DIF Member Spotlight: Otto Mora of Polygon ID

· 12 min read
DIF Member Spotlight: Otto Mora of Polygon ID

We recently interviewed Otto Mora, Business Development Lead in the Americas for PolygonID and discovered more about their platform and vision. The full interview can also be viewed on YouTube

LIMARI NAVARRETE: Thanks for joining us today Otto. Really glad to have you here today representing Polygon ID. Before we get further into the details of Polygon ID and what you guys are up to, I'd like to hear a little bit about yourself. Can you give our audience a little bit of an introduction of who you are and how you came to the decentralized identity space?

OTTO MORA: Yeah, Absolutely. I'm originally from San Jose, Costa Rica. My original exposure to decentralized identity, and I guess SSI was in early 2016 at a ConsenSys Conference in New York, where I remember Christopher Allen was first talking about identity 2020, and you know, bringing in the concept of SSI. It just became clear to me that solving identity on blockchain, specifically blockchain ecosystems was a hugely important thing that would really help out blockchain adoption.

So, I first became conscious of that back then.  It kind of stayed in the back of my mind and I followed various decentralized identity projects such as uPort.  I think I applied like seven times to work at uPort, but it didn't come through. I did eventually get into web3 full time around 2018.  I was working at EY leading a team of developers, and I kind of got engaged with the community in Costa Rica and I was a founding member of the Costa Rican Blockchain Association.

We did the first Ethereum Hackathon and all that kind of eventually led into getting into Polygon. That original knowledge around identity and some of the things we did at EY helped me get into PolygonID and leveraging ZK (zero-knowledge) technology for identity.

That's a little bit about my story and yeah, I really feel fortunate to be in this space and it's been super interesting.

LIMARI NAVARRETE: Yeah, great and I know I spoke to you a few weeks ago, and I asked you a little bit of the story of Polygon ID, but you didn't tell me the whole story. So I've been waiting for this moment to hear it, because it really is interesting, some of the background. Can you give us a little bit on that?

OTTO MORA: Yeah, absolutely.  You know, back then it was called Hermez Identity and it’s actually quite fascinating. All three founders, Jordi Baylina, Anthony Martin and David Schwartz are all from Barcelona, Catalonia Spain. As you know there's some tensions between the regions in Spain and the central government, and Catalonia is no exception. Catalonia back then was heavily into this independence referendum that they were trying to do, and tried to make it kind of a demonstrable referendum to convince people that there was a chance to be independent.

They started playing with the idea of an online referendum using blockchain technology. So that's when the identity project was born. How do we do identity on top of a blockchain system to be able to do this voting that they wanted to do? All of that kind of came to “You know what? The blockchain actually doesn't scale quite well, the transactions per second are not that great.” That led them to founding another initiative, in addition to the Iden3 initiative which was called Hermez.

Both initiatives kind of matured over time, and eventually Polygon was looking to acquire companies. Polygon actually got started a little bit earlier than them. They got started around 2017 or so and they had been looking at scaling blockchains, they had looked at the original proof of stake blockchain. They were now looking for the next iteration of that. What's the next scaling solution that they can bring to the market? Then they kind of stumbled upon the Hermes project at a conference in Paris. Eventually they agreed to acquire Hermez and bring them into Polygon.

Then both of those things came together. So both the Hermez project, which is like the zkEVM scaling project that was there, as well as the Iden3 project, which is also kind of an a project that Polygon decided to just embrace and then build Polygon ID using all of the Iden3 technology that was really developed by Jordi and the team in Catalonia.

LIMARI NAVARRETE: That's so fascinating. That's why I really love hearing the stories of these various companies because a lot of times it's not a linear path. There was a problem they were trying to solve, and it led into a new enterprise. So that's really fascinating. One thing that I'm curious to hear, if I were someone coming to Polygon ID and I wanted to use your services, what would be my journey into the Polygon ID ecosystem?

[Link to video on youtube: https://youtu.be/U7ObwVh5DAc?t=332]

OTTO MORA:   There's various items that we have. I'll just share my screen to kind of show you a little bit of a walkthrough of what that looks like, and a little bit of the features of our DID method. The polygon ID protocol is a protocol that aims to keep user’s privacy. We have a DID method and our DID method has various features such as key rotation, it allows you to do a private revocation, it allows you to manage profiles so users can have multiple profiles that they can expose. If you're interacting with a verifier, you can choose which profile to use and independent of that, you can use any of the credentials that were issued to you. It also has CKQuery language which allows verifiers to ask questions about the profiles, and then present those credentials and generate proofs to respond to the questions from the verifier.

We have a couple of methods to issue credentials, one that is kind of gas-less, and another one that enables on-chain, which is the MTP Method. (Merkle Tree Proof) It also uses Baby JubJub keys for optimized generation of ZK proofs in mobile devices. And then an interesting thing for anybody looking to use our DID method is that It's EVM (Ethereum Virtual Machine) compatible, the DID method could be used in any kind of EVM chain, and it's also fully open source under an MIT Apache license. The heart of the protocol is really that you have a verifiable credential, the credential will say, a few attributes about your identity. Maybe it'll have information about your date of birth. Maybe it'll have information about your country of citizenship, it could have information about your credit score. Then you'll interact with the verifier, the verifier will ask a set of questions around that set of credentials that you have in your wallet and then in order to answer those questions, you'll be generating a zero-knowledge proof directly from your device be it your mobile phone or be it your browser that you're using to interact with the blockchain at that point.

So you generate those proofs, and then in doing so, you present those proofs to the verifier. They can check the validity of those proofs. They can check that the data is correct. What you've done now at this point is that you reveal just enough information to answer the questions from the verifier instead of the whole credential data. So this is the famous thing in centralized identity.  Show me that you're over 18 without telling me where you live, what's your full name and where you were born? All these things are just not revealed, but just the specific answers to the question that is being asked by the verifier. This is the heart of the protocol, this is kind of the innovation that we bring.

If it's okay with you, I can show you a brief video of what that looks like and kind of just a more practical use case.

LIMARI NAVARRETE: Sure that'd be great.

OTTO MORA: Let me just jump into that. This is just a quick sample demo of what this looks like. [Link to demo: https://youtu.be/U7ObwVh5DAc?t=516] This is just showing you our polygon ID application. It's a sample application. We are enabling multiple wallet providers to integrate with us.

At this point this is just the wallet creation process. You’re creating your wallet. You're getting it set up for the first time. You have no credentials inside of your wallet. You're now going to go to a website that's going to issue you credentials. So the first step is connecting your wallet. You're connecting your wallet to get the basic authentication.  Now that the authentication has been done, now your wallet is connected.

At this point, you may be asked to show some credential data. Maybe if it's a university, if you passed a test, maybe some other thing. Whatever set of data is required by the issuer in order to be able to offer you the claim. It could be an identity verification process, it could be any sort of thing. Eventually the verification is successful, and then you're offered a set of claims. So now you continue to add claims. You can see that QR code there that has the claims that you are now able to scan with your device.

You're seeing that now a set of claims are being offered, one is a proof of personhood. Another claim is showing you as a member of a DAO. Another claim is your date of birth and then another claim is your country of residence. These claims are just like a set of credentials or cards that are stored in your wallet at this point and the claims get added.

Now you can go into the wallet app and you can see these purple cards in there. These various credentials that were issued to you and the data that's inside of them. So now you have those credentials and now we're going to actually make use of the credentials. Now is that process of interacting with the verifier being asked the question and then satisfying that. So now we're going to go into this sample DAO interface, which is Grail. We're going to connect our wallet just like we did the last time.

Now we're going into voting for a proposal. So for voting for the proposal, here's a kind of proposal that we want to vote on, but before we can vote we have to prove our eligibility to vote. In order to vote we're now being asked, prove to me that you're a member of this DAO. So from the various credentials that we have, we're now going to use one of them, and we're going to answer the question, are you a member of this DAO? Yes or no. That is kind of what's going to trigger now, this cryptographic proof generation in which now you can generate the proof to answer your question from the verifier. Once the proof is generated, you can now vote.

Now you've successfully voted on the DAO. So that's just kind of illustrating a little bit of that process of, you have a credential that's issued to you, you go to a verifier, and you would get asked a bunch of questions about your credentials to generate some proofs on your device. Then you've successfully revealed data about your credentials without revealing the full credential. So that’s the main kind of innovation that we bring. That’s a little bit of the flow of what that looks like.

LIMARI NAVARRETE: Okay, and this can be used in various contexts as well, such as credentials for workplace, credentials for education? Could also be applied in those cases as well?

OTTO MORA: Our intention is that you could go with the number of verifiers and reveal data about yourself. Prove to me that you're a graduate of a computer science degree, yes or no. That kind of question. Or prove to me that your credit score is between 500 and 600 and that makes you eligible for a loan or something like that.

Then we have other more elaborate ones. Maybe you're at a traffic stop and you're interacting with a cop, and you use your phone with an NFT and you quickly answer yes or no to a bunch of questions such as; is your car’s kind of insurance up to date? Do you have the proper registration? Is your license not expired? You're able to answer all those questions very quickly, generating a proof without revealing more data than what's required.

So yeah, it's use cases like that where we envision this being used. Both web3 and web2 use cases. Within web3 we think DAOs, these online cooperatives, would benefit a lot from this. Defi protocols as well, looking to do some KYC, things like that. But there's also web2 use cases. We’re starting with web3 that's our initial focus area, but we want to go further than that, if possible.

LIMARI NAVARRETE: Can you share a little bit about your business model? I know people are always curious about that. How are you going to market at this point?

OTTO MORA: It's fully open source. We don't really charge for Polygon ID. At this point we see it more as a complement to the Polygon ecosystem. We're not intending to directly monetize the identity protocol, but it's more just a reason for people to build on top of the Polygon blockchain. We get additional incentives and revenue by more people using our blockchain, we get more fees, and that helps everybody in the ecosystem. So that's a little bit of why this is being released fully open source, and as a benefit to the community at Polygon.

LIMARI NAVARRETE: I know you have been involved in our community over the past few months. Polygon ID joined as a DIF member earlier this year, and you've been involved in some of the various work groups. Can you share a little bit about what are some of the work items that you followed and integrated into some of the work at Polygon ID?

OTTO MORA: We have various items from the DIF that we are already integrated with or are intending to do integration with or engagement. So one of them is the DIF Universal Resolver, [https://dev.uniresolver.io/] which we've already implemented and I know Marcus was nice enough to review it for us, so very thankful for that. We are intending to support the well known DID configuration. It's in our roadmap along with creating more trust in the ecosystem of who are the issuers, trust registries and things of that nature. We're also looking to get some support for Credential Manifest. [https://identity.foundation/credential-manifest/] It's this thing called output descriptors that provide guidance for wallets on how to display the credential cards, what logo to use, what color to use when displaying. That was brought to our attention by Thierry from the AltMe wallet. We’re open to input on the product and adopting these standards is important to us where we see it makes sense.

Then from the last Internet Identity Workshop I saw this work around the standard wallet container that's being led by Sam Curren. That's also something that's of interest to us. We do have a growing ecosystem of wallets, and we ideally would want them to follow standards and bring data vaults and things of that nature.

So that's something that we're also looking to engage with. We're open to more, and it's all about building together in the community with the folks at DIF so we're looking forward to contributing.

LIMARI NAVARRETE: Then my little side plug is to anyone who's viewing, you can get involved in these work items at DIF. We are an open-source community, and we also have membership options, so you can join and get involved in that. [https://Identity.foundation/join}

The other thing I wanted to ask is in terms of the vision of Polygon ID. Where do you guys see things going in the next 5-10 years? How do you see some of the work that you're doing, impacting the economy and the way we do things?

OTTO MORA: Absolutely, I think for us it's solving at least in the more immediate term the need for identity verification in the web3 space, solving identity for DAOs, solving identity for Defi protocols and getting more adoption from the various wallet providers. I think that the issue perhaps now is, people don't really care so much about privacy or keeping their data private as much. I think over time that'll change. So I think maybe we're a little bit early with this whole ZK Technology, that some people are happy to show their full credentials and be done with it, they'll say they'll have nothing to hide.

But I think over time privacy will become more and more relevant, and we see this as one tool that will get people to care about it and be able to implement privacy.

LIMARI NAVARRETE: If there are any companies out there who are interested in working with Polygon ID, should they get in touch with you? What would be the easiest way for them to do that?

OTTO MORA: They can get in touch with me, also on Twitter as well my handle is @ottomorac [https://twitter.com/ottomorac?s=20] Also we have a Discord channel on the Polygon site that you can access. [https://discord.gg/0xpolygon]

If you want to get in touch with our Business Development team for Polygon ID, you can do so as well from the Polygon website. [https://polygon.technology/contact-us] You go to Polygon ID, and then there's a contact form there.

If you have specific questions, or if you want to engage with us because you have a project, or you have a wallet, and you would like to talk to us, that's another way to engage with us.

Then, finally we're also open to code contributions. It's fully open source, so if somebody has a unique feature they would like to contribute to us, we're definitely open to that. We can do a pull request on Github as well if you have something you want to contribute.

LIMARI NAVARRETE: Sounds great, and for our viewers I'll make sure to have all those links in the notes on our Youtube Channel as well. It was great having you today Otto and hearing more about Polygon ID and your journey as well, and I'll  also encourage our listeners if you get a chance, go to our website https://identity.foundation as well to join and become a member.

Thank you so much once again Otto and if anyone else joins in the community you can you'll be able to see Otto there as well.

OTTO MORA: Awesome. Thank you.