Introduction:
As the creator of AesirX, I propose a revolutionary approach for Concordium, leveraging national eIDs to create and recover decentralized identity credentials. This method promises unparalleled cost efficiency, security, and user experience, positioning Concordium as a leader in the blockchain space.

Background:
Concordium, a Layer 1 blockchain specializing in ID, zero-knowledge proofs (zKP), and decentralized identifiers (DID), faces a significant challenge: the cumbersome process of ID and wallet creation, which causes 97% of potential users to abandon the process. National eIDs, which comply with the EU’s eIDAS2 standard and are being adopted globally, present an ideal solution. They offer a reliable, cost-effective, and secure method for identity verification.

Proposal Outline:

eID Integration Module:

• Develop and integrate an eID module within Concordium nodes.
• Direct integration with national eIDs, eliminating centralized actors and middlemen.
• Fully automated ID creation and recovery based on national eIDs.

Cost Efficiency:

• eIDs are significantly cheaper per ID (10-20 times).
• Development costs for each eID integration are minimal and quickly recouped through cost savings.

Security and Uniqueness:

• eIDs ensure high-quality, reliable identity verification.
• Integrate a decentralized node-based model to guarantee uniqueness and prevent Sybil attacks.

SeedPhrase Abstraction:

• Abstract seedPhrase to accommodate new methods dynamically without altering existing structures.
• Enhance the user experience by simplifying the ID and wallet creation process.

User Experience and Adoption:

• Provide a seamless, one-click blockchain-based foundation for users signing up for any Concordium project.
• Enable reuse of the decentralized eID across all projects within the ecosystem.
• Facilitate seamless Know Your Customer (KYC) processes as a trustworthy base.

Strategic Advantages:

• Establish Concordium as the first blockchain with a fully decentralized eID model.
• Lead the market by resolving the user experience problem and improving adoption rates.
• Position Concordium as a pioneer in decentralized identity solutions.

Implementation Plan:

Research and Development:

• Conduct thorough research on integrating national eIDs with Concordium.
• Develop the eID integration module and test with pilot national eIDs.

Integration and Testing:

• Integrate the module into Concordium nodes.
• Perform extensive testing to ensure security, reliability, and seamless user experience.

Deployment:

• Roll out the decentralized eID model across the Concordium network.
• Monitor and optimize performance based on user feedback and usage data.

Community and Ecosystem Engagement:

• Engage with the Concordium community and ecosystem projects to promote and use the new model.
• Provide support and resources for projects to integrate with the decentralized eID system.

Impact on User Onboarding and the Ecosystem

User Onboarding:

Simplified Process:

• Reduction in Abandonment Rates: The integration of eIDs into Concordium’s onboarding process will significantly reduce the 97% abandonment rate currently observed. By leveraging a familiar and streamlined method, users can quickly and easily create IDs and wallets without the complexities associated with seed phrases and traditional blockchain onboarding.
• One-Click Setup: The seamless, one-click process for creating blockchain-based foundations and wallets will enhance the user experience, making it more accessible to non-technical users and Web2 users transitioning to Web3, from any device.

Enhanced Security and Trust:

• Reliable Verification: National eIDs provide a high level of trust and reliability in identity verification, ensuring that users’ identities are securely verified without additional steps.
• Preventing Fraud: By ensuring the uniqueness of each ID and preventing Sybil attacks, users can have greater confidence in the security and integrity of the platform.

Broader Adoption:

• Increased Engagement: A smoother onboarding process will likely lead to increased user engagement and higher retention rates, as the initial barriers to entry are minimized.
• Cross-Project Reusability: The ability to reuse a decentralized eID across multiple projects within the Concordium ecosystem will encourage users to explore and engage with various offerings, fostering a more interconnected community.

Impact on the Ecosystem:

Unified Identity Management:

• Ecosystem Integration: A unified eID system across the Concordium ecosystem will streamline identity management, making it easier for projects to onboard users and manage identities.
• Interoperability: Seamless interoperability of eIDs across different projects will facilitate collaboration and integration, enhancing the overall ecosystem’s functionality and user experience.

Cost Efficiency:

• Development Savings: The low cost of developing and integrating eIDs will lead to significant savings, allowing resources to be allocated to other innovative developments and improvements within the ecosystem.
• Operational Efficiency: Reduced need for centralized identity verification processes and intermediaries will lower operational costs and complexity for ecosystem projects.

Market Leadership:

• Competitive Advantage: By being the first blockchain to implement a fully decentralized eID model, Concordium will gain a competitive advantage, attracting more users and projects to its platform.
• Innovation Leader: This innovative approach will position Concordium as a leader in decentralized identity solutions, setting a benchmark for other blockchains to follow.

Regulatory Compliance:

• Alignment with Standards: The use of national eIDs, particularly those compliant with eIDAS2 and other global standards, will ensure that Concordium’s identity management practices align with regulatory requirements, enhancing its credibility and appeal to enterprise users and regulators.
• Facilitating KYC: The integration of eIDs will also pave the way for seamless Know Your Customer (KYC) processes, making it easier for projects to comply with regulatory requirements while providing a smooth user experience.

Unite for Innovation: Pioneering the Future of Decentralized Identity

The proposed decentralized eID credential creation and recovery method will have a transformative impact on user onboarding and the Concordium ecosystem.

By simplifying the onboarding process, enhancing security, and fostering a more integrated and cost-efficient ecosystem, Concordium will be well-positioned to lead the market in decentralized identity solutions, driving broader adoption and innovation.

This presents a unique opportunity to address cost, security, and user experience challenges, ensuring widespread adoption and a unified ecosystem.

To ensure the successful implementation and adoption of this decentralized ID credential creation and recovery method, it is crucial to emphasize the following aspects:

Clear Communication:
Maintain transparent and consistent communication with the Concordium community and ecosystem. Regular updates on the progress of the eID integration module, as well as clear explanations of its benefits and functionalities, will build trust and foster engagement.

Alignment of Timeline and Roadmap:
Develop and share a detailed timeline and roadmap for the project. This should include key milestones, expected completion dates, and any dependencies. Aligning the timeline with the broader Concordium roadmap will ensure coherence and facilitate smoother integration.

Inclusion of Ecosystem and Community Feedback:
Actively seek and incorporate feedback from the Concordium ecosystem and community. This can be achieved through surveys, forums, and direct engagement with stakeholders. By including the perspectives and insights of users and developers, the implementation can be refined and optimized to meet the community’s needs and expectations.

By prioritizing these elements, we can enhance the project’s transparency, ensure strategic alignment, and foster a collaborative environment that supports the successful deployment and adoption of the decentralized eID model within the Concordium ecosystem.

The proposal offers a comprehensive strategy to leverage national eIDs for decentralized ID credential creation and recovery, providing significant benefits in cost, security, user experience, and market positioning. By implementing this proposal, Concordium can lead the market in decentralized identity solutions, driving broader adoption and fostering innovation within the ecosystem.

I look forward to collaborating with the Concordium tech team and ecosystem to realize this vision and propel Concordium to the forefront of decentralized identity solutions. By working together, we can create a unified, innovative ecosystem that sets Concordium apart in the blockchain market.

I have not included privacy and compliance aspects related to data model but our focus is solely on the use of zKP for indirect compliant proofs, which needs to be factored in to the eID model, but for now i have focused on the core of the proposal and its impact for Concordium and the ecosystem and a process for moving forward; together.

Ronni
Creator, AesirX.io

Thank you @VikingTechGuy. Are you proposing becoming an IdP specialized in eIDs or this service is different than that? - abstracting seed phrase - for users signing up for any Concordium project. these gave me confusion a little.

I will deep dive into the proposal later this week after discussing it with the team and will be back with more feedback and questions.

Cross-posting answer from telegram ecosystem channel:

The basic concept is to create a new module in the Concordium Node.

This module contains the integrations to the eID providers (that are selected in each supported country added) so that when the Creation or Recovery of the ID Credentials and subsequent Wallet

Each integration can be done relatively quick as a lot of them also using similar methods today and it leads to eIDAS2.

The cost for creating the ID Credentials on Concordium is much cheaper than the current model and the node module would be able to handle the interaction on a decentralized level to the national eID selected providers; should a supplier be replaced the process in the country defines how to migrate etc. also as part of the process of selecting the national eID providers.

This means there are no actual centralized data provider in place; only the nationally selected eID provider and the Nodes handle the rest keeping it decentralized.

To legally resolve an ID back to court case etc. the nationally selected eID provider already has all processes defined that are legal in each country; so we can drop support for some of the old logics here.

But since it all is based on abstraction of seedPhrase in combination with a new type of IdentityProvider it can be done without any backwards compatibility issues.

To clarify, this service does not make Concordium an IdP itself but rather integrates existing national eID providers into the decentralized framework of the Concordium Node. This ensures legal compliance, cost efficiency, and a seamless user experience.

I look forward to discussing this further and incorporating any feedback from the team.

PS: As the model is 10-20 x cheaper than the current there is amble opportunity to also reward the nodes for being the decentralized integration party - and if we add in a bit of Geo logics it could be done per country for maximum compliance.

I don’t really understand how or why this would be integrated into the Concordium Node itself.

In the Concordium ecosystem, identity providers are responsible for authenticating a user’s identity. The identity providers can (and do, in the case of DTS) use eID for this purpose. Once a user has had their identity authenticated, they have an identity object that they can use to prove that their identity is authentic (e.g. for creating accounts).

The identity creation process is (somewhat) decentralized already. Firstly, we have multiple identity providers and are adding more. Secondly, the identity disclosure process (which can be used to determine the identity behind an account and determine which accounts are associated with an identity, if legally compelled) requires the cooperation of multiple identity disclosure authorities and the originating identity provider.

An important part of the model is that your identity data is not directly processed by Concordium nodes. When you create an account, there is an encrypted reference to your identity on the chain. This reference can be decrypted by the identity disclosure authorities working together, and then the identity provider can link this reference to the actual identity.

Perhaps what you are proposing is a model where the middlemen (the identity providers and identity disclosure authorities) are not needed? There, the national eID providers would take on those roles. I am not sure that this is practically viable, because the eID providers would need to be able to produce suitable cryptographic certificates. I also don’t really see from a user perspective that this would be any better than using an identity provider that then uses eID to authenticate you.

However, if you rather mean that the identity provider aspect is handled by the node, that seems problematic for other reasons. Would all validator nodes then have to authenticate you with the eID provider when you create an account? How would that work? Would the nodes then be privy to identifying user data? If this requires nodes to actively interact with eID providers, then this could create unacceptable delays if each node has to independently verify each ID with the eID provider.

Thank you for your detailed questions and insights, @td202 I appreciate the opportunity to clarify the proposal further.

Integration Approach

New Module in Concordium Node:
The proposed new module in the Concordium Node is designed to integrate with national eID providers. This module does not aim to replace current identity providers but to work alongside them, leveraging national eIDs for ID credential creation and recovery.

Role of Identity Providers and Disclosure Authorities:
The current role of identity providers and identity disclosure authorities will remain intact. National eID providers will not replace these roles but will act as a source of verified identity information that identity providers can use.

Decentralization and Security

Direct Node Interaction with eID Providers:
Nodes will interact directly with eID providers, eliminating the need for middlemen. This ensures that the identity verification process remains decentralized and secure. The eID integration can be developed by any party within the ecosystem, which will handle the financial obligations to the eID provider.

Financial Model:
Funds from the 10% transaction cost on Concordium will cover the ID credential creation process and provide rewards for nodes handling the decentralized execution. This approach ensures financial sustainability and incentivizes node participation.

Practical Implementation

Integration with eID Providers:
Identity providers in the Concordium ecosystem can use the new module to integrate with eID providers. This allows authentication of user identities using eIDs without changing the fundamental identity verification process.

Initiation by the Concordium Foundation:
The Concordium Foundation could initiate the development and integration of eID suppliers in several European countries to start the process. This could establish initial integrations with 10 eID providers, setting a standard and providing a robust starting point.

Community-Driven Integration:
Any party within the Concordium ecosystem could develop integrations with eID providers, as long as they adhere to established standards. This approach, similar to developing a payment plugin for WooCommerce, allows flexibility and encourages community contributions to expand the eID integration network.

Addressing Specific Concerns:

Practical Feasibility:
We will need to plan in detail as the module takes its final shape in the process. This will involve defining specific technical requirements and workflows.

Scalability and Performance:
As the execution is decentralized, the system can scale with Concordium. This ensures that the integration can handle increased load as more eID providers are added and the user base grows.

Transition Plan:
There is no need for a transition plan, as the proposal adds a new IdentityType and abstracts the seedPhrase, leaving no backward compatibility issues. All existing identity providers will continue to function without disruption.

Stakeholder Involvement:
Due to the decentralized nature, any party can submit an eID type integration module. There would be a need for an approval process from the foundation or through voting mechanisms. Given the new standard module for integration, there are minimal dependencies on stakeholders.

Node Interaction with eID Providers:
Nodes will directly authenticate users with eID providers, ensuring no middlemen are involved. This direct interaction maintains decentralization and security.

Financial Sustainability and Rewards:
The financial model ensures that part of the transaction costs on Concordium covers the ID credential creation process and rewards nodes for their decentralized execution role. This guarantees financial sustainability.

Efficiency and Compliance:
The proposed model ensures compliance with eIDAS2 and similar standards, enhancing trust and reliability. By integrating eID providers through a decentralized module, we streamline the process and reduce costs while maintaining high security.

Summary

The proposal aims to enhance Concordium’s identity verification process by integrating national eID providers through a new module in the Concordium Node. This module supports the current decentralized model, working alongside identity providers and identity disclosure authorities to improve efficiency, security, and cost-effectiveness without compromising user privacy or decentralization principles.

The Concordium Foundation could initiate the development of initial integrations with eID providers, or select a supplier for the task, and community-driven efforts can further expand this network, ensuring flexibility and scalability within the ecosystem. The financial model ensures sustainability and incentivizes nodes, making the integration process smooth and efficient.

I hope this clarifies the proposal and addresses your concerns. I look forward to further discussions and feedback from the team and I will post more details on the specific module concept.

Technical Details: Overview of Node Authentication with eID Providers

To ensure clarity and provide a comprehensive understanding of how nodes will authenticate users with eID providers, here is a brief overview of the technical approach as i see the concept:

1. Integration Module:

• The new module in the Concordium Node will contain the necessary integrations with selected national eID providers. This module will handle the communication and verification processes required for user authentication.

2. Direct Node Interaction:

• Nodes will directly interact with eID providers through the integration module. This interaction involves the following steps:

1. • User Request: When a user initiates the process of ID credential creation or recovery, the node receives the request.
2. • eID Verification Request: The node sends a verification request to the corresponding eID provider based on the user’s nationality and the eID provider’s integration.
3. • Verification Process: The eID provider processes the request, verifies the user’s identity using their existing eID system, and generates a verification response.
4. • Response Handling: The node receives the verification response, which includes a cryptographic proof of the user’s identity. This proof is used to create or recover the user’s ID credentials on the Concordium blockchain.

3. Cryptographic Proof and Security:

• The interaction between the node and the eID provider is secured using Concordium’s built-in cryptographic protocols. This ensures that the user’s identity data is not exposed during the verification process.
• The cryptographic proof provided by the eID provider is used to generate a Concordium identity object, which is then stored on the blockchain as an encrypted reference. This reference can only be decrypted and verified by authorized parties, ensuring that the identity data is secure and accessible only when necessary.

4. Decentralized Execution:

• The process is decentralized, meaning that multiple nodes can handle authentication requests independently. This enhances the scalability and robustness of the system.
• Each node follows a standardized protocol for interacting with eID providers, ensuring consistency and reliability across the network.

5. Financial Handling:

• The integration module will also handle financial transactions related to eID verification. Funds from the 10% transaction cost on Concordium will be allocated to cover the eID provider’s fees and reward the nodes for their role in the decentralized execution.
• This financial model ensures that the system remains sustainable and incentivizes nodes to participate actively in the authentication process.

6. Compliance and Standards:

• The integration module will comply with eIDAS2 and other relevant standards, ensuring that the verification process is legally sound and widely accepted.
• By adhering to these standards, Concordium can offer a reliable and compliant identity verification service that enhances trust and security.

7. Seeking Input from Concordium Tech & Science Teams:

• To ensure the technical approach is robust and aligned with Concordium’s architecture, I hope to collaborate with the Concordium tech & science teams for detailed low-level modeling of the node interactions and integration specifics as well as interested parties from the ecosystem. Their expertise will be invaluable in refining the process and ensuring seamless implementation.

Summary

The technical approach for node authentication with eID providers involves a new integration module within the Concordium Node, enabling direct interaction between nodes and eID providers. This decentralized, secure, and compliant process ensures efficient user authentication, leveraging national eID systems to create or recover ID credentials on the Concordium blockchain. The financial model supports sustainability and incentivizes node participation, making the system robust and scalable. Collaboration with the Concordium tech & science teams will be crucial for detailing the low-level implementation and ensuring seamless integration.

I still don’t see why this should be part of the Concordium blockchain node itself, rather than a separate service (like existing identity providers).

Nodes will directly interact with eID providers through the integration module. This interaction involves the following steps:

1. User Request: When a user initiates the process of ID credential creation or recovery, the node receives the request.
2. eID Verification Request: The node sends a verification request to the corresponding eID provider based on the user’s nationality and the eID provider’s integration.
3. Verification Process: The eID provider processes the request, verifies the user’s identity using their existing eID system, and generates a verification response.
4. Response Handling: The node receives the verification response, which includes a cryptographic proof of the user’s identity. This proof is used to create or recover the user’s ID credentials on the Concordium blockchain.

Which node is the user interacting with? Their own node? Some anonymous node? A node that they trust? It seems that they are at least disclosing some personal information to the node so that it can determine the national eID provider to use.

Why does the node have to be involved here at all? Why can’t the user directly submit the request to the eID provider and use the response to create or recover their ID credentials? (Note: this is essentially how the existing interaction between users and identity providers work. In the end, the identity provider may use an eID provider to authenticate the user.) After all, in general the data held by nodes is entirely public so there doesn’t seem to be any special privilege or capability of a node that is required for this purpose. If any on-chain data is required as part of the process, it can be queried from nodes, rather than having a node be an active participant in the process. (It’s also not clear to me what, if any, data is expected to be stored on the chain under this proposal.)

The interaction between the node and the eID provider is secured using Concordium’s built-in cryptographic protocols. This ensures that the user’s identity data is not exposed during the verification process.

From this I understand that the node is not supposed to learn the user’s identity data (I guess beyond which identity provider is used). But how do you expect to get eID providers to implement Concordium’s cryptographic protocols? This is part of the reason we have separate identity providers as middlemen that use eID providers (or other means) to authenticate users, and then implement the cryptographic protocol.

@td202 using the Concordium node to host the integration module to the national eID provider (which has a public access point) means that the execution is decentralized without a centralized provider.

If you don’t like that aspect you can also add in a new IdentityProviderType and ask someone like https://www.zignsec.com/ they can add in 10 x eID in EU already + KYC in a tier on top.

Then you can add in a eID specialized provider that can do it; but it will be a centralized provider.

eID and the eIDAS2 standard means the technical integration can be done from the Concordium node in terms of execution; it does not mean any data would be exposed; it would all be automated if designed right and based on privacy by design.

But we need to resolve the problem of onboarding users instead of Chaperone Accounts and a AirDrop Framework to prevent fraud; we need actual solutions that come easily with utilizing eID.

As long as we do not break the problem of the seedphrase we will never reach mass market.

@td202 Think a WooCommerce Payment Plugin or Shipping Plugin in terms of the developer experience - it should be possible for anyone to submit a new eID or other type of IdentityProvider and get voted in; the abstraction is to ensure that in the future we can adopt.

The decentralized eID model proposed for Concordium helps prevent Sybil attacks in several ways:

1. Reliable Identity Verification: National eIDs provide high-quality, reliable identity verification, ensuring that each user’s identity is thoroughly authenticated. This makes it much more difficult for attackers to create multiple fake identities.

2. Uniqueness Guarantee: The proposal emphasizes integrating a “decentralized node-based model to guarantee uniqueness and prevent Sybil attacks”. This suggests that the system is designed to ensure each national eID can only be associated with one Concordium identity.

3. Direct Integration with Official eID Providers: By integrating directly with national eID providers, the system leverages official, government-backed identity verification processes. These are typically more robust and harder to fool than traditional online identity verification methods.

4. Decentralized Execution: The authentication process is handled by multiple nodes independently, making it more difficult for an attacker to compromise the system. Each node interacts directly with eID providers, maintaining a decentralized approach to identity verification.

5. Compliance with Standards: The system adheres to standards like eIDAS2, which include measures to prevent identity fraud and ensure the uniqueness of digital identities across participating countries.

6. Abstraction of Seed Phrases: By abstracting seed phrases and implementing a new type of identity provider, the system can potentially implement additional security measures to prevent the creation of multiple identities by a single entity.

By combining these features, the proposed decentralized eID model creates multiple layers of protection against Sybil attacks, making it extremely difficult for malicious actors to create and control multiple fake identities on the Concordium blockchain.