Identity Bounty: WTF is a Holonym. An Expandable Identity Layer Powered by Web Token Forwarding

Name of Project

WTF is a Holonym :: An Expandable Identity Layer for DeSci DAOs Powered by Web Token Forwarding

Proposal overview

The WTF Protocol was a finalist for the Harmony Grants Category at ethDenver 2022. Today we are asking for funds and support to help expand our technology to a unique use-case and demonstrated need within the DeSci Community. This grant is responding to the identity bounty posted here.

Who are we and what is our mission?

OpSci’s is an Open Science DAO building on Harmony with a mission to incubate the development of web-native tools for scientific identity, reputation, and credentials management from March to October 2022. OpSci will work closely with the community to integrate existing Web3 technology with academic account and credential systems.

Why is this a problem?

Science needs web-native verifiable credentials that empowers researchers to control their social personas, assert ownership of their scholarly work, and track their contributions across science ecosystems and applications. Scientists need to be able to curate their own social identity, choosing to remain pseudonymous when needed. Researchers should be able to easily query with general search terms to pull up a complete picture of a scientist’s digital footprint, with the ability to request access to papers, code, or other knowledge artifacts.

What is our solution?

To solve this problem, OpSci has proposed Holonym, a decentralized science identity directory that allows a user to sign in with academic credentials, such as ORCID or their institution’s Google Account, and produce a cryptographically-signed record that links their chosen identity features to prove who they are. Holonym utilizes an immutable record of aggregated identity schemas to provide a public read-only directory of science personas. Each user can strengthen their identity by adding additional verified accounts, such as Github, Open Science Framework, and Twitter accounts. Furthermore, schemas are portable and public records can be read and forked by any application to create platform-specific schemas. Lastly, identities are associated with public/private cryptographic key pairs that allow other users on the internet to uniquely decrypt files or messages and confidently assume the identity of the sender.

The product goals are the following:

1. Seamless, user-friendly log-in with mainstream web accounts (SSOs)
2. Imported activity feeds, papers, repositories, and other knowledge artifacts
3. Cryptographic verification of linked identities and their files
4. Composable and modular building blocks for integration with other dApps
5. Onboard the first 1000 academic identities, drawing the from the DeSci community
6. A publicly available distributed, immutable, and versioned social graph
7. Identify potential SaaS and tokenomic models to support continued development

The developed tools are intended to be provided as open source in their release-ready format and as a free, or minimal cost service, for early DeSci adopters.

Holonym. A wireframe displaying the landing page for a scientific persona.

How does this benefit the blockchain ecosystem and Harmony specifically?

ResearchGate has over 15 million users with data trapped in a siloed ecosystem that can be activated to deploy resilient, interoperable, and censorship-resistant knowledge graphs on decentralized blockchain networks. These 15 million users produce over 6.5 million scientific articles, 2 million datasets, and 8.5 million patents a year that drive an (under) estimated $10 trillion dollar research economy in 2021. The transition of science to digital research protocols will also bring with it a significant portion of the research economy.

The establishment of a Science community on the Harmony network will demonstrate a wide socioeconomic benefit of blockchain technology that transcends financial use-cases, increasing public trust and faith and veering attitudes away from blockchain as a stereotype for illegal and dangerous web activity. The issues are not unique to science and can be extrapolated to many other economic enterprises that have transitioned to primarily digital workflows.

How does our solution work?

Our solution utilizes existing protocols such as Ceramic, web3auth, and Lit protocol to solve issues with decentralized versionable identity schemas. We have also introduced web token forwarding (WTF) as a novel solution for verifying Web2 accounts with on-chain verification of asymmetrically-signed JSON Web Tokens (JWTs). WTF retrieves JWTs (the receipts of “Sign in with Google/Facebook/Twitter…” buttons) and records them on a blockchain as an entry by a cryptographic identity. Many JWTs use RS-256 signatures. We have written smart contracts on Harmony testnet https://explorer.harmony.one/address/0xdf10310d2c72f5358b19bf6a7c817ec4570b270f to verify such signatures on-chain. These proofs are written on-chain to prove that you own both the blockchain account and the web2 account.

One reason we chose Harmony because of it’s fast finality and low gas. Fast finality is key for the WTF protocol to prevent frontrunning while retaining adequate UX. The user must to wait for their JWT’s proof to be finalized before revealing the actual JWT in the next block. Fantom also has fast finality and low fees, but our protocol is not relevant to the interests of their incentive fund. For security reasons, we can only be on one chain (JWTs should only be used once, and that cannot be easily enforced cross-chain). We will stick with whichever chain we launch on at ETHGlobal Amsterdam, which we are planning on making Harmony. On its surface, you just have to click a button to sign in with Google, Facebook, Github, Twitter, Discord, Twitch, etc. After signing in with an account, you have to click another button to confirm a metamask transaction.

Our current proof-of-concept, which is running at https://whoisthis.wtf. Its purpose was to prove on-chain JWT verification is feasible, which it has succeeded at. The next step is to add Google, Facebook, Github etc., not just ORCID.

What other use-cases does this unlock?

Our project seeks to solve three problems: identity, security, and discoverability. Some example use-cases include:

• Identity verification for DAOs
• NFT plagiarism prevention (thereby preventing billions of dollars of scams)
• 2FA for NFT or cryptoasset transfers (preventing billions of dollars of transfers from hacked accounts)
• Pay your friends in crypto by their twitter handle, contribute to open source by paying crypto to a github account, etc.

Security. With centralized providers, you can recover your account by proving your identity via email, text, or security questions. Holonym wraps Lit Protocol and web3auth with WTF to bring the same capability to the blockchain with social-account recovery. This feature uses the Lit protocol’s access gating method for storing secrets on a decentralized network using threshold-encryption. Therefore, we can make an on-chain condition that somebody needs to prove 3 out of 5 of their social accounts in order to retrieve the seed phrase. 2FA and security questions (perhaps using zero-knowledge proofs) are future integrations we are working on. WTF cannot just prevent loss of funds – it can also prevent theft of funds. It can be used to require social logins to transfer funds. So even if your wallet gets compromised, it is still safe if the funds are in a smart contract that requires further authentication to transfer anything. This is analogous to Web2 financial services which will not let you transfer without 2FA. Finally, this can come to Web3.

Discoverability. A decentralized user database with aggregated identity schemas allows for greater discoverability of users. Holonym users can be queried by any of their linked social accounts, or using metadata associated with their credentials - such as institution, scientific subfield, scientific paper keywords, or affiliation with a specific DAO. Holonym provides a landing page for a scientific persona that is curated by the owner and allows searchers to explore their verified files, documents, and activity.

How does Holonym differ from other Identity Protocols?

Ceramic, Web3Auth, Proof of Humanity, BrightID and Lit Protocol all offer specific solutions for blockchain identity management…Web3Auth creates app-specific keys to solve onboarding. Ceramic allows for scalable decentralized storage of data streams that link metadata feeds associated with accounts that can resolve across any dApp. Bright ID and Proof of Humanity seeks to demonstrate real world association between a person and their digital identity and does not offer pseudononymity. Lit Protocol is a mechanism for access control, using blockchain identities to gate access to files and services. WTF fills in an important missing gap, validating web 2 accounts on a decentralized and immutable public database. Holonym wraps these protocols to link many web2 accounts and provide a “gestalt” identity for an existing public key. Users curate their own scientific persona, can choose to remain pseudonymous, and decentralized applications can utilize interoperable user data.

Who are our Collaborators and Partners?

Holonym is being developed to service a growing community of Web3 scholars, scientists, and academics. We have partnered with several institutions to bring portable identity solutions to their users:

ResearchHub. A GitHub for Science. Holonym will provide linked academic credentials, reputation tracking, role verification, and social graph analytics for its users.

talentDAO. A decentralized organizational psychology DAO. Holonym will provide an identity layer for its decentralized journal, “The Journal of Organizational Psychology.”

labDAO. An autonomous wetlab in the cloud that executes smart protocols for biological research clients. Holonym will provide a reputation and verified credential layer to support decentralized auction mechanisms for matching service providers with requestors.

DeSciLabs. A platform for creating, sharing, and publishing decentralized research objects. Holonym will provide academic identity verification and pseudonymity.

We are also collaborating with Lit Protocol to introduce access control and wallet recovery features, preventing billions of dollars lost with seed phrases.

What is our go-to-market strategy?

Holonym is currently in the incubation stage over the next 6 months, where we are conducting user interviews and building a minimum viable prototype with a landing page, user onboarding, account verification, imported activity feeds, and signing verified files (such as preprints, papers, etc.).

1. Pilot Community Launch. We plan on launching the first version of the Science Registry MVP at ETHGlobal Amsterdam DeSci conference. The DeSci community has been growing at a rapid pace, from a handful of pioneering members a year ago to nearly a whole week of official events at ETHDenver 2022 with nearly 1,000 attendees. There is a growing need to integrate this community into a social graph to facilitate growth and interconnection. Users will be prompted to link their ORCID, twitter, google, and github accounts to a scientific persona that displays their activity and academic footprint.
2. Early Partner Integrations. Next, we seek to expand our early adopter user base by integrating with existing dApps such as ResearchHub, The Journal of Organizational Psychology, and the openlab protocol. We will also explore integrations with other publishers and dApps requiring identity solutions. These integrations will demonstrate how interoperable user profiles will function in practice and what new design patterns and user behaviors may emerge.
3. User Adoption Campaign. We seek to raise awareness of the platform by targeting the 15 million users of ResearchGate to claim their accounts on Holonym in order to receive unique NFT profile pictures to complement their persona and achieve eligibility for future airdrops (token tbd.).
4. Institutional Partner Integrations. Lastly, we seek to achieve ISO certification for identity verification in order to obtain endorsements and identity solution partnerships with institutions. This will generate trust in our identity solution as we seek mainstream adoption amongst scientific communities.

What stage are we at

We are currently in the MVP testing stage, pre-launch. The Smart Contracts are currently live (https://explorer.pops.one/address/0xdf10310d2c72f5358b19bf6a7c817ec4570b270f) on Harmony test net. There is a GUI which works for scientists’ ORCID accounts at https://www.whoisthis.wtf. We predict about 500 users within our first week, based on interest from existing users. With our upcoming integrations with ResearchHub and TalentDAO, we predict between 1-5 K users in the following months.

What is our roadmap?

For the next 6 months, We will require $135,000 USD in funds to cover salaries for three full-time contributors, contract developers and UI/UX designers, cloud services overhead, and a security audit as we incubate the project. This budget can be broken down in milestones to be achieved over the next 6 months:

1. M1: User & Market Research. Interviews with at least 20 users and potential clients drawn from three categories: 1) Active Web3 DeSci Users, 2) Agnostic Academic Users, and 3) Institutional and Organizational Clients. We will use these interviews to construct personas for DeSci, Web2 Academics, and Institutional users. These personas will allow us to identify pain points and potential business or tokenomics models.
2. M2: Minimum Feature Prototype. We expect to launch the minimum feature prototype on Harmony testnet at an Ethereum Conference to onboard our first 500-2000 users within the DeSci space. We will demonstrate custom defined user personas, identity verification, and imported user digital footprints.
3. M3: First DeSci dApp Integration. We will seek to integrate with existing DeSci partners, such as ReseachHub, talentDAO, DeSciLabs, and LabDAO to onboard their users with a Holonym. Code modularity, interoperability of schemas, and emergent design patterns will be studied and used to inform the subsequent roadmap.
4. M4: User Requirements for Iterative Design. The MVP will be used to gather User feedback in an additional round of UX/UI and Market Research. Key deliverables will include updates user personas for how people use the app, identification of key user pain points, most requested features, and any other feedback that can be used to inform the requirements for the application. Client integrations will also be assessed and used to inform continuing development.
5. M5: Develop User Growth Campaign. User Requirements will be also leveraged to develop a User-Base Growth Campaign to identify the best use-cases and communities to onboard unto our application. The User Growth Campaign will include a detailed plan for identification of distinct user communities, channels for tapping these communities, requirements for integrations and activation of members in those communities, and finally an execution plan to launch the application and attract new users.
6. M6: Execute User Growth Campaign & Solicit On-going Feedback. Our last milestone for this grant will execute a growth strategy by leveraging on-going partnerships, platform integrations, and community momentum to establish a measurable network effect. Some strategies for this include a (legal and ethical) “vampire attack” by linking email account credentials to send and receive emails and money on the Harmony network linked to possible airdrops, rewards, or other incentives for using the platform.

These milestones will position us to enter an accelerator and target VC funding to research and develop additional features such as 2FA, Account Recovery, Integration with Institutional Clients, and generic account management features. In the medium term, we will target 5 million users, or about 2% of real people who currently hold cryptocurrency accounts. As web3 grows more mainstream and network effects happen with identity platforms, one billion users becomes a possibility. Eventually, we envision all products, platforms, protocols, and individuals interacting on web3 to use our service in lieu of other identity services to the flexibility and user-owned design principles.

Another reason we chose Harmony is because of its $300M fund. We are grateful to Harmony for providing $1000 already to our project as an ETHDenver hackathon bounty and for encouraging us to apply for more funding. We had a helpful discussion with Labesh Patel who reviews grants at Harmony and runs a KYC business. He advised us on future directions and business models for verification services. He then recommended we apply for a Harmony grant, due to our shared interests with Harmony in the academic community and potential for bringing users to DLT.

What do we need?

Most importantly we require funding to support this project. We are also seeking advisors that can help us plug into the existing Harmony ecosystem, develop business models, and establish partnerships beyond Web3.

Who is on the team?

Shady El Damaty, OpSci, shady@opsci.io
Neuroscientist, data engineer, founder of OpSci - an early Decentralized Science community. Performing project management, strategy, and user-guided development for Holonym.

Nanak Nihal Khalsa, nanaknihal@gmail.com
Neuroscientist, creator of WTF protocol underlying Holonym. Computer science and blockchain nerd. Overseeing technical vision and execution.

Kushal Kahar, kushalkahar123@gmail.com

Kinshuk Kashyap, kinshukkashyap.me@gmail.com
Hacker at heart, I take apart the layers of reality, currently focusing on computer science and distributed systems. Thinking about architecture and data structures involved with WTF and related protocols

Lily Hansen-Gillis, l.hansen.gillis@gmail.com UI/UX

Caleb Tuttle, caleb@opsci.io
Software developer and technical writer. ConsenSys Blockchain Developer Bootcamp Alum.

Niklas Rindtorff, LabDAO, niklas@labdao.com

Proposal ask

We are requesting $135,000 USD in funds to support our development work over the next 6 months to be broken down across 6 milestones.

Metrics for success

Our milestones listed above will be assessed with the following metrics.

1. User interview database, validated user personas
2. Functional prototype on Harmony Mainnet
3. Onboard first cohort of users (500-1500)
4. User growth rate
5. Account verification requests
6. Number of linked papers and knowledge artifacts
7. Social media engagement
8. Number of integrations with other dApps and requests made through bridges

External links

ORCID Smart contract live on testnet https://explorer.pops.one/address/0xdf10310d2c72f5358b19bf6a7c817ec4570b270f

Brief description and source code is available at https://github.com/nanaknihal/DIDJWT

Holonym repository is available at https://github.com/opscientia/desci-did

A video is available at https://www.youtube.com/watch?v=MmR9bhULpxE

A demo is available at https://whoisthis.wtf

Met this team out at ETH Denver. Very strong team and great product-market fit. Would be a real asset on Harmony IMO

Science is all data, data protection and easy use of it
is a major problem and i think this project will provide the solution with the help of harmony blockchain wish you best of luck

This project seems like it will address a growing problem! I’m excited to see where this goes.

I’ve had the opportunity to meet Shady. We’ve had a couple of meetings. I believe he and his team are a great team with really smart people. Scientific community precisely needs projects such as this one. I’m really pleased to see teams working on solutions for the scientific community. Really looking forward to see Holonym unfold!

Hello adrianrobison, would love some feedback on this! Have we satisfied the requirements for a formal application? I’ve found the documentation a bit hard to follow on how to submit a grant to Harmony.

@hebbianloop welcome to Harmony!

Please let me clarify the purpose of the grant for the greater community and future proposals. Grants are meant as an affirmation that we will be committed to support the team, and the financial incentives are to subsidize the development and launch of a minimum viable product on Harmony. If executed well, and with the help of the community interests in the ecosystem, the vibrant community will help boost your initiative to the next level, while Harmony does have an Accelerator Program to help with that. It’s not meant to fully subsidize for salaries for any period of time nor fully fund a project in its entirety.

Having said that, I do have some questions

1. Some time has passed, and so has EthAmsterdam. I’m curious to know where things are today.
2. The proposal does not fit a Bounty but more so a Launch grant, which are earmarked with milestones, and maxes out at $50k. Would you be open to this?
3. I didn’t see 1,000 DeSci members on Discord and that’s a relatively small and targeted group. If not this angle, which portion of the Harmony ecosystem would benefit from an identity platform such as Holonym’s? (I asked the same question to another Access Control List [ACL] proposal recently)

Hi Jacksteroo!

Thanks so much for following up with us. Responding to your questions in order here:

---

1. We are incredibly excited to share with you our successful soft release at ethAmsterdam. You can find a video of the demo here:

The slides for the event can be found here along with an accompanying in-depth exposition on the motivation, design, and future steps on our blog:

https://pulse.opsci.io/provable-and-computable-identity-for-future-proof-scientific-workflows-b020cdea11e3?source=collection_home---1------0-----------------------

---

2. Yes, we had originally targeted the identity bounty, specifically this post by @lij. In this request, @lij requests the following features:

“Link with Twitter/Github/Linkedin identity, multi-factor biometric/location/device authentications.”

Holonym accomplishes this. Our developer tooling makes it trivial for integration of Holonym within the existing Harmony Identity stack. We are also very much open to a Launch grant. We have currently deployed our contracts on Gnosis (xDAI) and may consider Harmony next.

---

3. We currently have ~500 members in the OpSci discord, which is just one small/medium sized DAO in the entire DeSci space. There are over 50 DeSci DAOs in the space, with more being added every day. Note that Holonym is a generic identity verification and bridge protocol. We are soft launching our alpha product within a niche community but are already receiving interest from diverse projects which all need on-chain identity. Once we have the smart contracts audited, we will be ready to onboard the next 10,000 users from all across the Web3 ecosystem

Most importantly, here are the ways in which the Harmony ecosystem can benefit from us:

• Send $ONE to any verified user with their discord, twitter, gmail, or github handle. You just have to know their social account, not even their blockchain address to send them $ONE

• Decentralized wallet recovery for lost seed phrases (via the dACL project you linked above – we’re working with them because they’re solving huge problems for dApps and protocols like us)

• Decentralized two factor authentication to secure DeFi protocols on Harmony.

• NFTs from verified artists. Harmony can be the first blockchain to prevent NFT scams by adding the value of artist verification on-chain.

We would be grateful to be considered for the Launch Grant or Harmony Accelerator. We would love to bring turing complete identity to the Harmony ecosystem.

Who are our Early Partners?

• LabDAO: A decentralized laboratory protocol marketplace

• ResearchHub: Scholarly content curation, peer review, and publication.

• talentDAO: Journal of Decentralized Work

• … Harmony?

What would be your suggestions to best proceed with this application? We are open to a Launch grant, completing the Identity Bounty linked above, applying for an accelerator, or other suggestions you may have. Just let us know what works best for the Harmony ecosystem!

Do the following milestones make sense?

M1: Feature-complete deployment on Harmony testnet ($10k)

M2: Launch on Harmony Mainnet + Audit ($20k)

M3: PR to Harmony One Wallet to include verified IDs with Holo ($15k)

M4: Integration with Harmony 1 DAO/dApp (1k)

M5: Integration with 5 Harmony DAOs/dApps (5k)

M6: 1k daily active users (10k)

M7: 10k daily active users (20k)

Metrics for success

5+ new or existing dApps using Holonym for Identity Verification

5+ new DAO using Holonym to augment their tooling

1000+ active users daily