1.1 Requirements & Regulatory Analysis Identify requirements for a DDI hub capable of integrating multiple existing decentralised digital identity (DDI) solutions (e.g., Gitcoin Passport, Privado, Open Passport, Identus). Assess privacy requirements for the DDI hub and explore how existing DDI systems are handling these requirements. Define methods to ensure that identities are tied to unique, verifiable individuals, preventing duplicate registrations. Analyse credential storage options (in-wallet, on-chain, Zero Knowledge Proofs (ZKP), verifiable credentials, etc.). Review relevant standards, such as W3C DID Core, OpenID4VC, EUDI Architecture Reference Framework. 1.2 Market & Competitor Assessment Catalogue and evaluate existing DDI solutions, noting unique aspects that impact integration. Compare solution pros/cons and highlight best practices from each. 1.3 Initial Threat Modelling & User Feedback Enumerate potential attack vectors (Sybil, collusion, key compromise) and propose initial mitigations. Gather early user feedback (through short surveys or usability sessions) to ensure the solution’s voting flow is approachable.

A requirements report with a comparison matrix detailing functional/technical needs, solution pros/cons, and recommended identity uniqueness methods. A matrix for each evaluated DDI solution. Documented interview summaries with SingularityNET teams and 1–2 external DDI providers. === Research Methodology Literature & Standards Review: Systematic study of existing DDI standards, academic publications, and public documentation of active DDI solutions. Stakeholder Interviews & Feedback Sessions: Conduct structured interviews with SingularityNET teams (Reputation Platform, Voting Portal leads) and external identity providers for integration requirements and best practices. Prototyping & Feasibility Testing: Develop wireframes to validate sub-ID generation and WaLT integration. Threat Modelling & Risk Analysis: Evaluate potential risks and propose solutions to address vulnerabilities in identity binding and key storage. User Feedback (Early): Collect insights on usability for voting flows.

$20,000 USD

Approval of the requirements document and landscape report by key stakeholders.

2.1 Data Intake & Integration Specifications Define integration protocols and data-sharing guidelines for external ecosystem components (e.g., Reputation System). Outline APIs/endpoints for identity verification, metadata access, and sub-ID creation triggers. Ensure secure access control measures so that only authorised components can query identity data. 2.2 Data Model & Storage Architecture Develop detailed specifications for data formats and lifecycle management (storage, processing, deletion, identity revocation). Establish mechanisms anonymisation/pseudonymisation. Investigate privacy-preserving approaches (e.g., ZKP-based or off-chain computations) to protect personal information whilst being compliant. 2.3 Data Output & Interoperability Protocols Ensure compatibility with W3C Verifiable Credentials (or equivalent) to capture attributes. Investigate sub-identity (sub-ID) generation feasibility for privacy preservation, particularly for voting use cases. Provide a formal API specification (OpenAPI doc or equivalent) with key endpoints for ID queries, sub-ID creation, and reputation retrieval. Confirm interoperability with existing identity systems in a standardised format. 2.4 Governance & Credential Lifecycle Strategy Recommend processes for credential revocation (e.g., when compromised or when a user opts out). Define lifecycle events: how and when credentials expire or require re-verification. Establish guidelines for governance to keep the system flexible yet secure

A set of integration guidelines and protocol documents detailing data sharing, lifecycle management, and privacy-preserving measures. High-level interface specification with defined use cases (ID queries, sub-ID creation, reputation retrieval). Governance recommendations for credential revocation, lifecycle updates, and compliance alignment.

$35,000 USD

Formal sign-off on the protocols from integration partners and relevant compliance teams.

(simplied due to char limit) Vendor Assessment & Tech Spec - Evaluate DDI/KYC vendors (SaaS vs. on-premise ZKP) against EU Digital Identity Wallet requirements. - Produce a technical specification covering integration points, data flows, and compliance. WaLT & ID Mapping Enhancement - Expand WaLT as the core user ID repository to aggregate wallet addresses and identity attributes. - Investigate integrating verified identity data from multiple DDI sources (e.g., Gitcoin Passport, Privado, Open Passport, Identus) for a unified ID. - Coordinate with the Reputation Service to minimise data collisions, map microservice outputs to a unique UID, and compute consolidated reputation scores. - Establish a real-time feedback loop with the Reputation Platform team. Exploration of Advanced Features - Explore cryptographic solutions like Zero-Knowledge Proofs for sub-ID creation and event-specific identity generation, ensuring pseudonymity and unlinkability. - Consider emerging standards such as reputation-based DDI weighting, soulbound tokens, community recovery for lost credentials, and expanded user-managed privacy controls. Modular Architecture Blueprint - Develop a blueprint that supports easy integration of current and future DDI solutions, with configuration options for user-controlled data storage and modular identity components.

A technical white paper outlining advanced WaLT enhancements and ID mapping methodologies. Documented vendor assessment results with recommendations on KYC or identity providers. Documented plan for introducing advanced features without disrupting core functionalities. An architectural blueprint document that includes integration strategies for WaLT enhancements, data security, and future scalability.

$30,000 USD

Endorsement by technical leads that the proposed approaches meet integration and unique identity requirements. Alignment with future compliance frameworks (e.g., EUDI Wallet) for advanced ID usage. Approval of the modular blueprint by technical leads and alignment with the overall project vision.

4.1 Security Evaluation & Threat Mitigation Propose security measures to protect against vulnerabilities in the DDI hub (Sybil attacks, collusion, key compromise, etc.). Ensure resilience against double voting or multiple sub-IDs in high-stakes votes. Address how to handle private key compromises or lost/stolen credentials without compromising user privacy. 4.2 KYC & ZKP Solution Evaluation Evaluate potential KYC and ZKP solutions for suitability, including both SaaS and on-premise options. Collaborate with experts (e.g., cryptography specialists at SPRIN-D) to determine best practices around advanced ZKP capabilities. Investigate integration with existing decentralised identity/KYC frameworks and the EUDI Wallet. 4.3 Legal & Compliance Checklist Research legal and compliance best practices (GDPR, CCPA, MiCA, etc.) to ensure data protection and privacy standards. Summarise the product’s readiness for expansion into EU markets, especially regarding EUDI Wallet interoperability. Produce a security compliance checklist for all relevant regulations and frameworks.

A detailed evaluation report with recommendations for KYC/ZKP integration (SaaS vs. on-premise). Comprehensive security protocols covering Sybil protection, identity binding, sub-ID creation, and key management. A legal & compliance checklist outlining necessary steps for regulatory alignment. === 4.4 [Optional Additional Cost] External Security Review Propose engaging an external specialist to perform an independent security assessment. Potential Offerings: Comprehensive penetration testing and vulnerability scanning to uncover hidden risks. Detailed risk and compliance audits to validate the robustness of our security protocols. Recommendations for remediation strategies, ensuring our system aligns with industry best practices. An objective review of our cryptographic implementations (e.g., ZKP modules) and data protection measures. This external review can provide additional assurance to stakeholders, validate internal findings, and inform future security enhancements.

$20,000 USD

Validation of security and compliance strategies by internal risk management and legal teams. Clear, actionable roadmap to address any discovered compliance gaps.

5.1 Consolidation of Research & Protocols Compile all findings, integration protocols, and architectural documents into a final, cohesive report. Ensure clarity on identity integration, privacy/data protection, and compatibility with the SingularityNET ecosystem. 5.2 Preparation of Detailed RFPs Produce 2–3 RFP documents covering: Development of the DDI Hub (sub-IDs, wallet aggregator, user-facing logic). Integration and privacy-preserving data exchange with the Reputation Platform & Voting Portal (ZKP modules, etc.). Future expansions (soulbound tokens, external KYC modules, advanced compliance features). Clearly outline scope, deliverables, and technical requirements to guide potential implementers.

Final RFP documents and a comprehensive summary of research, methodologies, and the proposed roadmap. Clear next steps and timeline recommendations for moving into the development phase.

$15,000 USD

Approval of the RFP documents by the project review board. Readiness to proceed with development and vendor selection based on the final documentation.