Cardano Identity-Based Access Control NPM Package

[GENERAL] Name and surname of main applicant

John Ndigirigi

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Individual

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

Develop an NPM package that implements an Identity-Based Access Control (IBAC) system using Cardano's verifiable credentials for decentralized, fine-grained access management across apps and services.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

Yes

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

The project has the following dependencies:

1. Cardano blockchain: Essential for the underlying infrastructure of PRISM DIDs and credential issuance.
2. PRISM DID method: The core specification our IBAC system will use for identity management.
3. Identus Cloud Agent: Required for interacting with the PRISM DID infrastructure and credential verification.
4. W3C Verifiable Credentials standard: The basis for our credential format and verification processes.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

The IBAC NPM package will be fully open-source under the Apache License 2.0, including core implementation, integration libraries, sample applications, documentation, and test suites.

[METADATA] Horizons

Identity & Verification

[SOLUTION] Please describe your proposed solution

The proposed solution is a streamlined Identity-Based Access Control (IBAC) system that leverages PRISM credentials for decentralized access management. Key features include:

• Credential-based Authentication:
• Support for PRISM credential types
• Integration with existing authentication systems
• Fine-grained Authorization:
• Attribute-based access control using credential claims
• Role-based access control mapped to credential types
• Policy Definition and Management:
• Flexible policy language for defining access rules
• Version control for policy changes
• Credential Verification:
• Real-time verification of PRISM credentials
• Support for credential revocation and expiration checks
• Integration Libraries:
• SDKs for JavaScript and TypeScript
• Developer Tools:
• Comprehensive documentation and tutorials

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

The IBAC system will positively impact the Cardano community by:

1. Ecosystem Growth:
2. Attracting developers and enterprises to Cardano with a robust access control solution
3. Encouraging development of more sophisticated applications
4. Showcasing Cardano's Capabilities:
5. Demonstrating practical applications of PRISM credentials
6. Positioning Cardano as a leader in decentralized identity solutions
7. Enhancing Security and Privacy:
8. Improving overall security of Cardano-based applications
9. Promoting privacy-preserving access control
10. Fostering Interoperability:
11. Creating a standard for access control across Cardano projects
12. Facilitating integration between different Cardano-based applications
13. Driving PRISM Credential Adoption:
14. Providing a compelling use case for PRISM credentials
15. Stimulating development of more credential types and issuers
16. Empowering Developers:
17. Simplifying implementation of complex access control scenarios
18. Reducing development time and costs

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our core team consists of experienced professionals with expertise in blockchain technology, decentralized identity systems, and access control solutions:

John Ndigirigi - Lead Developer LinkedIn: https://www.linkedin.com/in/ndigirigijohn/ Role: John will lead the development of the IBAC system, leveraging his experience in Cardano development, Atala PRISM, and identity solutions.

John's relevant experience includes:

• Developing Cardano-based solutions for educational credential management under DirectEd Development
• https://www.directed.dev/ 
• https://x.com/DirectEdDev/status/1716198624671973415 
• Implementing Open Badges standards in blockchain environments
• https://github.com/bsandmann/blocktrust.CredentialBadges 
• Contributing to open-source projects in the Cardano ecosystem
• https://github.com/hyperledger/identus-cloud-agent/issues 
• Working with the Blocktrust team to deliver identity tooling for developers.
• https://blocktrust.dev/
• https://github.com/bsandmann/blocktrust.CredentialWorkflow 

Advisor (unpaid role): Björn Sandmann has declared himself willing to support this project with some architectural and software development advice. He is a senior .NET developer with multiple years of experience in the SSI space. Particularly, he is known in the Cardano / Identus community for infrastructure projects, like the OpenPrismNode or the Blocktrust Analytics platform.

Additional roles to be outsourced:

• Technical Writer: To develop comprehensive documentation and tutorials.

To validate our approach and ensure feasibility, we will:

1. Develop a Proof of Concept (PoC) demonstrating core IBAC functionalities within the first two months.
2. Conduct regular internal security assessments throughout the development process.
3. Perform scalability testing to ensure system performance under various loads.
4. Engage with potential users for usability studies and feedback.
5. Ensure ongoing compliance with relevant standards and regulations.

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

 Project Initialization and Architecture Design

 Outputs:

• System architecture document
• Initial GitHub repository setup with project structure

 Acceptance Criteria:

• Well-detailed system architecture diagrams covering all major components
• System architecture, early testing and contribution guidelines documented on github.

Evidence of milestone completion:

Well detailed outputs on a github repository

 Core IBAC Engine Development

 Outputs:

• Implementation of core IBAC engine with basic policy support
• Integration with Identus Cloud Agent for credential verification
• Initial attribute-based and role-based access control implementation 

Acceptance Criteria:

• Successful execution of predefined access control test scenarios
• 80% code coverage for implemented features

Evidence of milestone completion:

Well detailed outputs on a github repository

 Policy Management and Integration Libraries

 Outputs:

• Flexible policy definition language and management system
• SDKs for JavaScript and Python
• Basic CLI for system management 

Acceptance Criteria:

• Successful creation and enforcement of complex access policies in a test environment
• Functional SDKs with example integrations passing all unit tests

Evidence of milestone completion:

Well detailed outputs on a github repository

 Security Audit, Documentation, and Launch Preparation

 Outputs:

• Internal security audit report and fixes
• Comprehensive user and developer documentation
• Sample application demonstrating various use cases

 Acceptance Criteria:

• Resolution of all critical and high-priority security issues identified in the internal audit
• Comprehensive documentation covering all system components and APIs
• Successful deployment sample application using the IBAC system

Evidence of milestone completion:

Well detailed outputs on a github repository

[RESOURCES] Who is in the project team and what are their roles?

Our team consists of experienced professionals with a strong background in blockchain technology, identity solutions, and access control systems. We have already engaged with all core team members and confirmed their willingness and capacity to support this project.

John Ndigirigi - Lead Developer and Project Manager LinkedIn: https://www.linkedin.com/in/ndigirigijohn/ Role: John will lead the development of the IBAC system and oversee project management. He brings extensive experience in Cardano development, Atala PRISM, and identity solutions. John will be responsible for system architecture, core development, and ensuring project milestones are met.

John's relevant experience includes:

• Developing Cardano-based solutions for educational credential management under DirectEd Development
• https://www.directed.dev/ 
• https://x.com/DirectEdDev/status/1716198624671973415 
• Implementing Open Badges standards in blockchain environments
• https://github.com/bsandmann/blocktrust.CredentialBadges 
• Contributing to open-source projects in the Cardano ecosystem
• https://github.com/hyperledger/identus-cloud-agent/issues 
• Working with the Blocktrust team to deliver identity tooling for developers.
• https://blocktrust.dev/
• https://github.com/bsandmann/blocktrust.CredentialWorkflow 

Advisor (unpaid role): Björn Sandmann has declared himself willing to support this project with some architectural and software development advice. He is a senior .NET developer with multiple years of experience in the SSI space. Particularly, he is known in the Cardano / Identus community for infrastructure projects, like the OpenPrismNode or the Blocktrust Analytics platform.

Additional roles to be outsourced:

• Technical Writer: We will seek a technical writer with experience in blockchain and identity systems to develop comprehensive documentation and tutorials.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

Total Budget: ₳95,000

1. Personnel Costs- Development, full time (70% of total budget): ₳66,500
2. Development Infrastructure (10% of total budget): ₳9,500
3. Security Audit (8% of total budget): ₳7,600
4. Internal security audit and fixes: ₳7,600
5. Documentation and Training Materials (5% of total budget): ₳4,750
6. Technical documentation tools: ₳750
7. Content creation and editing: ₳4,000
8. Community Engagement (4% of total budget): ₳3,800
9. Participation in virtual events: ₳2,000
10. Community management tools: ₳1,800
11. Contingency Fund (3% of total budget): ₳2,850

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The PRISM-powered IBAC system represents excellent value for money for the Cardano ecosystem:

1. Ecosystem Enhancement: The ₳95,000 investment will result in a sophisticated access control system that significantly enhances Cardano's capabilities, attracting developers and enterprises to the platform.
2. Innovative Use of PRISM Credentials: This project showcases a practical application of PRISM credentials, driving adoption and demonstrating the value of Cardano's identity solutions.
3. Long-term Impact: The IBAC system will serve as a foundational component for numerous future projects, providing value far beyond the initial investment.
4. Cost-Effective Development: Our budget prioritizes efficient use of funds, with 70% allocated to experienced personnel and leveraging open-source tools to minimize costs.
5. Security Focus: We've allocated resources for a thorough internal security audit, crucial for a system handling access control.
6. Developer Empowerment: The inclusion of SDKs and integration tools will save significant development time for projects building on Cardano.
7. Potential for Commercial Adoption: By providing enterprise-grade access control capabilities, this project opens doors for commercial adoption of Cardano technology.
8. Community Building: The open-source nature of the project will foster a community of developers and security experts around identity and access control on Cardano.