DAOstar One (Internal)
DAOstar One (Internal)
/
🚀
Voyager Identity #12
🚀

Voyager Identity #12

Last Edited Time
Jun 13, 2022
Created time
May 27, 2022
Participants
Created By
Type
Identity WG
Created
May 27, 2022
Zoom Recording
Property
Property 1
 
Attendees
  1. Cent, Josh, Balazs
Resources
Meeting Primer
🚀
Voyager Identity #5 Meeting Summary
đź““
Specification
Meeting Minutes
  • Feedback from Balazs, kycDAO: this standard is a bit out of scope for us [kycDAO]. we’re more focused on gating functions for DAOs if they want to participate. The only way I can imagine is… once you do verification you become a member of kycDAO, and then you get access to all the trusted services that require KYC. So kycDAO itself might want to emit a membersURI. BUT the fact that you possess a kycNFT also already proves that you are a member, so it seems unnecessary (for now) to host an API.
    • So this goes into something quite relevant: what is the point of the attestation framework when people use NFTs? The communication between kycDAO and a typical service provider using kycDAO is entirely through the chain itself, by indexing or a smart contract reading the on-chain NFT data. “We don’t want to be the “big eye”, we push the proof into the hands of the users, so we don’t need to know if these proofs are getting used.”
    • RISK: is this attestation framework fundamentally competing with the NFT / SBT framework? There is a growing momentum with SBTs: it’s not the best, but it’s easy! Ref. Glen and Vitalik’s DeSoc paper. It doesn’t need any additional infrastructure. But that’s also damaging—will it become mainstream? Any project that remotely fears privacy can’t or shouldn’t use SBTs. DAOs that are just a Discord server with some on-chain governance, GDPR is not going to go after them, but technically speaking they are knowingly going against privacy regulations, and that’s a problem with public credentialing. Maybe it could be a zk-proof but it could still be potentially risky, especially long-term security. Ref: https://blog.kycdao.xyz/nft_vs_vc/
    • RISK: is this attestation committing, without realizing it, to DIDs and VCs? Market incentives for DIDs and VCs are just not there like it is for NFTs. And on-chain assets are also more “composable”, unlike VCs, in the sense that on-chain contracts don’t know if you have a VC. One of the things kycDAO is pushing for is a verified wrapper contract where you can only interact with a contract if you have a valid kyc NFT on your wallet.
    • You could imagine “membership as a service” folks using this attestation framework; but it gets messy when multiple parties are issuing trusted credentials.
    • Side note: there’s some pushback on things like Polygon ID, because it’s not really interoperable with a lot of other things. But it does make certain things easier!
 
JT: Cleaned the overview
JT: Is KYCDAO interested in adopting this?
B: Not in scope at the moment.
B: Let’s look at the ntNFT SBT paper with DAO Haus and Moloch DAO
JT: You could eventually see KYCDAO issuing a mambership URI
JT: One key use case this is designed to cover is, i.e. DisCo is publishing and keeping track of Identity of different users. Issuing credentials. That information needs to be consumed by other organizations that want to use DisCO attestations. For KYCDAo this is not necessary, because attestations are going to be issued via NFTs.
JT: You have these nfts and you expect people who want to use your services need to search for your NFT. So they are not interfacing with you, but just the blockchain. This can be done by indexing or a smart contract reading the on-chain data.
JT: Question: There is no benefit to publishing an API?
B: Not really. We don’t want to be the “big guy”. We want to push the credentials into the hands of the users. If we have an API we know where and when and how they are being used. We only really have one level of proof that we are issuing, so we don’t require additional levels.
JT: The NFT proving one fact (have done kyc through the dao), don’t need to publish additional information. The use cases where this attestation framework is useful is in an instance where richer data about a user needs to be created.
JT: Will make a note about SBTs and use cases in the spec.
B: SBTs are gaining traction
JT: We should take advantage of the flexibility of attestation to have rapid experation.
JT: If we are putting our eggs into the VC basket about how identity and membership should work, that makes me … from my perspective i would like to de risk that some how.
B: VCs generally have one problem: the status. It is just JSON. Weather it is valid or not you are constantly validating the credential, and this is pretty doable. There have been attempts at ways of solving this. There could be theroretical elements in a credential, and an update changes those things, and still show that I used to be.
JT: As we are building a strategy to support DAOs and how they are working with identity, how can we support or make things that are relevant for people that are using SBTs?
B: There is a validity string in an ntNFT that is boolean that we developed. We think that this is important to signal this. In terms fof mixing these two words, having non-privacy facts linked with —- the problem with keys is that they are not extendable. An NFT could maybe be an extension of the key, an updatable tools that comes with minting of that key.
B: It would be great to have DAOHaus folks look at this. When we say credentials, it can just be a JSON that doesn’t meet a VC standard.
B: It might be worth looking at Open Badges. Used a lot in education, and a successful framework, but you don’t own the badge and it can be shut down.
JT: Let’s get issac and spencer on a cal to talk about this.
B: We could just make a schema so that different technology approaches can inter operate, using either SBT, VC, etc.
JT: We have a use case written inside the standard that tells a story about how DAOs would use a data standard. I want to also identify a way that a DAO could use SBTs and have them pass through the attestation framework/schema.
B: Talk to Issac and ask this question. It might be work adding the Avenue also consumes SBT information from DAOHaus. It shows that you can have multiple forms of credentials passed through the format.
JT: Follow up with James from Collabland and look at Nuggets. Also talk with Rez from Guild.
Nuggets is a proprietary decentralized identity. It is similar to Polygon ID.
B: Let’s write this standard down and bring people into this process.
JT: Let’s finalize this standard, and shop it with potential partners, and if they are interested, work with them and smaller start ups like DisCO, Station, etc.
 
 
 
 
 
 
 
 
 
 
 
 
DAOstar One (Internal)
DAOstar One (Internal)
/
🚀
Voyager Identity #12
🚀

Voyager Identity #12

Last Edited Time
Jun 13, 2022
Created time
May 27, 2022
Participants
Created By
Type
Identity WG
Created
May 27, 2022
Zoom Recording
Property
Property 1
 
Attendees
  1. Cent, Josh, Balazs
Resources
Meeting Primer
🚀
Voyager Identity #5 Meeting Summary
đź““
Specification
Meeting Minutes
  • Feedback from Balazs, kycDAO: this standard is a bit out of scope for us [kycDAO]. we’re more focused on gating functions for DAOs if they want to participate. The only way I can imagine is… once you do verification you become a member of kycDAO, and then you get access to all the trusted services that require KYC. So kycDAO itself might want to emit a membersURI. BUT the fact that you possess a kycNFT also already proves that you are a member, so it seems unnecessary (for now) to host an API.
    • So this goes into something quite relevant: what is the point of the attestation framework when people use NFTs? The communication between kycDAO and a typical service provider using kycDAO is entirely through the chain itself, by indexing or a smart contract reading the on-chain NFT data. “We don’t want to be the “big eye”, we push the proof into the hands of the users, so we don’t need to know if these proofs are getting used.”
    • RISK: is this attestation framework fundamentally competing with the NFT / SBT framework? There is a growing momentum with SBTs: it’s not the best, but it’s easy! Ref. Glen and Vitalik’s DeSoc paper. It doesn’t need any additional infrastructure. But that’s also damaging—will it become mainstream? Any project that remotely fears privacy can’t or shouldn’t use SBTs. DAOs that are just a Discord server with some on-chain governance, GDPR is not going to go after them, but technically speaking they are knowingly going against privacy regulations, and that’s a problem with public credentialing. Maybe it could be a zk-proof but it could still be potentially risky, especially long-term security. Ref: https://blog.kycdao.xyz/nft_vs_vc/
    • RISK: is this attestation committing, without realizing it, to DIDs and VCs? Market incentives for DIDs and VCs are just not there like it is for NFTs. And on-chain assets are also more “composable”, unlike VCs, in the sense that on-chain contracts don’t know if you have a VC. One of the things kycDAO is pushing for is a verified wrapper contract where you can only interact with a contract if you have a valid kyc NFT on your wallet.
    • You could imagine “membership as a service” folks using this attestation framework; but it gets messy when multiple parties are issuing trusted credentials.
    • Side note: there’s some pushback on things like Polygon ID, because it’s not really interoperable with a lot of other things. But it does make certain things easier!
 
JT: Cleaned the overview
JT: Is KYCDAO interested in adopting this?
B: Not in scope at the moment.
B: Let’s look at the ntNFT SBT paper with DAO Haus and Moloch DAO
JT: You could eventually see KYCDAO issuing a mambership URI
JT: One key use case this is designed to cover is, i.e. DisCo is publishing and keeping track of Identity of different users. Issuing credentials. That information needs to be consumed by other organizations that want to use DisCO attestations. For KYCDAo this is not necessary, because attestations are going to be issued via NFTs.
JT: You have these nfts and you expect people who want to use your services need to search for your NFT. So they are not interfacing with you, but just the blockchain. This can be done by indexing or a smart contract reading the on-chain data.
JT: Question: There is no benefit to publishing an API?
B: Not really. We don’t want to be the “big guy”. We want to push the credentials into the hands of the users. If we have an API we know where and when and how they are being used. We only really have one level of proof that we are issuing, so we don’t require additional levels.
JT: The NFT proving one fact (have done kyc through the dao), don’t need to publish additional information. The use cases where this attestation framework is useful is in an instance where richer data about a user needs to be created.
JT: Will make a note about SBTs and use cases in the spec.
B: SBTs are gaining traction
JT: We should take advantage of the flexibility of attestation to have rapid experation.
JT: If we are putting our eggs into the VC basket about how identity and membership should work, that makes me … from my perspective i would like to de risk that some how.
B: VCs generally have one problem: the status. It is just JSON. Weather it is valid or not you are constantly validating the credential, and this is pretty doable. There have been attempts at ways of solving this. There could be theroretical elements in a credential, and an update changes those things, and still show that I used to be.
JT: As we are building a strategy to support DAOs and how they are working with identity, how can we support or make things that are relevant for people that are using SBTs?
B: There is a validity string in an ntNFT that is boolean that we developed. We think that this is important to signal this. In terms fof mixing these two words, having non-privacy facts linked with —- the problem with keys is that they are not extendable. An NFT could maybe be an extension of the key, an updatable tools that comes with minting of that key.
B: It would be great to have DAOHaus folks look at this. When we say credentials, it can just be a JSON that doesn’t meet a VC standard.
B: It might be worth looking at Open Badges. Used a lot in education, and a successful framework, but you don’t own the badge and it can be shut down.
JT: Let’s get issac and spencer on a cal to talk about this.
B: We could just make a schema so that different technology approaches can inter operate, using either SBT, VC, etc.
JT: We have a use case written inside the standard that tells a story about how DAOs would use a data standard. I want to also identify a way that a DAO could use SBTs and have them pass through the attestation framework/schema.
B: Talk to Issac and ask this question. It might be work adding the Avenue also consumes SBT information from DAOHaus. It shows that you can have multiple forms of credentials passed through the format.
JT: Follow up with James from Collabland and look at Nuggets. Also talk with Rez from Guild.
Nuggets is a proprietary decentralized identity. It is similar to Polygon ID.
B: Let’s write this standard down and bring people into this process.
JT: Let’s finalize this standard, and shop it with potential partners, and if they are interested, work with them and smaller start ups like DisCO, Station, etc.
 
 
 
 
 
 
 
 
 
 
 
Â