# Soulbound token workshop on use cases at the DAOist in Bogota - date: 2022-10-09 - clock-wise order of participants: (B)en, (L)ukas, (Br)ett, (V)aughn, (A)ngela, (T)im, (C)indy ## Minutes - Ang: The metadata example from the last session, I found quite interesting. A guiding question to me is: If it's something that should never change, then put it into the metadata. And don't put it if it can evolve. - T: There are different ways how the tokenURI is hosted, e.g. IPFS, web2 URLs and so that affects privacy as e.g. the tokenURI access could be permissioned. - A: We're discussing to issue SBTs to TE participants but we shouldn't put the name into the metadata. The credential receiver should consent to the token being minted. - V: If I can always figure out where an SBT was minted towards, there's provenance. - Ang: Collectible history is also tracked and that's similar. There's this triangle of token, holder and issuer. - L: SBT itself doesn't have a value, it gets value through the context. - T: Kate Sills post on "SBTs should be claims" and that claims are to be subjectively interpreted and cannot be computed over. - Ang: When we have SBTs as subjective e.g. like credentials like passports they can be problematic. - Ang&L: Let's go over use cases: Go over the privacy question. Not sure if it was in V's paper or where I saw it. This claim that you can compute identity is something I'd like to explore. E.g. we'd want each individual to control what information should be public. We don't want to have another social score. - B: How expressive are soulbound tokens, because you can't express everything with them. - Tim: [explain H. Nissenbaum: Privacy as contextual integrity] - Ang: What's signficiant is that you can't role back privacy. - L: Community member rejected SBT issuing because of fear of being doxxed by government. But on a practical level the SBT isn't that different from that person having a wallet of EIP20 token. Privacy is a topic that is very present. The SBT doesn't necessarily cary information about the person. - C: Are there projects that implement SBTs. Polkadot can derive wallets. And then someone could aggregate different addresses. - Br: UTXO model for issuing SBTs. - Ang: You can discolose the wallets that you want to show. - Br: You want to have different collections of SBTs for different contexts. - L: Revealing SBT context has to do with stake too. E.g. imagine revealing your identity to a financial app then you want to a wallet that has many SBTs. - V: There can also be a problem of spam. e.g. someone DOS'ing your wallet. - L: Consensual minting can combat spam. Otterspace allow list is public so that may leak data. SBTs in otterspace are used for roles. There is also a question of what you want to capture with SBTs, e.g. "I gave a talk here", vs. "team lead" badges. Optimism's citizenhouse doesn't know yet how their SBT will look like. - B: Consensual minting how it should work: You get a credential and then you mint the SBT if you want. The default of VCs is that everything is private and then you actively generate proofs and make them public. The default should be that you have the credential and then you mint it. - T: EIP-4973 can do private credentials and then mint them on-chain. - Ang&L: Everybody please think of a use case and how it's related to privacy and then we discuss. - C: (1) Persistent anonymous reputation: Publish papers anonymously and not being able to tie it back e.g. to avoid NDAs or because you're anti-thetical to the institution, whistleblowing, RSA authors, PGP thing. Use case: Against impersonation (2) DAO delegate, I want to transfer reputation across chains. - T: Anonymity and pseudononymity? What are the definitions? - L: If reputation is transferrable then you're opening yourself to attacks. Composable Twitter blue checkmarks - Ang: Verification of identity is also a use case. - C: Anti-impersination was another one and the forth use case would be soulbound items in games. NFTs are still transferrable and for games those wouldn't work well. - Achievements and credentials are the same use case. But e.g. games issue achievments for engagement and credentials for verification of completing a course. - Ang: Another use case is social recoverability. In crypto only the private keys can be used to recover funds and so having SBTs can help. An SBT is an identifier. - L&Ang: The SBT as an identifier can be a use case and then it can be used to recover tokens. - Th: In university a title goes to me and must say my name so the title is connected to you through KYC. - Ang: It's similar to a passport and how it proves your name. - Th: When I'm born in this imaginary future my wallets gave me my certificate of birth and then this would be your unique inventory that identifies you. - T: What does KYC mean? - B: "Knowing your customer" is just a small part of KYC. There are different dimensions of KYC. My passport picture is shared with many people. KYC is determining the relationship wit the customer and organization. - Th: What I meant as KYC is a verification of a passport. - Br: Getting ID'd at a bar can mean KYC too, so they're just checking your age. - L: And the crypto exchange: they wanna understand whether you're financing terrorism. - T: SBTs could also be used for compliance. Permission, Access - L: Permissions, Access - Ang: Appreciation and recognition - Analytics, transparency, equality, token-gating, agreement, a personal contract like a promise, a social commitment, power influence, a public bet