Please describe your proposed solution

Solution Overview:

Problem: There is a growing demand for decentralized identity solutions on public blockchains. Users, legal entities, and governments often need to prove their real-world identities to other parties, before or after on-chain transactions. Establishing verifiable relationships will increase trust, simplify regulatory compliance, and accelerate adoption of Cardano.

Lacking Solutions: Cardano doesn’t yet have a complete solution in place for decentralized identity. Other solutions that establish on-chain trust based on possession of an NFT or by consistently using a well-known Cardano address have issues. With those approaches, an owner cannot easily implement security best practices like rotating keys or having multi-signature approvals while using a stable identifier. Any solution that requires publishing decentralized identifiers (DIDs) or credentials on-chain or to other public verifiable data registry is also problematic from a privacy perspective.

Identity Solution Technology: We’ve selected the Trust Over IP (ToIP) Foundation’s KERI, ACDC, and CESR specifications, and we’ll will use several components already built by the WebOfTrust community. These are designed with autonomy, security, and privacy as essential features. These comprise a strong foundation for decentralized identity and credentials that we believe will scale, evolve, and become broadly adopted. Many of its users will deploy these solutions without needing complex blockchains designed to prevent double-spend. This approach appeals to large entities and governments that are cautious about locking into an identity solution based on public blockchain technology to control their reputational trust. For more background information on the KERI stack, see the introductory posts at

<https://medium.com/finema>, specifications at <https://trustoverip.org>, and implementations at <https://github.com/weboftrust>.

Growing Adoption: In the identity technology community there is growing interest in the KERI stack, with 19 sessions at the Internet Identity Workshop in April 2024, including one from us,

<https://kentbull.com/2024/04/29/iiw-38-keri-acdc-session-list/>. Adoption of KERI solutions are beginning. The European Banking Authority is now piloting a solution where they may require European banks to report their financial results with the trusted authenticity of the reporting individuals and their official roles. See https://www.eba.europa.eu/sites/default/files/2024-04/04863f1e-1fbc-4e2ea29f-4e8115e2bf94/nord_vlei.pdf. There are multiple startups dedicated to the KERI stack. The Cardano Foundation is also actively participating with the KERI community and building KERI-based identity wallets with the goal of accelerating adoption of Cardano. See <https://identity.cardanofoundation.org/>.

Design Approach Considered: As one potential solution for Cardano, we initially explored how Plutus scripts could validate the KERI stack’s identifiers, key rotations, and credentials. With such a capability, Cardano solutions for specific use cases could require strong identity. Unfortunately, designing and implementing with those requirements would involve specialized expertise and take perhaps over a year to achieve, since it would involve complex Plutus scripts and/or enhancing Plutus itself to accommodate the design constraints. We may propose CIPs to describe what’s needed and encourage work on this problem.

Design Approach Selected: For this Fund 12 KERI Auth project, the design approach builds on top of existing Cardano and KERI capabilities. It will allow the browser extension and sample website to associate a set of Cardano addresses with an existing KERI identifier with optional credentials, by issuing a new attestation that in effect declares “I control this KERI identifier and that Cardano address.” We plan to implement or leverage CIP-0008 Message Signing to achieve this. See <https://developers.cardano.org/docs/governance/cardano-improvement-proposals/cip-0008>. Such attestations can be verified by others via KERI Auth or related services.

Use Case: We’ll implement the browser extension interacting with a demo website to generate a credential:

• The user will navigate to the website;
• Authenticate and authorize via the browser extension using KERI;
• Complete a form on the website that includes the user’s Cardano address(es);
• The website or KERI Auth extension may interact with a Cardano wallet implementing CIP-0008 to verify control over that address;
• The browser extension will then create a verifiable credential (attestation) that links the KERI identifier and the Cardano address;
• The user can share the credential; and
• Another user can receive, view and verify the credential

Project Engagement: We’ll continue to engage with the ToIP communities and a number of Cardano projects, to understand their identity needs and to validate our value proposition against those. For example, we’ve already started a discussion with Landano (a Catalyst-funded project).

Please define the positive impact your project will have on the wider Cardano community

Positive Impact: This project solution will provide an improved mechanism for providing verifiable facts for regulatory compliance or as otherwise required by government agencies, legal entities, decentralized communities, or other verifiers.

We’ll engage with a few projects currently working with Cardano, understand their identity problems, review our design and resulting software, and collect their feedback.

We’ll provide the Catalyst community with demo videos, installable browser extension for use with demo website, and an open-source github project.

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Existing Capabilities: Ed developed most of the user experience and extension support in the Catalyst Fund 9 project, BLOCKTRUST identity wallet (PRISM), <https://projectcatalyst.io/funds/9/f9-dapps-products-and-integrations/blocktrust-identity-wallet-prism>. The output was an identity browser extension that we released via the Chrome Web Store. For more details, see <https://blocktrust.dev/identitywallet>. In the proposed Fund 12 project, the programming languages, user experience, install and deployment approaches will leverage parts of that fund 9 project.

Capabilities Currently Being Developed: The in-flight Catalyst Fund 11 project, KERI-based Authentication and Authorization Browser Extension was selected by the community in the concept category for us to understand and explore KERI and Cardano use cases. See https://projectcatalyst.io/funds/11/cardano-use-cases-concept/keri-basedauthentication-and-authorization-browser-extension-by-blocktrust. We’ve been actively engaged with the Trust over IP community on specifications and reference implementations. While this project is still in progress and we’ll leverage some of that work, we do have the capacity and plan to begin work on the proposed Fund 12 project immediately.

Demonstrated Trust: Ed Eykholt’s background includes software development, managing projects, staff, and budgets over many years. More recently, this includes completing the Fund 9 Blocktrust identity wallet project. He participated in the Atala Prism beta program (as the lead developer of the Fund 9 blocktrust wallet project). He’s now actively contributing to the KERI identity community.

What are the key milestones you need to achieve in order to complete your project successfully?

Milestone 1: Milestone 1 20%

Outputs:

GitHub repository set up.

Began conversations with Cardano projects on their identity problems and our solution, holding and documenting at least 3 in this milestone.

Studied and summarized one or more CIP-0008 implementations from the requestor's perspective of both sign and verify.

Started a discord or similar channel and invite leads of at least 10 Cardano projects to join it

Documented architecture of entire solution.

Acceptance criteria:

Coherently documented outputs in open-source project.

Evidence of milestone completion:

URLs to outputs.

Milestone 2: Milestone 2 +35% (55% total)

Outputs:

Added extension features (or shown via scripts), including multisig for key rotation, delegation for credential issuance, create credential schema, issue a credential.

Implemented initial demo website (and/or injected content script).

Implemented basic CIP-0008 demo flow for signing and verification.

User authenticated with website using their AID.

User authorized with website using an ACDC credential (vLEI like).

Acceptance criteria:

Coherently documented outputs in open-source project.

Demo video(s).

Evidence of milestone completion:

URLs to outputs.

Milestone 3: Milestone 3 +30% (85% total)

Outputs:

Begin formally tracking issues on GitHub.

Improved user interface for demo website.

Specified the ACDC schema for linking.

Extension (or website) issued an ACDC credential linking the AID and a Cardano address.

Established or described the issuer's root of trust, if any.

Implemented multi-signature approvals.

Offered to present at Catalyst town hall or ATH.

Engaged with other Cardano projects to gather their feedback on demonstration of features.

Published a beta install and/or invite to the Chrome Web store.

Acceptance criteria:

Coherently documented outputs in open-source project.

Demo video(s).

Evidence of milestone completion:

URLs to outputs.

Final Milestone: Milestone Final +15% (100% total)

Outputs:

Submitted project close-out report and video

Acceptance criteria:

Uploaded to Catalyst / milestone website.

Evidence of milestone completion:

URLs to outputs.

Who is in the project team and what are their roles?

Ed Eykholt is the primary contact and implementer for this proposal. Ed Eykholt is an experienced software product entrepreneur, having co-founded blockchain startups, and led software products and development teams across a variety of companies and industries, including the non-profit iRespond Global (biometric service provider), Rational Software (UML), Microsoft (development tools) and Alstom Grid (electrical distribution and outage management). He's experienced with decentralized identity and software development, including producing a browser extension with blocktrust.dev with Atala PRISM. He holds a BS in Electrical Engineering and MS in Management from Purdue University. Ed is based in Redmond, Washington. His LinkedIn is <https://www.linkedin.com/in/edeykholt/>.

James Zerbe will be serving in an adviser / developer role. James Zerbe is a seasoned Senior Director of Program Management, with an impressive career trajectory spanning multiple industries and technologies. Based in Redmond, Washington, James brings a wealth of experience in managing B2B and B2C product lifecycles, technical strategy, and cross-functional team leadership. He holds multiple master's degrees, including in Pharmaceutical Bioengineering from the University of Washington, RF Engineering from California State University, and he is currently pursuing a Master of Science in Data Science at Ball State University. His technical prowess is complemented by certifications in Data Science and Cybersecurity. Throughout his career, James has achieved significant milestones, such as spearheading business turnaround efforts, driving annual revenues of $54M with an 8% YoY increase, and managing high-impact projects for renowned companies like Landis+Gyr, Starbucks, and T-Mobile. His strategic vision and expertise in product management and IoT technologies have consistently resulted in successful product deployments and innovations.

His LinkedIn is <https://www.linkedin.com/in/jimzerbe/>.

Please provide a cost breakdown of the proposed work and resources

The primary cost is personnel time. There may be incidental costs for hosting or software licensing, that are negligible and not enumerated here.

Ed Eykholt and Jim Zerbe – August 2024 – April 2025 = 8 months. 8 months * 18 work-days per month = 144 work-days. 144 work-days at 7 hours/day = 1008 hours. 1008 hours @ 99.2 ada/hour ~= 100,000 ada.

KERI Auth depends on:

1) Trust Over IP Foundation's emerging standards for key management (KERI), credentials (ACDC), and cryptography-aware serialization (CESR); and

2) KERI, ACDC, and CESR implementations delivered by open-source community <https://github.com/weboftrust>, including signify-ts, KERIA, and witnesses implementations.

How does the cost of the project represent value for money for the Cardano ecosystem?

At project completion, the Cardano community will have one solid approach to how governments and legal entities can comply to regulatory requirements for associating Cardano addresses (and thus contracts, spending, and other transactions) with verifiable identifiers for the parties involved. This concept project will help lead to a more complete solution and accelerate a broader adoption of Cardano, which will yield benefits well beyond the cost of this project.