happen, but the move from Prism to Identus has seen the risk that the whole Identus project will not be maintained. In my view, the "Login with DID" project is the chance to provide a real utility project on Identus, and keep it moving. Therefore, this is not just about "Login with DID", but most importantly about the way to keep Identus nodes running in Prod and accessible to all (which is still not the case to date).

By making a strategic investment in this project, the Cardano eco-system stands to gain foundational components that will drive adoption, expand use cases, and establish Cardano as a leading blockchain platform for identity solutions.