High Level User Stories

The Holder (End User)

1. The Holder wants to leverage owned off and cross-chain credentials (e.g. a government issued ID card), in order to access permissioned or access controlled services (e.g. permissioned yield pools) across any blockchain ecosystem.

2. The Holder wants to reveal as little personal information as possible and remain anonymous for as long as possible in order to avoid any party (incl. the Issuer, Verifier or Regulator or any other uninvolved party) from benefiting or abusing the link between their identity and public service consumption patterns.

3. The Holder values the following metrics (from high to low priority):

   • Low PII Data Sharing Rates

   • Low Average Time to Service (i.e. average time it takes for a user to onboard to a permissioned service)

The Verifier (Service Provider)

1. The Verifier needs to perform user due diligence before onboarding a user in order to either

   • fulfill internal business needs (e.g. targeted service provision),

   • reduce fraud (e.g. remove bots & duplicate accounts),

   • avoid jurisdiction (e.g. not provide services to residents of certain countries), or

   • fulfill compliance requirements (e.g. enhanced customer due diligence during onboarding).

2. The Verifier requires a solution that is fully decentralized and cost-effective in order to minimize the financial impact of introducing user verification services.

3. The Verifier requires a solution that is data minimized and secure against accidental (internal and/or external) user data misuse and leaks in order to comply with it’s requirements under global data privacy regulations such as EU’s GDPR.

4. The Verifier values the following metrics (from high to low priority):

   • High User Verification Retention Rate (i.e., the proportion of users who complete the verification process without dropping off)

   • Low Crossover Error Rate (i.e., the combined error rate of false-positive and false-negative user verifications)

   • Low Costs per Verification

The Operator

The Regulator

1. The Regulator aims to protect Holders within its jurisdiction from accessing unregistered financial services to shield them from non-transparent risks.

2. The Regulator requires the ability to recover the real Identity of a Holder in case formal bad actor proceedings are initiated against the Holder.

The Issuer

1. The Credential Issuer

The Credential Issuer is responsible for generating and distributing verifiable credentials to Holders. It represents the starting point of the credential lifecycle within the zkMe Network, allowing users to obtain their initial credentials, which can then be utilized to access permissioned services across different blockchain ecosystems.

A Credential Issuer can operate in two models:

• Centralized Issuer: A trusted entity (e.g., a government agency, financial institution, or compliance provider) that directly issues credentials to users within the zkMe Network. These credentials are recognized by other stakeholders as reliable and compliant with regulatory and business requirements.

• Decentralized Issuer: A programmatic bridge to an external trusted entity that is not natively part of the zkMe Network. This model enables automatic credential issuance without introducing an additional centralized intermediary, ensuring seamless interoperability and reducing trust dependencies.

The Credential Issuer plays a critical role in ensuring that issued credentials are cryptographically secure, privacy-preserving, and verifiable while maintaining data minimization principles.

2. The Issuer-Algorithm Developer