I appreciate your detailed thoughts on scoring-as-a-service. I imagine most apps using passport for sybil resistance will want this.
You mention privacy. I think that’s important, so let’s discuss what we’re already doing and what we still need to do.
How do we ensure that this one-time exposure isn’t leaked by the stamp issuer?
How does the scorer service deduplicate with
The scoring service would need access to a range of stamps from an individual. Do we currently have a means for an individual to authorize that access? If yes, how do we ensure that the information isn’t reshareable (e.g. the scoring service leaks what it knows)? Or is the set of stamps a user holds public (minus the specific accounts used, which is redacted like you said before)?
BrightID has a solution to prevent cross-linkability between apps that leaves no data (such as account information or ownership proofs) on BrightID nodes. I can go into more detail about BrightID’s approach and other solutions we explored once I get a fuller sense of what Gitcoin Passport is already doing for privacy, and what still needs to be done.