Please describe your proposed solution.

The problem

The blocktrust team has been working on PRISM-related projects, including wallets, mediators, and analytics tools, for over a year and a half (see <https://blocktrust.dev>). Although PRISM has significantly evolved, its adoption isn't as widespread as we all had hoped. Our experience suggests that one major obstacle is the complexity, concepts, and language surrounding SSI, which is quite different from the general crypto space. Grasping the capabilities of an SDK and writing software to integrate it into one's projects, such as issuing a schema-compliant credential, onboarding user DIDs, or offering a way for a user to provide a credential to a website, is not trivial. Costly proprietary solutions that aim to lock you in without the ability to retrieve your credentials aren't viable options for the community either.

Identifying the gap

When looking at the challenges many projects face with integrating digital identity into their endeavors, it's apparent that these problems are often similar and can be grouped into two main categories:

• <u>Projects that want to issue credentials</u>, for instance, a project where a user should receive a credential for completing a course or where a user should receive a credential for being part of a selected group such as a DAO, or for paying a subscription fee.
• <u>Projects that aim to verify a user's identity</u>, either through a KYC-credential or a simple membership or social credential.

The Atala PRISM SDK (or the agent) provides methods for both these groups (which obviously often overlap), but it lacks the intermediate steps. It misses the ability to model all this in a workflow: if this, then that. Here are a few examples:

• If you fill out a form on a specific page, a previously defined credential is automatically sent to your provided wallet address.
• If you scan this QR code, you are registered and redirected to another page.
• If you send your KYC-credential to this address, it is automatically verified, and an API request is executed to a protected endpoint.
• If you use the sign-in button on my website, a JSON Web Token is automatically issued to you.

Of course, these features can be built out by each project, integrated with the PRISM SDK/agent in their respective codebase. However, it isn't straightforward, and in many cases, these are <u>common problems</u> which don't have be solved over and over again. Each project should focus on their core value proposition and not deal with the code details of SSI which they want to use DIDs and VC for these common use-cases. Think of this proposal as Zapier of IFTTT for SSI.

Bridging the gap

We propose building an open-source toolkit with an easy-to-use UI for enabling these workflows. One should be able to set up these default workflows and modify them to fit the requirements for issuing and validating credentials. We believe this can be achieved without the user writing any code related to SSI. The solution will be completely open-source, based on open standards (refer to the standards section below), and will include a version of the service hosted by us. This way, anyone can utilize it for their project integration. The primary goal of this proposal is to get the SSI adoption finally started.

Technical details

The solution will be written in C#, compatible with .NET, and can be easily hosted on Windows, Linux, or macOS. It will be shipped as a Docker image, containing both the application and a PostgreSQL database. This allows everyone to run it in their preferred hosting environment, either locally or in the cloud.

The solution will be tenant-based and can be easily set up for a single tenant or multiple ones. Each tenant can establish multiple workflows (based on the "If this, then that" principle) which can be integrated into various projects. The following features are being planned:

<u>Triggers</u> are operations that the application can listen to. Once configured, they can be activated to receive inputs. The inputs could include:

• an endpoint to receive a previously defined POST-request, which may submit one or more of the following fields:
• W3C JWT Credential data
• Peer DID Address
• PRISM DID Address
• Key/Value Pair of Claims
• API-Key
• an auto-generated page containing a form with the same fields mentioned above, along with an arbitrary HTML formatted message.
• an endpoint to receive a previously defined GET request (a redirect) with multiple predetermined query-parameters.
• a DIDComm endpoint for receiving:
• Basic messages, Trust Pings and Problem report messages
• PRISM connect protocol request
• Propose Credential, Offer Credential or Request Credential messages (WACI)
• Propose Presentation or Receive Presentation messages (WACI)

<u>Actions</u> are optional operations that can extract, validate, or transform all or parts of the inputs into an output based on prior configuration. These actions can include:

• resolving a DID
• verifying a credential to ensure it:
• was issued by a predefined DID (or list thereof)
• follows a predefined schema
• contains certain key/value pairs
• checking input values to contain a specific value (e.g., authorization key or DID)

<u>Outputs </u>are executed depending on the action. These could include:

• calling a predefined endpoint on an arbitrary server
• issuing / revoking a credential to a specific DID or even multiples at once using DIDComm
• sending out arbitrary DIDComm messages (e.g., PRISM connect request)
• creating, updating, deactivating, or publishing a DID
• generating a QR code for an Out-of-Band connection
• sending out invites for onboarding

These building blocks of triggers, actions, and outputs can be arranged in an arbitrary manner. Some projects might only need a mechanism for sign-in with a DID, while other projects may require multiple interconnected workflows, from onboarding to credential issuing and various levels of verification. To drive adoption, we'll offer templates for the most common workflows.

An additional integration we plan to offer as a template is the integration with a KYC provider, enabling a user to receive a KYC credential. To make this template as straightforward as possible, we'll select at least one KYC provider and design a custom trigger, action, and output matching their specific API surface.

In a later stage (not part of this proposal, to maintain a manageable scope), we could add further integrations, such as the ability to listen to operations on the blockchain like a specific metadata payload, a PRISM event (e.g., a new DID published), or a payment sent.

Open standards

To execute on this proposal we target the surface specification of the current PRISM agent (2.1) and target the following open standards as they relate to a possible trigger or output in their current (July ‘23) official specification:

DID PRISM, DID Peer, W3C VC Model 1.1, DIDComm v2, Mediator Coordinator protocol, WACI Issue credential protocol, WACI Present proof protocol, Basic Message protocol, Problem Report protocol, Trust Ping protocol, Out of Band (OOB), PRISM Connect protocol

How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Our proposal tries to fill a critical gap in the Cardano ecosystem - the lack of an easy-to-use, adaptable, and open-source solution for managing digital identity workflows. Current solutions demand either deep expertise in the SSI sphere or involve costly proprietary systems that create vendor lock-in situations. Our issuing and credential workflow platform significantly mitigates these challenges by offering an interface that simplifies the process of setting up workflows for issuing and validating credentials. With this, projects can integrate SSI more effectively, focusing more on their core value proposition and less on grappling with the intricacies of SSI implementation.

By fostering a higher adoption of SSI within Cardano projects, our proposed solution enhances trust-based interactions across the ecosystem. SSI empowers users with control over their digital identities, improving security and privacy in their interactions. This, in turn, would strengthen the overall Cardano network, propelling the ecosystem forward in a robust, privacy-focused manner.

How do you intend to measure the success of your project?

The success of this project is aligned with the goals of Atala PRISM inside the Cardano ecosystem: a higher adoption and rate of projects integrating PRISM. To track the overall usage of PRISM we already developed software in the past: <https://analytics.blocktrust.dev>, this will help to determine the overall growth of the ecosystem.

Tracking and measuring the usage directly related to this platform is not feasible when the code is run independently by everyone. However, since we are not only providing the open-source code, but also offering a hosted variant, we can track the number of registered tenants as well as platform interactions (for example, how often a certain trigger was executed).

Additionally we plan to gather user feedback through a dedicated Discord channel (<https://discord.gg/6UXrUY2HUk>)

Please describe your plans to share the outputs and results of your project?

Blocktrust will keep the Cardano community informed about our progress by providing updates as we achieve each of our milestones, typically on a monthly basis. We'll be communicating through Catalyst progress reports, our dedicated Discord channel, and videos showcasing the latest features of our product.

Occasionally, we may interact with the community in real-time during the Catalyst After Town Hall sessions. These sessions will give us an opportunity to show our progress and collect immediate feedback. We already have done this several times in the past.

When it comes to product releases, updates can of course found on our Github (<https://github.com/bsandmann>) as well on a dedicated website for this proposal (<https://blocktrust.dev/workflow>) and out blog.

What is your capability to deliver your project with high levels of trust and accountability?

Blocktrust has been an active participant in the Cardano ecosystem since early 2022, developing SSI solutions using Atala PRISM from the start. Over the last year and a half, we have been building projects and libraries based on PRISM. Many of these are open-source and all of them provide value. Some notable ones include:

• Identity Wallet for the Browser (<https://blocktrust.dev/identitywallet>)
• Analytics Platform (<https://analytics.blocktrust.dev>)
• Credential Builder (<https://credentialbuilder.blocktrust.dev>)
• DIDComm Mediator (<https://mediator.blocktrust.dev>)
• Plus a collection of open-source libraries for use with PRISM, which can be found here (<https://github.com/bsandmann>)

Several of these projects, such as the wallet and the analytics platform, have been funded via Catalyst and are either nearing completion or awaiting the close-out report. Other projects have been completed due to ongoing interest in the ecosystem.

Looking at our reports or our blog, you'll see we're constantly sharing videos, posts, new projects, and code. We plan not only to continue doing that, but even to scale up our effort by hiring at least one additional developer.

What are the main goals for the project and how will you validate if your approach is feasible?

• The main goal is to provide an open-source solution for building credential and DID based workflows, that makes it easy for projects to be integrated with Atala PRISM
• To make it even easier we will offer an hosted instance for that service for at least one year after completion
• Additionally we’ll help the first projects to integrate with this offering and improve the platform along the way
• This all should lead to more active users of Atala PRISM and its ecosystem
• And lastly this could lead to grow of Cardano as the whole, since SSI enables many new use-cases, which haven’t been possible before
• We hope that this all feeds back to the project itself, offering more specialized integration possibilities over the long run.

The validation of our approach will be gauged through feedback from the community and projects integrating SSI through the provided platform. This may be expressed in users of the hosted offering, code forks, pull requests or interactions on our discord channel.

Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Before establishing the sequence of milestones, we constructed a comprehensive work breakdown structure (WBS). This structure outlines all the current and anticipated work areas and significant work items, including estimates of the effort each will require.

Following the creation of the WBS, we took into account task dependencies, resourcing requirements, and scheduling considerations. This was done with the aim of resolving the most significant project risks early on. Our milestone creation was designed to align with Catalyst's typical monthly payment schedule and to maintain a focused, agile approach to our deliverables. We've incorporated some slack into our schedule, which would allow us to participate in other activities, including the execution of additional Fund 10 proposals.

Milestone 1: Software Architecture, Project setup and Start of development (1 month)

Planned Finishes: 2023-11-01

Acceptance Criteria: Progress report, providing the repository

Cost: 35,500 ADA

Milestone 2,3,4: Software development and testing (6 months)

Planned Finishes: 2023-12-01, 2024-02-01, 2024-04-01

Acceptance Criteria: Progress reports and videos demonstrating completed activites, described in the chapter below

Cost: 213,000 ADA

Milestone 5: KYC Partner evaluation, Integration, Development and testing

KYC Credential flow (1 month)

Planned Finishes: 2024-05-01

Acceptance Criteria: Progress report and video showing the KYC integration in the project

Cost: 35,500 ADA

Milestone 6: Finalization, Documentation and Release (1 month)

Planned Finishes: 2024-06-01

Acceptance Criteria: Progress report and video demonstrating the full application

Cost: 36,000 ADA

Please describe the deliverables, outputs and intended outcomes of each milestone.

Ultimately, we'll produce software releases and supporting website documentation. Along the way for each milestone, we'll also produce a progress report and a video demonstrating our progress.

Milestones and completed deliverables:

Milestone 1: Build out core of the software to handle tenants (1 month)

• Create a tenant as an Administrator
• Customize a tenant as an Administrator
• Sign in / sign out as a Tenant
• Update the tenants profile

Milestone 2: Build out a basic trigger-action-output flow (2 month)

• The infrastructure to listen to arbitrary actions, process actions and outputs has to be set up.
• A UI to create and config a basic flow for the following basic steps has to be created, so that
• a tenant can configure to a page with form-data so that a user could request a credential (provide DID)
• a tenant can configure a simple output, so that the DID will be issued a predefined credential to the wallet of the user via DIDComm (WACI)
• The previously configured flow can be saved, loaded, started and stopped.

Milestone 3: Extend the basic-flow (2 month)

• A tenant can setup and configure a more advanced flow:
• The flow can now be triggered by a WACI based DIDcomm interaction to request a Credential
• A action can be configured to validate certain parts of the request
• The output could also then be issue the requested credential via DIDComm
• API endpoints are added receive messages from the outside (when hosted as a public service)
• API endpoints are added to trigger actions, and interact with the configured workflows through Http requests.

Milestone 4: Generalize and improve (2 month)

• Most of the triggers, actions and outputs outline above in the impact section will be integrated.
• A configurable output to generate JWT Tokens will be added
• Basic templates for the most common workflows will be provided

Milestone 5: KYC Credential flow (1 month)

• The flow can be extended to use a KYC-Provider
• The KYC Credential could then be used as a Input for another flow
• A Webhook can be configured to be used to specific actions (e.g. notify a API when a KYC Credential was successfully verified)

Milestone 6: Finalization, Documentation and Release (1 month)

• Bug fixing
• A documentation for integrators will be written and provided on a dedicated website
• The open-source projects gets also proper technical documentation and is in a mature state to receive external pull-requests
• The hosted service will go live

Please provide a detailed budget breakdown of the proposed work and resources.

Developer cost breakdown: 35 hr/week with 70 USD = 9,800 USD per month = 88,200 USD

Hosting costs for Milestone 1 to 6 while developing: with 200 USD per month = 1,800 USD

Total: 90,000 USD =<u> 320,000 ADA </u>(~0.28 USD/ADA exchange rate)

Project team: (architecture, design, software development, testing, DevOps, community, project management, documentation):

• Björn Sandmann (Lead developer)
• Ed Eykholt (Development support)
• New Team Member (Development support)

The total workload is estimated at about 35 hrs/week. Divided among three developers, this leaves plenty of room to also push forward other blocktrust projects, community work, marketing, and the ongoing technical support and maintenance of our digital identity infrastructure.

Who is in the project team and what are their roles?

Björn Sandmann

10+ years of full-stack development with the .net Stack. Focused on identity and privacy solutions. PRISM Pioneer, Atala ASTRO, Plutus Pioneer, already funded proposals. Implemented all technical core functionality of products like the blocktrust analytics platform, the blocktrust mediator and the blocktrust identity wallet. Founder of blocktrust.

LinkedIn: <https://www.linkedin.com/in/codedata/>

GitHub: <https://github.com/bsandmann>

Ed Eykholt

20+ years of software product and engineering team leadership. C# developer. Focused on blockchain and identity projects and products since 2015. Atala ASTRO. Working on PRISM related project with blocktrust over a year.

LinkedIn: <https://www.linkedin.com/in/edeykholt/>

Github: <https://github.com/edeykholt>

New Team Member

Blocktrust might hire or contract with an experienced full-stack C# developer to augment Ed and Björn's contributions. The project can still be successful without this additional person.

How does the cost of the project represent value for money for the Cardano ecosystem?

This project's cost is an investment that promises significant value to the Cardano ecosystem by eliminating the barriers that currently hinder the widespread adoption of Self-Sovereign Identity (SSI). Our approach essentially democratizes the integration of digital identity into various projects within the ecosystem, making SSI not just an esoteric coding problem but a practical solution to real-life use cases.

Our deep understanding and experience with the PRISM ecosystem, built over 1.5 years, ensures that we can effectively streamline the process of issuing and validating credentials for various projects. This platform will significantly reduce the time and resources required for project owners to learn, understand, and implement the deeper concepts and different protocols related to SSI, allowing them to focus on their core value propositions.

We computed effort, in hours, and multiplied that by a below-market rate of US$70 per hour (in both Germany and USA) for the expertise of our team. Then we devided this by a recent price of Ada, US$/ada = 0.28. By doing the, the team is taking a downside risk if the price of Ada drops from that point.