When I saw Dom’s tweet (posted below) about verifiable credentials, I got excited about the future of compliant wallets. Do you mind posting an update on where we stand?
In my opinion, crypto needs wallets that are compliant with KYC / AML built in. In no world will we have crypto used in the real world for real transactions unless KYC / AML has been attested to by trusted and authorized parties.
For crypto to succeed, it needs to be regulated, otherwise the government will shut it down. The recent Binance news with the hefty fine is one step towards legitimizing crypto (note the government didn’t shut down Binance).
To my knowledge, only Helix which is launching soon is the only KYC / AML’d crypto wallet in ICP. What are we doing to help make this a reality? Will you dog food this with the foundation?
Does someone mind tagging the relevant people from the II team? Clearly stuff is happening but nothing is being communicated… @dostro maybe you can answer?
II/VC is an interactive protocol (for now at least), which gives it some unique capabilities for cases where credentials represent revocable membership. It is general purpose protocol though, which was designed to be privacy preserving and so identity verification is a very typical use case for II/VC.
Very interesting to see verifiable credential related work in ICP forum. Would love to see the documentation and design details.
At zCloak Network, we have been working on ZKP-enabled W3C DID and VC for years. These are the products we have shipped: Legit ID lets you have reusable and privacy-preserving KYC credential. And zkID Card platform is a place for you to customize, issue, receive and verify credentials.
We are in the process to see how we can integrate our DID protocol with II. Would love to chat more with you guys.
@dfisher
Which Helix wallet with KYC/AML capabilities are you referring to?
Our wallet helix id has KYC/AML build in and we are heavily using verifiable credentials.
As part of our stack this identity part is a cornerstone of Jobgrader as well that we are integrating Bitfinity in the first place.
We can add ICP as well. Happy to discuss.
In Dom’s post Internet Identity seems to be integrating W3C. Other than W3C there are SD-JWT VC and mdoc/mDL for VC/VP format. what is the reason for choosing W3C? Has the latter been considered? it looks like W3C will validate credentialing with ZKP, but the OID4VCI model seems practical and easy to use, but those with the OID4VCI model, which allows SD-JWT, seem to be backward looking to W3C. I referred to this article. I ask this question because I am not a specialist myself, but I hope that a practical usable environment for VC/VP will come soon.
@hokosugi Your questions are important to focus on global decision making regarding future standards like W3C, IEEE and eIDAS2. Nevertheless a lot of the technology is not an A or B decision but more an interaction in a reasonable way. You can combine mDL with the W3C definition of VC/VPs. I am not really getting your point how you classify W3C. It is not a technology as such, but more a standardizing body that in its own is a moving target based on a steering group within the DIF.
The VC/VP interaction is more of a game to enable universal resolvers with full interoperability and add an issuer repository for different schema and domains so that the identity world has a clear separation of those issuers that you can trust and those that just claim to be a trustful source but act as a garbage in - garbage out container.
We are within a grant by the ICP foundation to bring trustful verified workers into the domain of AI data training worldwide. The project is called Jobgrader (https://jobgrader.app) and we believe that it fits great into the idea of II and the interaction of Web2 and Web3 that you are referring to as well.
Happy to discuss further. jobgrader / jobgrader-app · GitLab
In this context, W3C refers to W3C VC; it seems that SD-JWT has not yet been adapted by W3C, and it is said that other formats will spread first. It is also said that the W3C VC document may not be so advantageous in such a situation because many other chains have also started up and are in disarray.
While credentials are cool, they are just a data structure in the end. Countless chains implement them but achieve no adoption. The issue with credentials is that you then need to convince the issuer to join your specific chain and implementation and later hope others will follow. They also offer no Sybil protection once/if more issuers offer independent attestations.
Instead of that, chains should think about how to onboard existing global PKI, and achieve instant adoption that way. Is it harder and more work? For sure, but we at port.link can help.
Trust chain can be validated on ICP, and also passport signatures. We can also help design and write threshold chip authentication algorithm (this probably goes together with vetKeys), so all documents can be supported without off-chain oracles.
The question is who can we talk with to make this happen on ICP?
Our team has chatted with your CMO in the past and are very impressed with your vision. We, personally, are very excited to see what you guys bring to ICP on this front. Will be in touch soon to discuss some things.
Hi @lukapercic
Why do you think it is the one or the other?
The beauty of credentials is, that it is not tight to a single infrastructure or chain.
Have a look at the technology around BBS+ for selective disclosure and the underlying encryption pattern.
Using a global centralized PKI that holds all certificates and onboard this to a chain seems a bit random to me, can you share code or a workflow diagram?
Just to make a point, if you enable an interaction with every passport in an easy manner would be a great way and we would directly integrate it into our solution.
I don’t see it as one or another, I see Verifiable Credentials as an ok data structure for both ideas.
I would say that I see a minimal use for identity that doesn’t offer Sybil protection. For instance, wallet addresses don’t need to be complex IDs themselves to fulfill their function, the same I believe is true with most anonymous identities that don’t offer Sybil, including anon chats and social network identities (that are not verified to be one per human).
BBS is very cool, the issue is how you get the issuer to adopt it. Putting middlemen in between document issuers and attestations is a problematic solution because that middleman then becomes susceptible to accept fake documents. They can’t fully authenticate + they (and their key-wielding personnel) can be bribed themselves.
ICAO standard isn’t really what I would call centralized- each country issuer might be, but certificates are then published on their sites + accumulated on ICAO directory + certain countries publish everybody’s certificates too.
I can share a code for the server solution, full on on-chain solution doesn’t exist yet (and this is what I am proposing to make on ICP).
Not many diagrams yet, but if you ask more specifically i can point you to it.