One of the many things that annoys me about my experiences online is how most Websites handle access/authentication/authorisation. A lot of them still use the method of using usernames and passwords for login, so much so that I have a password database manager to keep track of all of mine. Surely, in the days of Web3, when wallets like MetaMask and Hive Keychain exist and it's possible to connect them to sites (I'm not sure exactly how, but WalletConnect has documentation on this), as well as JWTs, it should be possible to do away with form-based access/login, right? Maybe leveraging the Unlock protocol could work for me. That's something into which I'll have to look if/when I ever start building DApps (maybe in Chia LISP or Vyper on Arbitrum), but let me not get ahead of myself. (I have, however, included links to potentially useful libraries and projects, for future reading.)
If my idea is feasible, it should remove the need for KYC on certain sites, since they can query a user's wallet for the presence of a specific ID NFT and obtain information about the NFT from the wallet when it is found. Here's my proposal: What if, instead of providing an actual Identification document (or digital copy thereof) to every site that requires a person to identify themselves, it was possible to provide an NFT that stands in as a proxy thereof (or link a wallet that contains that NFT)? Here's what I'm thinking:
- Instead of supplying one's full name, ID number and photo (or other details), create a dApp/service that takes that information, creates a unique (SHA-256/512?) digest on them and generates an NFT containing that digest.
- Based on the above created digest, create a black-and-white image (maybe a GIF or TIFF), possibly a QR code.
- Embed the digest in the image/QR code, using something like steganography (?) or a property of the NFT itself, perhaps additionally including a JWT.
- The service would charge a small amount for the creation/minting of the NFT (of which there'd be only one by default, although the user can specify if they want a duplicate made.)
- Use the resultant NFT for identification, instead of the original document that resulted in its generation.
That way, the NFT can be used as a valid means of identification, instead of the actual government-issue ID (or digital copy thereof). This will create a slightly looser coupling between a person and a valid identifier for them. The beauty/elegance of such a means of authorisation/identification is that a system using it doesn't have to know the personally-identifying details of the holder of the NFT, merely that the NFT (and the digest it contains) is a valid unique identifier for its holder.
This all assumes, of course, that whomever provides the information/data for generating an ID NFT provides it accurately to begin with and that the dApp that generates the NFTs is trustworthy/verifiable. Some process of verifying that the supplied data/information matches the original ID will still be required (possibly performed by a human), but this will be done once when the NFT is created, instead of by every company/organisation/Website that requires KYC verification, since they can simply use the generated ID NFTs.
I've looked into the actual feasibility of generating a digest from the information to be supplied and it looks straight-forward enough (join some byte arrays into one and supply them to a digest calculator). The real issue is one of learning DApp development (particularly NFT generation) and building the system, then persuading others to use it (likely with some small charge for providing the service), instead of whatever methodology/system they're currently using.
In the first step of the process, the following data would be supplied:
- ID Number (or social security number, if this isn't the same thing in the USA)
- Country of citizenship/issue of ID
- First name(s) and surname (full name)
- Date of issue of ID
- (Re)Issue #
- Photo of ID holder (possibly optional)
In the course of looking at various technologies that I can potentially use for integrating wallet connection into Web3 Dapps (Unlock looks promising, especially integrating an existing NFT collection, which I might be able to do), I found a site that offers courses on Web3 development:
- Smart Contracts on Ethereum (presumably can be migrated to Arbitrum): https://university.alchemy.com/ethereum
- NFT Smart Contracts, creation and Marketplace DApps: https://docs.alchemy.com/docs/welcome-to-the-road-to-web3
Here's the cool thing about the Alchemy University courses: They (or at least the first one for which one signs up) are free!
For a while, I've wanted to learn these technologies and the above courses might just provide exactly that.
Post thumbnail image: Photo of US passports by Spencer Davis on Pexels