Building reputation for blockchain wallets: Soulbound NFTs as on-chain verifiable credentials

Hello everybody, and thanks for paying attention still today. I know it's a little bit early still for myself. It's the first time at the eic and I have to say I am astonished by the depth of the topics that are presented here. And a mentor of myself taught me wants to not be the smartest person in the room. And this is how I feel at this conference. I'm definitely not the smartest person on this conference, I have to admit, and it doesn't make it easier for me to give a presentation here about my topic today. But anyways, I will try. My name is Simon.

I'm 26 years old, and I'm one of those blockchain people. You either hate us or you love us. There's usually nothing in between. Let's see if you hate all of me. After my presentation today, I'm, I'm gonna be talking about building reputation for blockchain wallets, using technologies like Sovan tokens, but also verifiable credentials. This is also what we do at the startup that I, that I founded. And first of all, I want to dig into, can I use this? Yes. Just click next. Yeah. Okay. If it work, yeah, it's a little bit delayed.

First of all, I want to highlight a quote that you all know probably that you are familiar with, which is that the internet was designed to connect machines and not people. This is basically why we're all here, I guess. And this is a topic that we're all working on. And before I dive into any technical aspect of the whole presentation, I want to give a little bit of a personal experience that made me go into the space actually. So a couple years ago, I tried to hire a freelancer for a development job for developer job. And I found someone, he seemed nice, I asked him to work for us.

We had some conversations, I didn't know him before. So we came to an agreement. I signed a contract for, for a deaf job. And you can guess what happened. As soon as the transfer was done, the expected outcome was not what he told me before. So the work was slow and the quality was not the standard that I was expecting. If I would've had a way before to quickly assess the reputation of that person in that specific field with a single snapshot, I could save myself a lot of hassle and cost and money as well. And I didn't find a solution for that back then.

So this is basically what made me realize we need to find a way to quickly assess for reputation in the internet, because right now there's no reason to trust you by default in the web. So first of all, to begin at the, at the first step, I quickly want to repeat the centralized NC management that we all know since the past years. And there we have certain problems and certain challenges that made us explore new frontiers and new ways of doing things.

One of it is obviously data privacy, because in a centralized system, the user's personal information is stored and managed in a central database. And this comes with some privacy concerns. We also have some security risks that come into play as well, because your data is stored with a centralized provider and there might be some sensitive data in there that you don't want to show to other people as well. So two more challenges we come across when talking about centralized data management. Is there also trust issues?

So users often required to trust the third party platform with their sensitive information. And also it's a little bit inefficient to use centralized management systems because you have to send the same information several times repeatedly to different third parties. So at the end of the day, we all know there must be a better way. And then there came the savior of the day, decentralized identifiers and verifiable credentials. So this is for me the the next stage, the second stage of identity management. And the question is, is this the new paradigm for identity management?

Is this the end of everything? We've been talking about this for quite some time. I think this is not the first conference we hear about DITs and VCs, even though this time we emphasize a lot about it. And we have some good things about this technology. I'm actually a friend of DITs NVCs as well. Because we have enhanced privacy because the user can actually control his own identity. We have improved security because the systems are mostly decentralized, which make makes them more secure than decentralized ones. And we also enable trustless verification.

I mean, this is basically in the name of verifiable credentials. I don't need to explain that concept anymore as well. And we can also streamline the processes better because the VCs enable users to share their identity information with multiple service providers each after one another. So this is already a good solution, but that's not what I want to talk about today. I wanted to talk about an even newer paradigm for identity management, which could be soul bound, NFTs, soul bound tokens. And the question here is, is this the next era?

Is this the next thing or is there maybe a better way to combine things? So SPTs, you might have heard of them before. So Bon tokens, they have been first mentioned by the founder of a serum Vitalik Buterin. Now it's more than a year ago that he has been writing about it with two other co-authors in their paper finding Web three s Soul. This research paper was quite elaborate and it was not very tangible, like usually when Vitalik is writing, but it inspired a lot of people to explore this idea of SPTs. And one year later it is actually a use case.

So Saban tokens are a standard on Ethereum, blockchain and other blockchains as well. And you can use them. So what are they? As the name kind of suggests they're bound to a soul, which is basically nothing else than being attached to one wallet, one private wallet, one blockchain wallet, and you cannot transfer them.

Obviously, they're also immutable since the information is stored on chain and cannot be altered after. And they're also verifiable through cryptographic proofs. And today they've been in use already for certain things, for example, for reputation management systems. So users get solve soone tokens for certain activities in the internet or for access control as well, where service providers can grant access to specific features and also for incentivization games. So you can actually issue SOONE tokens as rewards for good community interactions or similar things.

And lastly, you can also use them for identification because users can share their solvent tokens with third parties to streamline onboarding processes. This also makes sense. So there are some applications, there are some upsides, but still there are also some downsides. So we might have to explore synergies between solvent, token token and verifiable credentials.

So to quickly assess how they differ, we have soone tokens that are stored on blockchains in a decentralized fashion and they are completely trustless, verifiable credentials on the other other side are usually stored chain, and they rely on central issues in terms of the transferability. Sovereign tokens are bound to the wallet, like I said before, so you cannot transfer them at all. What you could do technically is revoke them or kind of hide them in your wallet, but you cannot send them to another person while their fiber credentials could be technically transferred.

Also, between different parties, saw tokens are immutable. That means they cannot be output, like I said before, because they're basically burned on the blockchain and they cannot be changed anymore. And where fiber credentials could technically be also stored on mutable systems. So I just want to show a little bit, there are some differences between, especially SBT and VCs, why normal NFTs are quite similar to verifiable credentials.

Now, the main part and the main topic I want to, I want to basically talk about is the benefits and the drawbacks of both technologies and where we might merge them to get the best of two worlds. So we could combine the strengths of both on chain and off chain solutions to create a more robust centralistic identity management system. And first of all, for the, for the benefits of the on chain solution, I said before, they're decentralized, so no authority, no middleman, that's in, that's in the in the middle. And then they're mutable as well because they're stored on blockchains.

They come with security aspects since they're cryptographically secured. And they're also interoperable if you use them. You can basically jump from decentralized application to decentralized application and show what's on your wallet and what identity metrics you bring with them. But then on the other side, I am an advocate, but I have to admit, there are also a lot of question marks still with, so tokens, for example, scalability, usually this is a normal problem at blockchains, blockchain based solutions, they face limitations in terms of the transaction throughput.

Also, they are privacy concerns because public blockchains are by default public. So whatever you put on the Soone token is public to everyone, everyone can see it. This might be the biggest flaw of SOONE tokens where you need to be very careful how to actually use them. And there's the cost aspect, right? Because cost can occur, each transaction use usually involves some network fees. So on the off chain side, talking about verifiable credentials, we actually have on the benefit side scalability, because off chain solutions can handle a higher throughput.

They also more private because you store them off chain, so you can put more sensible data on it. And you also have the upside of lower costs because off chain transactions normally involve lower fees. So now on the, on the drawback side from off chain solutions, they are not really as decentralized as the on chain ones. So centralization might be a question mark. There's also the potential for tampering since mutable systems can be susceptible for unauthorized changes and they're also limited interoperable.

Now if we look at this, I think the next slide is quite obvious because we just kind of merge them together and we take the best of two worlds and rebalance out the drawbacks and take the benefits. So this is what happens when we combine off-chain and on chain solutions. And this is actually my, my main point I want to emphasize because by merging on and off-chain technologies, we can unlock the potential of a more comprehensive digital identity system for certain use use cases only.

We can take the advantages of decentralization, security, and interoperability, and we can kind of fulfill the need also for privacy, scalability, and cost efficiency by using verifiable credentials on the other side and combine both. So if you take one thing from the speech today is that it might be a good idea to explore synergies between the two worlds instead of either hating on blockchain or loving blockchain. So there might be a a middle ground for both.

And to make it a little bit more tangible, I just want to talk briefly about how we are actually using both technologies with a startup that I'm leading. And we are building basically a reputation management solution. So our mission is to help individuals to build and leverage their digital reputation and basically do this in a secure, private, and decentralized way. So we are combining the strength of sovan tokens, of air fiber credentials and other technologies to create a more comprehensive and interoperable reputation management system.

So on the data feed side, we're using SSI architecture. So everything that needs to be private can remain private and it's stored off chain. But then there's a data integration process where we combine certain attributes and combine them in a reputation pool is what we call them because we have different categories and we put a score on that pool. So the score is a little bit like a black box. You don't know what's in there. If you wanna know what's in there, you need to get access to that and ask the user, this is where SSI comes into play, this is what we stay, what we save off chain.

But you do have an idea already of the reputation of the user by just looking at the on chain score, which is put on the reputation pool. And then there are different kinds of use cases depending on the reputation pool that's being used here. So you can basically, for example, build a credit reputation score for defi lending and boring platforms. So defi banks basically where you can assess quickly the credibility of a user by looking at the score and get deeper insights by querying for the data feed data that's behind the score. And for this, we're using SPTs and VCs in a combination.

So long story short, there's one main thing that made me actually built on chain as well, because you, you've seen this before, web two and web three, and there's gonna be web four one day. And I'm kind of also bored by this analogy by now because everyone's talking about web two and web three and whatever. So I don't need to go in the details. What's the difference here? But my main point is actually that if you, if you look around, there's a lot of adoption happening, a lot of growth happening.

So I look at developer activity on blockchains, it's increasing since many years and by by double digit numbers. I look at how governance, how governments are looking at blockchain technology, they're adopting it, it's becoming a partisan issue in certain, certain countries for elections. And major banks are tipping their tolles also in the waters of blockchain. So why do I tell you this? I think we should start thinking to make the identity frameworks that we're building also ready for web three and for blockchain based applications and not built for the old internet.

So this is why I, I emphasize the point that we should find a way to combine both and put identity frameworks also on blockchain wallets, because in my opinion, it's inevitable that we will use more web three technology in the next years just by looking at the adoption rate and the KPIs that we see. So yeah, from my side, if you want to build your reputation, you can, you can try it already out or at least enter the early access for, for us if you search for our name.

And at the end of the day, I'm also on, on a personal mission to build a community of interested digital identity professionals that want to discuss topics like this on Telegram. So I'm happy to invite you to this exclusive group. We are now 400, almost 400 people that are in that group discussing topics like this. And if you have an opinion on what I was talking about today, obviously you can talk to me, but you can also enter in the telegram chat and just discuss with us about those topics. And this is all from my side.

Thank you for your attention today, and I wish you a good day and end of the conference. Thank you. Thank you, Simon. Thank you. It was actually very insightful. Thanks a lot. We have actually a question from the audience. Sure. For you. So the question is if the data feed is private or off chain in the first place, but the detail view then brings the data to an on chain object, how is privacy insured for the user?

Yeah, so may, maybe if I understand the question wrong, maybe the, the thing I was saying was not clear enough. So the, the data is off chain and not public, so you need to query for it. You cannot, as an verifier, you cannot just tap into the user stater that's behind the aggregated score. And the score, like I said, it's more like a, it's more like a black box. You can get a feeling for how is the credibility of a person by looking at the score.

But if you want to see how's the lending and boring activity on certain platforms, how is the banking activity in the stratify world from that person? This is the granular data that you need to query for on the backend. And the user have to give you consent and also can revoke consent like in all SSI frameworks that's being used today. Perfect.

And well, another question. What are the potential consequences of a negative reputation for a blockchain wallet, for example, right? And how can we address this, this challenge? How can we overcome it?

Yeah, That that's, I get the question every day, what best, but the thing is, in my opinion, we can build something that empowers people to use a positive reputation to get gated access to certain applications. For example, to get better terms for a loan. It's about empowering people to use a positive reputation. It's not about showing that someone did bad behavior. We have other systems that do that. So if you don't have a good reputation, you just won't build a score with a solution that we are building, you won't use it. But if you, if you have a good one, you cannot show it today.

In today's architectures, you can use our system and you can show that you did some good things in the past to get better access to certain applications. Great. Thank you so much. It was very insightful and thanks for your presentation. Sure. Thank you. Thanks a lot. Thank you.