13B/ Self Sovreign D apps / Sam G.

From IIW

Session 13B

Self-Sovereign Dapps


Session Convener: Sam Gbafa

Notes-taker(s): Elissa Maercklein

Tags / links to resources / technology discussed, related to this session:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Self-Sovereign Dapps:

  • The goal is to bring SSI tooling into Web3, where people already have public/private key pairs
    • A Dapp is a “web3” application or software that interacts with a smart contract or blockchain in some way - this is a very loose, fluid definition
    • Sign-In with Ethereum - a way to sign into an application using your Ethereum-based account with authentication
    • Authentication vs Authorization
      • Authentication: Hi, this is me!
      • Authorization: Yes, you can have some permissions (informed consent!)
    • ReCap extends SIWE to include authorizations
      • Provision access to self-hosted data or verifiable credentials
      • i.e. new web3 Instagram: Provision access to settings, to photos, to friends list
  • How can we extend beyond just signing in?
    • Applications we use - Uber, Twitter, etc. - they control the identifier and can remove/delete your account if they want to
    • SSX Library - Self-Sovereign Anything: use SIWE to establish a session for an app instead of a username and password
    • How do you now have VCs with the key?
      • Rebase: self-issue credentials, i.e. sign a statement proving you are the owner of a Twitter account, post tweet & witness verifies, Rebase issues a Verifiable Credential. User for a Dapp now can have this VC in their data store and give access to Dapp for the data store
      • Kepler: store credentials in a self-hosted data vault, provision access to only that folder
        • This helps to limit cost of compliance without a need to store potentially high-risk data, like healthcare data, while empowering individuals to store and maintain this data themselves
        • Also enables revocation by sending to a node that then distributes further
      • SSX gives simple API to allow Dapp developers to interact with these libraries
        • Users show up with key and can do everything
  • How would I limit interaction in a smart contract to require proof from a VC before interacting?
    • Topic is an active area of research
    • Paper released last month that shared how a smart contract could produce verifiable credentials
  • EIP under review to have same key-pair issue encryption keys, as well
  • Issuing Verificable Credentials with Smart Contracts Talk
Retrieved from "https://iiw.idcommons.net/index.php?title=13B/_Self_Sovreign_D_apps_/_Sam_G.&oldid=24744"