Funds Fund 13 Proposals Cardano Open: Developers Cardano Identity-Based Access Control NPM Package
vote pending
Cardano Identity-Based Access Control NPM Package
View on Ideascale
Current Project Status
vote pending
Amount
Received
₳0
Amount
Requested
₳95,000
Percentage
Received
0.00%
Solution

Develop an NPM package that implements an Identity-Based Access Control (IBAC) system using Cardano’s verifiable credentials for decentralized, fine-grained access management across apps and services.

Problem

Cardano lacks a decentralized, fine-grained access control system using verifiable credentials, limiting secure and flexible resource management across applications without central authorities.

Team

1 member

john Ndigirigi bio pic
Cardano Identity-Based Access Control NPM Package

Please describe your proposed solution

The proposed solution is a streamlined Identity-Based Access Control (IBAC) system that leverages PRISM credentials for decentralized access management. Key features include:

  • Credential-based Authentication:
  • Support for PRISM credential types
  • Integration with existing authentication systems
  • Fine-grained Authorization:
  • Attribute-based access control using credential claims
  • Role-based access control mapped to credential types
  • Policy Definition and Management:
  • Flexible policy language for defining access rules
  • Version control for policy changes
  • Credential Verification:
  • Real-time verification of PRISM credentials
  • Support for credential revocation and expiration checks
  • Integration Libraries:
  • SDKs for JavaScript and TypeScript
  • Developer Tools:
  • Comprehensive documentation and tutorials

Please define the positive impact your project will have on the wider Cardano community

The IBAC system will positively impact the Cardano community by:

  1. Ecosystem Growth:
  2. Attracting developers and enterprises to Cardano with a robust access control solution
  3. Encouraging development of more sophisticated applications
  4. Showcasing Cardano's Capabilities:
  5. Demonstrating practical applications of PRISM credentials
  6. Positioning Cardano as a leader in decentralized identity solutions
  7. Enhancing Security and Privacy:
  8. Improving overall security of Cardano-based applications
  9. Promoting privacy-preserving access control
  10. Fostering Interoperability:
  11. Creating a standard for access control across Cardano projects
  12. Facilitating integration between different Cardano-based applications
  13. Driving PRISM Credential Adoption:
  14. Providing a compelling use case for PRISM credentials
  15. Stimulating development of more credential types and issuers
  16. Empowering Developers:
  17. Simplifying implementation of complex access control scenarios
  18. Reducing development time and costs

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our core team consists of experienced professionals with expertise in blockchain technology, decentralized identity systems, and access control solutions:

John Ndigirigi - Lead Developer LinkedIn: https://www.linkedin.com/in/ndigirigijohn/ Role: John will lead the development of the IBAC system, leveraging his experience in Cardano development, Atala PRISM, and identity solutions.

John's relevant experience includes:

  • Developing Cardano-based solutions for educational credential management under DirectEd Development
  • <https://www.directed.dev/>
  • <https://x.com/DirectEdDev/status/1716198624671973415>
  • Implementing Open Badges standards in blockchain environments
  • <https://github.com/bsandmann/blocktrust.CredentialBadges>
  • Contributing to open-source projects in the Cardano ecosystem
  • <https://github.com/hyperledger/identus-cloud-agent/issues>
  • Working with the Blocktrust team to deliver identity tooling for developers.
  • <https://blocktrust.dev/>
  • <https://github.com/bsandmann/blocktrust.CredentialWorkflow>

Advisor (unpaid role): Björn Sandmann has declared himself willing to support this project with some architectural and software development advice. He is a senior .NET developer with multiple years of experience in the SSI space. Particularly, he is known in the Cardano / Identus community for infrastructure projects, like the OpenPrismNode or the Blocktrust Analytics platform.

Additional roles to be outsourced:

  • Technical Writer: To develop comprehensive documentation and tutorials.

To validate our approach and ensure feasibility, we will:

  1. Develop a Proof of Concept (PoC) demonstrating core IBAC functionalities within the first two months.
  2. Conduct regular internal security assessments throughout the development process.
  3. Perform scalability testing to ensure system performance under various loads.
  4. Engage with potential users for usability studies and feedback.
  5. Ensure ongoing compliance with relevant standards and regulations.

What are the key milestones you need to achieve in order to complete your project successfully?

Milestone 1: Project Initialization and Architecture Design

Outputs:

  • System architecture document
  • Initial GitHub repository setup with project structure

Acceptance Criteria:

  • Well-detailed system architecture diagrams covering all major components
  • System architecture, early testing and contribution guidelines documented on github.

Evidence of milestone completion:

Well detailed outputs on a github repository

Milestone 2: Core IBAC Engine Development

Outputs:

  • Implementation of core IBAC engine with basic policy support
  • Integration with Identus Cloud Agent for credential verification
  • Initial attribute-based and role-based access control implementation

Acceptance Criteria:

  • Successful execution of predefined access control test scenarios
  • 80% code coverage for implemented features

Evidence of milestone completion:

Well detailed outputs on a github repository

Milestone 3: Policy Management and Integration Libraries

Outputs:

  • Flexible policy definition language and management system
  • SDKs for JavaScript and Python
  • Basic CLI for system management

Acceptance Criteria:

  • Successful creation and enforcement of complex access policies in a test environment
  • Functional SDKs with example integrations passing all unit tests

Evidence of milestone completion:

Well detailed outputs on a github repository

Final Milestone: Security Audit, Documentation, and Launch Preparation

Outputs:

  • Internal security audit report and fixes
  • Comprehensive user and developer documentation
  • Sample application demonstrating various use cases

Acceptance Criteria:

  • Resolution of all critical and high-priority security issues identified in the internal audit
  • Comprehensive documentation covering all system components and APIs
  • Successful deployment sample application using the IBAC system

Evidence of milestone completion:

Well detailed outputs on a github repository

Who is in the project team and what are their roles?

Our team consists of experienced professionals with a strong background in blockchain technology, identity solutions, and access control systems. We have already engaged with all core team members and confirmed their willingness and capacity to support this project.

John Ndigirigi - Lead Developer and Project Manager LinkedIn: https://www.linkedin.com/in/ndigirigijohn/ Role: John will lead the development of the IBAC system and oversee project management. He brings extensive experience in Cardano development, Atala PRISM, and identity solutions. John will be responsible for system architecture, core development, and ensuring project milestones are met.

John's relevant experience includes:

  • Developing Cardano-based solutions for educational credential management under DirectEd Development
  • <https://www.directed.dev/>
  • <https://x.com/DirectEdDev/status/1716198624671973415>
  • Implementing Open Badges standards in blockchain environments
  • <https://github.com/bsandmann/blocktrust.CredentialBadges>
  • Contributing to open-source projects in the Cardano ecosystem
  • <https://github.com/hyperledger/identus-cloud-agent/issues>
  • Working with the Blocktrust team to deliver identity tooling for developers.
  • <https://blocktrust.dev/>
  • <https://github.com/bsandmann/blocktrust.CredentialWorkflow>

Advisor (unpaid role): Björn Sandmann has declared himself willing to support this project with some architectural and software development advice. He is a senior .NET developer with multiple years of experience in the SSI space. Particularly, he is known in the Cardano / Identus community for infrastructure projects, like the OpenPrismNode or the Blocktrust Analytics platform.

Additional roles to be outsourced:

  • Technical Writer: We will seek a technical writer with experience in blockchain and identity systems to develop comprehensive documentation and tutorials.

Please provide a cost breakdown of the proposed work and resources

Total Budget: ₳95,000

  1. Personnel Costs- Development, full time (70% of total budget): ₳66,500
  2. Development Infrastructure (10% of total budget): ₳9,500
  3. Security Audit (8% of total budget): ₳7,600
  4. Internal security audit and fixes: ₳7,600
  5. Documentation and Training Materials (5% of total budget): ₳4,750
  6. Technical documentation tools: ₳750
  7. Content creation and editing: ₳4,000
  8. Community Engagement (4% of total budget): ₳3,800
  9. Participation in virtual events: ₳2,000
  10. Community management tools: ₳1,800
  11. Contingency Fund (3% of total budget): ₳2,850

The project has the following dependencies:

  1. Cardano blockchain: Essential for the underlying infrastructure of PRISM DIDs and credential issuance.
  2. PRISM DID method: The core specification our IBAC system will use for identity management.
  3. Identus Cloud Agent: Required for interacting with the PRISM DID infrastructure and credential verification.
  4. W3C Verifiable Credentials standard: The basis for our credential format and verification processes.

How does the cost of the project represent value for money for the Cardano ecosystem?

The PRISM-powered IBAC system represents excellent value for money for the Cardano ecosystem:

  1. Ecosystem Enhancement: The ₳95,000 investment will result in a sophisticated access control system that significantly enhances Cardano's capabilities, attracting developers and enterprises to the platform.
  2. Innovative Use of PRISM Credentials: This project showcases a practical application of PRISM credentials, driving adoption and demonstrating the value of Cardano's identity solutions.
  3. Long-term Impact: The IBAC system will serve as a foundational component for numerous future projects, providing value far beyond the initial investment.
  4. Cost-Effective Development: Our budget prioritizes efficient use of funds, with 70% allocated to experienced personnel and leveraging open-source tools to minimize costs.
  5. Security Focus: We've allocated resources for a thorough internal security audit, crucial for a system handling access control.
  6. Developer Empowerment: The inclusion of SDKs and integration tools will save significant development time for projects building on Cardano.
  7. Potential for Commercial Adoption: By providing enterprise-grade access control capabilities, this project opens doors for commercial adoption of Cardano technology.
  8. Community Building: The open-source nature of the project will foster a community of developers and security experts around identity and access control on Cardano.
close

Playlist

  • EP2: epoch_length

    Authored by: Darlington Kofa

    3m 24s
    Darlington Kofa

  • EP1: 'd' parameter

    Authored by: Darlington Kofa

    4m 3s
    Darlington Kofa

  • EP3: key_deposit

    Authored by: Darlington Kofa

    3m 48s
    Darlington Kofa

  • EP4: epoch_no

    Authored by: Darlington Kofa

    2m 16s
    Darlington Kofa

  • EP5: max_block_size

    Authored by: Darlington Kofa

    3m 14s
    Darlington Kofa

  • EP6: pool_deposit

    Authored by: Darlington Kofa

    3m 19s
    Darlington Kofa

  • EP7: max_tx_size

    Authored by: Darlington Kofa

    4m 59s
    Darlington Kofa
0:00
/
~0:00