Blockchain Authentication Mechanism

Implement a decentralised authentication mechanism that will persist on chain, secrets and permissions based on metadata and native assets.

Principal Software Engineer w/ 16+years of commercial experience, Stake Pool Operator, DevOps Advocate, Kubernetes fan

Desired Outcome
An ideal outcome could be described by providing a couple of practical examples:

1. Giovanni, a SPO, beside running a pool, also runs the full suite of systems (eg. graphql, db-sync, etc) required to interact with the cardano blockchain. Paula, a young developer, wants to experiment on Cardano, but doesn't want to run all-the-things Cardano, but "just" interact w/ the graphql layer. Giovanni wants to grant Paula (and Paula only) the rights to use his apis. Giovanni's apis implement a blockchain (cardano) friendly auth mechanism where he issues a token (NFT) used to authenticate and describe the level of authorization to Paula.
2. A large holidays booking company has launched on cardano. They also launched their iOS and Android native apps to browse and book holiday packages. In order to allow the Native Apps to work properly, they should be granted a limited set of permissions to interact with the apis, these apps need to be authenticated and authorised, ideally in a blockchain friendly way.
3. Incentivise the technical community to spin their own set of Cardano APIs to support the developer ecosystem and at the same time to monetize the traffic on such APIs. dandelion.link[0] is an open source project designed to easily manage Cardano APIs. Integrating the auth mechanism will provide the technical community with the tools to monetise, and hence incentivise, the setup of their own set of APIs. This will hopefully lead to a Cardano API marketplace that will facilitate the development and operation of more and more dApps as well as ensuring a resilient infrastructure by eliminating single point of failures (an example of a SPOF is given by Infura on Ethereum : "If we don't stop relying on Infura, the vision of ethereum failed" - link: https://www.coindesk.com/the-race-is-on-to-replace-ethereums-most-centralized-layer).
   Proposed Solution
   The solution focuses on three main aspects:
4. Identifying client/customer and the service provider in the system
5. Authenticate the client
6. Grant the client account, or sub account, with the correct permissions.
   Our solution leverages wallet addresses as a key concept to identify an actor. Such actors can initiate a signup/subscription mechanism, issuing an on-chain transaction to a service provider's wallet. At this point, we have identified two actors: the user/client/customer and the service provider.
   Unfortunately at this point, while we have a representation of the client's user id (the wallet utxo) we don't have a secret that can accompany it and be used to authenticate calls to our services.
   For this reason we could leverage metadata to exchange a hashed temporary (few minutes) secret, that can be then used, at network/api level, to establish an initial secure channel between parties.
   At this point the signup/subscription mechanism can be completed and the result will be an NFT with metadata required to authenticate a user.
   Roadmap
7. Implement version 1 of the auth mechanism (signup and login) - Within 3 months
8. Integrate version 1 o the auth mechanism into Dandelion.Link - Within 3 months
9. Provide educational content in form of both documents and tutorial on how to stand up and customise dandelion.link - Most of the work will be done within 6 months
10. Submit proposal for version 2 of the auth mechanism (sub accounts and Access Control List) to future round of Catalyst
    https://www.youtube.com/watch?v=DaDzjT_8QF4
    References:
    [0]: https://cardano.ideascale.com/a/dtd/Dandelion-Cardano-API-market/352562-48088
    Success Metrics

• Implement v1 of the actual auth feature within the first 3 months and integrate it in dandelion.link
• Document and evangelise the approach and try to help/integrate in at least another project within 6 months
• Use community expertise and feedback to iterate over the solution and aim to define a standard on how to implement blockchain friendly auth mechanism.
  Cost Breakdown
• 3000$ dev costs to implement the solution
• 1000$ dev costs to integrate solution into dandelion.link
• 1000$ build comprehensive documentation
• 1000$ produce videos/tutorial on how to adopt auth framework