In this tutorial, we will explain how SocialConnect works, focusing on the protocol’s main components, attestation flow, and privacy flow. We will also discuss the roles of issuers and users in the protocol. By the end of this tutorial, you will have a better understanding of how SocialConnect operates and how to build with it.
Components of SocialConnect
SocialConnect consists of two main components:
- Attestation Flow: This component manages the mapping of public keys with identifiers that have been verified by an attestation authority. The attestation flow ensures that the connection between public keys and identifiers is valid and trustworthy.
- Privacy Flow (Oris): Also known as the Oblivious Decentralized Identity System (Oris), this component is responsible for securely storing identifier data. It ensures that the identifier information remains private and cannot be accessed by unauthorized parties.
Roles in SocialConnect
There are two main roles that interact with the SocialConnect protocol:
- Issuer: The issuer is responsible for verifying that the user owns both a Wallet account and a social identifier. The issuer can be an individual, a group of friends, or an organization. The issuer performs two main tasks:
- Attestation: The issuer verifies the ownership of the Wallet account and the social identifier. This can be done either through an attestation designer or directly.
- Authentication: The issuer can authenticate the user using a data encryption key (DEK) or by other means. Authentication ensures that the user is authorized to access the requested resources.
- User: The user is responsible for fulfilling the issuer’s verification requirements. The user needs to prove ownership of the Wallet account and verify the social identifier as defined by the issuer. This can be done through various methods such as SMS, email, Twitter, GitHub login, or any other means specified by the issuer. Similar to the issuer, the user can authenticate using a DEK or other means.
Using Data Encryption Keys (DEK)
Both issuers and users can generate and use data encryption keys (DEKs) to execute requests on behalf of the respective owner. DEKs are recommended because they can be rotated at the owner’s discretion without compromising security. This approach adds an extra layer of security to the SocialConnect protocol.
Building with SocialConnect
In the transcript, it is mentioned that there is a missing part on how to build with SocialConnect. Unfortunately, that part is not covered in this tutorial. However, you can look forward to the next tutorial in the series, where this missing information will be addressed.
By understanding the components of SocialConnect, the roles of issuers and users, and the use of data encryption keys, you are now equipped with a foundational understanding of how SocialConnect works. Stay tuned for the next tutorial in the series, where we will dive into the process of building with SocialConnect.