From 0941a3f4a50249dc08cadaa0bd4e45e06110071d Mon Sep 17 00:00:00 2001 From: Weiwu Zhang Date: Thu, 21 Sep 2023 23:33:29 +0200 Subject: [PATCH] rewrite attestation definition and use-cases to bring it up to be relevant in 2023. --- src/concept/Attestation.md | 62 +++++++++++--------------- src/concept/AttestationApplications.md | 23 ++++++++++ src/usecase/Attestation.md | 18 -------- 3 files changed, 49 insertions(+), 54 deletions(-) create mode 100644 src/concept/AttestationApplications.md delete mode 100644 src/usecase/Attestation.md diff --git a/src/concept/Attestation.md b/src/concept/Attestation.md index e2b94800..069fe8d3 100644 --- a/src/concept/Attestation.md +++ b/src/concept/Attestation.md @@ -1,36 +1,26 @@ -# Attestation - -An attestation is a cryptographically attested message, by an attestor stating someone have something. - -It's a few lines long and often is delivered through a [MagicLink](MagicLink.md). - -Note that an attestation is produced by a trusted attestor. It is not a trustless technology. See [Attestation vs Proof](../faq/attestation_vs_authorisation_vs_proof.md). - -There are two types of attestations: token issued as attestations (token attestation for short), and identifier attestations. - -## Token Attestation - -Token attestations are tokens issued by sending the recipient an attestation. The recipient, by using the attestation, is able to interact with smart contracts as if he has a token in a token contract. - -An example of such token is the DevCon 2022 ticket. - -The advantage over minting tokens in a smart contract: a token is never minted, and can be used as if it is minted. However, it is not transferable in that form, instead, when transferring, a token contract has to burn the attestation and allocate it to the new recipient, and the new recipient will hold the token as a normal smart contract token (not attestation token). - -Tokens that can be issued as attestation are non-fungible. - -## Identifier Attestation - -Identifier attestations are issued by attestors who verifies an Ethereum key holder also owns an identifier. A typical identifier is a web2 identifier such as - -- Email address -- Twitter handle -- Facebook ID -- Github handle - -Use-cases of Identifier Attestations are: - -- To be used as a dependency for other tokens. For example, when DevCon 2022 ticket is issued, they are issued on user's identifier (email address). To use the DevCon ticket, a user has to acquire an email address attestation. -- To be used to attest a transaction as from an identified user. For example, in AutographNFT, a person who add an autograph on an NFT must provide a twitter ID attestation, therefore attesting the autograph is from the owner of that ID. - -More use-cases can be found in [Attestation Usecases](../usecase/Attestation.md) - +# Attestation Appliations + +An attestation is a cryptographic message or proof that asserts certain facts about a specific object. + +While traditionally produced by a trusted attestor and often signed, some attestations may use zero-knowledge proofs to establish trust without revealing specific details. + +When it is presented to the user, it is encoded in a [Magic Link](MagicLink.md). + +In TokenScript, various types of attestations exist, and the list is expandable. These attestations are not inherently trustless; they usually come from a trusted source or mechanism. See [Attestation vs Proof](../faq/attestation_vs_authorisation_vs_proof.md). It has many [Applications](AttestationApplications.md) + +## Attribute Attestation + +This type of attestation asserts specific attributes about a token. For instance, an airline might issue an attribute attestation to update the arrival time for all passengers on a delayed flight. Smart Tokens representing airline tickets for that flight can then use this attestation when interacting with other systems or smart contracts. + +## Authorisation Attestation + +Authorization attestations are similar to attribute attestations but are designed to grant permissions or access rights. These attestations often come with time limits, intended recipients, and anti-replay attack mechanisms. For example, in the event of a flight delay, an airline could issue an authorization attestation allowing affected passengers to access the lounge. + +## Attestation Token + +An Attestation Token is a specific type of attestation that attests to a user's ownership of a token. Token issuers typically issue these attestations to users identified by their public keys or Ethereum addresses. These attestations enable users to interact with smart contracts as if they possess tokens in a token contract, allowing for off-chain token issuance. + +## Identifier Attestation + +Identifier attestations are issued by trusted attestors who verify that an Ethereum key holder also owns a specific web2 identifier, such as an email address or Twitter handle. These attestations can serve as dependencies for other tokens or to authenticate transactions from identified users. For example, when DevCon 2022 ticket is issued, they are issued on user's identifier (email address). To use the DevCon ticket, a user has to acquire an email identifier attestation. + diff --git a/src/concept/AttestationApplications.md b/src/concept/AttestationApplications.md new file mode 100644 index 00000000..1b4d9ffd --- /dev/null +++ b/src/concept/AttestationApplications.md @@ -0,0 +1,23 @@ +# Attestation Use-Cases + +Attestations, when standardized, offer a powerful way to integrate identity and various claims into web processes. They can simplify and secure activities ranging from financial transactions to identity verification. Below are some categories of use-cases that demonstrate the versatility of attestations. + +## Authorization Attestations + +1. **Investor Verification for ICOs and STOs**: A smart contract could require participants to provide an attestation confirming their status as accredited investors. This attestation could be issued by a qualified entity and reused for both Initial Coin Offerings (ICOs) and Security Token Offers (STOs). +2. **Account Authorization**: An account owner can create an authorization attestation for another person to withdraw a limited amount of money on their behalf. This allows for scenarios like exchanges withdrawing customer funds under special conditions such as liquidation, or employees making purchases under employer instructions. + +## Attribute Attestations + +1. **Car Tokens and Insurance**: Owning a car token could trigger an option to start an insurance process, resulting in an insurance attestation linked to the car token. This attestation could then enable the car to be lent on a car-sharing platform. +2. **Transaction conditions**: Smart contracts can conditionally release payments based on attestations confirming the completion of specific tasks, like a car painting job, or the satisfaction of payment conditions, such as death certificate in the case of an inheritance transaction. + +## Identifier Attestations + +1. **Token Holder**: For instance, DevCon 2022 tickets could be issued based on a user's email identifier attestation. Using identifier attestation allows tokens to be issued before user acquire a wallet address. +2. **Token Transfer via Email**: Using an email identifier attestation, tokens can be sent via email and later redeemed by the attestation holder. +3. **Dependency for Other Attestations**: Attestations can be chained to provide a dependency structure. Identifier attestation can be at the bottom of the chain, being the last one linked to wallet addresses. + +## NFT Attestations + +1. **Off-Chain NFT Creation**: Attestations can be used to verify the ownership of non-fungible tokens created off-chain, without the need for on-chain minting. This allows for more flexibility, such as spawning an NFT token for an art piece only when it is sold, and less gas spending. diff --git a/src/usecase/Attestation.md b/src/usecase/Attestation.md deleted file mode 100644 index 579d5ce3..00000000 --- a/src/usecase/Attestation.md +++ /dev/null @@ -1,18 +0,0 @@ -# Attestation Usecases - -A standardized attestation format has an enormous potential to smoothly integrate identity and other claims into the web and to streamline a wide range of processes, like signing up for an exchange, registering a bank account, verifying as an accredited investor for an Security Token Offer or renting a car. - -For example, you could create a smart contract for an ICO which requires that participants provide an attestation to be an accredited investor. This can be issued from a qualified attestor who can attest to the investor's capability. A wallet can use the attestation for any ICO in the future. - -Another example would be a car token. When you have the token in your wallet, you can have the option to start an insurance process which will create an insurance attestation connected to the car token. When the wallet has the attestation, TokenScript can unlock the option to take lend the car on a car sharing platform. - -There can also be attestations for a real life fact. For example, a smart contract may allow a blockchain payment to be redeemed on the condition that a specific job is attested as well done. Such a job can be, for example, a car painting job, identified by the job id in the corresponding Smart Contract. - -An identifier attestation can also be connected to an Ethereum entity like the holder of a key pair. This allows tokens use-cases such as - -- To be used as holders for other tokens. For example, when DevCon 2022 ticket is issued, they are issued on user's identifier (email address). To use the DevCon ticket, a user has to acquire an email address attestation. -- To be used in a Cheque - sending tokens by email address, and later the user who has an email address identifier attestation can redeem it. The underlying smart contract will check the validity of such attestations. [Cheque protocol](../concept/Cheque.dita) makes heavy use of attestations in such a way. - -- To provide dependency for other attestations. Since [Attestation can be chained](../AttestationChained.dita). - -TokenScript supports the integration of attestation processes, triggered by an action card directly in the wallet. You can integrate an attestation circuit into the life cycle of a token.