blocktrust
Project Catalyst
The challange
To determine if websites, service providers, or projects of any kind can be trusted, in the Web 2.0 world we use review systems, trust badges or simply the search rank on the results page of a search engine. Often, however, these signs of trust are manipulated, paid for and fabricated by fake reviewers. Projects put fake endorsements of well-known companies or people on their website, or use company logos of trusted companies as advertisements without their consent or knowledge.
Web 3.0 offers the possibility of making statements by companies or people about one another cryptographically verifiable. Trusted entities (e.g., domain experts) can delegate their hard-earned trust to others by endorsing their work.
For example: A startup is sponsored (e.g., by Microsoft) and would like to embed the Microsoft logo on the website to establish trust with new customers. Instead of simply embedding a JPG, the permission issued to use their badge, which may be time-limited, can be checked. As soon as the permission expires, the logo/badge of certification also disappears from the website.
Or: IOHK/IOG has confidence in a Catalyst project and makes a positive statement about them: instead of a mere HTML text on a project web page, a visitor can cryptographically prove the statement and trace it back to a DID of IOHK/IOG.
A solution
Technically, the project is based on Atala PRISM and uses DIDs to identify both the identity of the person making the statement (Issuer) and the recipient of the statement (Holder). The statement itself is called Verified Credential and could be just a short note, a lengthy review, or a picture (logo or badge representing some kind of achievement). The core of the project consists of a web service that periodically checks statements that have already been published for their validity and provides a customizable JavaScript snippet to display the given statement on a website or online-shop.
For a visitor of the website, the statement is initially a piece of JavaScript code which gets evaluated and rendered. By clicking on the statement, the visitor can cryptographically track the statement and verify its authenticity. The revocation of statements by their respective issuers is intentionally possible and an essential feature. In contrast to Web 2.0, statements that are no longer valid cannot be displayed any longer, instead of sitting unchanged on a website forever.
Core Features
A management-area for websites-owners to register their site, prove their ownership, connect their identity wallet, manage existing endorsements and send invites. Generate a JS-Snippet with configuration options to use on their website.
The certifier-Portal for organizations or people to connect their DID and issue endorsement to registered websites or DIDs. Manage existing endorsements and revoke them if necessary. Use custom images, badges, or logos to represent an endorsement instead of written text, e.g., a Catalyst Funded Project-badge.
A customized JS-Snippet gets rendered on the Holders-Websites with a cryptographic guarantee, that the statement is indeed from the specified holder. Clicking on the text/badge links to the verifier portal in which the details of the Verified Credential are shown, as well as existing metadata provided by the Issuer to reinforce the credibility of the statement made.
And also documentation and tutorial Material to get everyone started using web-credentials
Blocktrust web credentials allows you to embed any kind of PRISM Verifiable Credential into a website. A JavaScript snippets load the contents of the credentials and makes it verifiable for the user. Thanks to multiple caching layers and a CDN, the credential can be served and displayed immediately.
Click to enlarge: architectural overview over Atala PRISM and blocktrust web credentials
Click to enlarge: technical overview blocktrust web credentials
A catalyst proposal in under way to fund the development of the credential badges.
If the funding goes as planned, the development can start at the end of September and is likely to finish about 5 months later with a public release.
The launch of web credentials is projected to be in July 2024.
The plan is to finish the project around the end of the year 2024.