Plant a Tree and Control Your Data with SSX At ETHDenver

We're happy to announce that we are demoing an app called SSX Quest that shows how Sign-In with Ethereum can extend user control into interactions with user-controlled data, beyond just identity.

Plant a Tree and Control Your Data with SSX At ETHDenver

We recently announced our presence at ETHDenver, alongside our ETHDenver bounties, talks, and half-day event: did:day.

Spruce at ETHDenver 2023
It’s the greatest time of year again–when thousands of developers and Web3 aficionados descend upon the mountains of Colorado for a week of Ethereum fandom, activities, events, and hackathons. ETHDenver is here and Spruce will have events, activities, bounties, talks and more.

Alongside this, we're also happy to announce that we are demoing an app called SSX Quest at ETHDenver that shows how Sign-In with Ethereum doesn't just end at user-controlled identity but also enables interactions with user-controlled data.

This early alpha demo will show how you can Sign-In with Ethereum, obtain various credentials that are saved and encrypted in an off-chain data vault, and authorize access to that data vault to present those credentials.

These workflows will define the future of SSX and how developers using SSX can work with decentralized identity and data in the future. The SSX Quest interaction at our ETHDenver booth is a sneak peek for now.

After obtaining a specific POAP at our booth, you, as a user, can use that POAP to participate in an activity that will plant a tree in real life.

Plant a Tree at ETHDenver

SSX Quest is open for anyone to experience and run through any of the credential workflows available. However, to use the SSX Quest alpha in order to plant a tree, you'll need to stop by our booth at ETHDenver and obtain our special ETHDenver POAP first, or have an ENS domain.

After you’ve obtained the POAP or have an ENS name, visit, and follow the steps to sign in to the application with your Ethereum account. Note: in the future, we are architecting a way to combine all of these signings into a single step for users through the use of ReCaps and SSX. For now, as a first-time user, you’re conducting the following actions:

  • Connecting your wallet and signing in with Ethereum to authorize the creation of your data vault.
  • Signing to authorize read and write access to your data vault from SSX Quest, and,
  • Signing to encrypt your data.

In the future, this will be combined into a single signing step for a user.

After going through the sign-in and data vault creation flow, you'll be able to scroll down to the available credentials shown at the bottom. Here, you will select the “Spruce POAP Ownership” flow or the "ENS Ownership" flow.

After selecting the POAP flow or ENS flow, there are four steps to complete:

  • Confirm you own the POAP or ENS name
  • Sign an attestation that you own that POAP or ENS name
  • Our open-source witness checks against an indexer to ensure ownership and then finally
  • A credential is issued

If you’re curious about what powers this prototype workflow, check it out in Rebase.

Finally, on the main page, hit “Present Credential” to verify your POAP Verifiable Credential or ENS Verifiable Credential, and add your tree to all the other trees we’ll plant after we get a total tally from the ETHDenver event.

Our Libraries and Products That Make it Possible

SSX Quest is created with a combination of libraries and initiatives from Spruce to bring user-controlled identity and data to life.

It starts with our Rebase library, which is responsible for the credential workflows you find in the interface. The interface currently supports Twitter, GitHub, Email, DNS, SoundCloud, Reddit, ENS Ownership, and the Spruce POAP ownership credential.

These flows are built using this library and typically require the user first to sign a statement attesting to ownership of their account or asset, “prove” ownership in a variety of publicly auditable ways (for example, a Gist for a GitHub account), and then be issued a credential which is stored in their data vault.

Our data vaults are handled with our Kepler library. Kepler is self-sovereign storage. With Kepler, you can define exactly where your data are stored, and who has access to your personal data vault, known as an Orbit. An Orbit designates a list of trusted hosts for your data and can be represented as a smart contract that only your keys can control.

Our next immediate goal for Kepler is to demonstrate how a user can quickly run Kepler anywhere they choose, fully replicate from Spruce’s instance, and demonstrate full data sovereignty by choosing to remove us as a host of their orbit at any time.

Kepler | Self-Sovereign Storage
Kepler is Self-Sovereign Storage. Securely store digital credentials, private files, and more - all using your Web3 wallet and with rules that only you control.

These off-chain interactions are all possible with ReCaps.

Extending Sign-In with Ethereum to Authorizations - ReCap
Sign-In with Ethereum describes how Ethereum accounts authenticate with off-chain applications. ReCap introduces a mechanism that allows an off-chain application to combine authentication and authorization of such, while preserving security and optimizing UX.

ReCaps are an extension specification to Sign-In with Ethereum that allows users to authorize an application to access third-party resources for that session–all with a single wallet interaction. This allows authorizations to happen alongside authentication to read and write to a user’s data vault, all while having informed consent in the statement section of the Sign-In with Ethereum message.

The Future of SSX and SSX Quest

When we built SSX, our goal was not only to make Sign-In with Ethereum as easy as possible for developers to install but also to give developers a robust set of tools they could use to start working with decentralized identity.

SSX will evolve to:

  • Enable developers to build applications where you no longer need to hold user data, and instead, users can be in control.
  • Expand the scope of ReCaps, enabling new forms of off-chain authorizations to happen.
  • Allow developers to use a set of core credentials that users bring with them, regardless of where they build their profile.

At Spruce, we strive to build a world where user-owned credentials are abundant and easy to use in applications across the web. Whether that means we issue them, other organizations across the space issue them, or even you issue them: users should be able to receive them and use them in a friction-free way.

The version of SSX Quest that we’re demonstrating at ETHDenver is an alpha demo, and we look forward to expanding it in the future alongside those aforementioned interactions.

We’re happy to help facilitate this regenerative activity while demonstrating how a user can bring their own identity and data to a dapp with Sign-In with Ethereum at the core of it. If you’re curious about using credentials in your application or letting users control their data across the web, join us at our booth at ETHDenver to talk, or send us a message in our Discord.