# CISO (Chief Information Security Officer) To provide a bank's IT team with a guide, you need to show them how to bridge the Solana Token-2022 standard with the W3C/Credo off-chain identity layer. This guide focuses on the "Technical Handshake": how the bank verifies that a user’s wallet is not only held by a human but by a human verified by *your* Hub. *** ### 🏦 Bank Integration Guide: Verifying Hub-Identity #### 1. Prerequisite: The "Permanent Delegate" Check Before a bank accepts a Verifiable Presentation (VP), they must verify that the user's wallet holds the Soulbound Bank Identity (SBT) issued by your Hub. The bank's backend (or their node) should perform a Mint & Extension Audit using the `@solana/spl-token` library. TypeScript ``` import { Connection, PublicKey } from '@solana/web3.js'; import { getMint, TOKEN_2022_PROGRAM_ID, getExtensionTypes, ExtensionType } from '@solana/spl-token'; async function verifyHubSbt(mintAddress: string) { const connection = new Connection("https://api.mainnet-beta.solana.com"); const mintInfo = await getMint(connection, new PublicKey(mintAddress), "confirmed", TOKEN_2022_PROGRAM_ID); // 1. Check for Non-Transferable Extension (The "Soulbound" proof) const extensions = getExtensionTypes(mintInfo.tlvData); const isSoulbound = extensions.includes(ExtensionType.NonTransferable); // 2. Verify the "Hub" is the Permanent Delegate (The "Revocation" proof) // This ensures the Hub can burn the token if the user is de-verified. const isHubDelegate = mintInfo.permanentDelegate?.equals(HUB_PUBLIC_KEY); return isSoulbound && isHubDelegate; } ``` #### 2. The Identity Handshake (DID:SOL) Once the SBT is confirmed, the bank requests the Verifiable Credential (VC). They will map the user's Solana address to a W3C DID. * User DID: `did:sol:mainnet:` * Verification Method: Ed25519 Verification Key (The same key used for Solana transactions). #### 3. Processing the Credo-TS Presentation Your Hub relays the user's proof to the bank. The bank's IT team will use Credo (or a similar SSI library) to verify the signature against your Hub’s Trusted Issuer Registry. TypeScript ``` // Bank-side verification logic import { Agent } from '@credo-ts/core'; async function verifyUserData(presentation: any) { const { isValid, proofData } = await credoAgent.proofs.verifyPresentation(presentation); if (isValid) { // proofData contains the selectively disclosed fields (e.g., "isOver18": true) console.log("Identity Verified via Hub SBT + W3C VC"); } } ``` *** ### 🛡️ Governance & Revocation Flow If a user’s KYC expires, your AdonisJS backend triggers a Permanent Delegate Burn. This is the ultimate security feature for banks. 1. Trigger: AdonisJS detects a compliance breach or expiry. 2. Action: The Hub’s admin wallet sends a `burn` instruction to the Solana network for that specific user's SBT. 3. Result: The user's wallet no longer holds the "Verified" token. 4. Instant Lockdown: The next time the bank checks the wallet (via Step 1 above), the verification fails immediately. *** ### Summary for the CISO (Chief Information Security Officer) | **Feature** | **Technical Implementation** | **Regulatory Alignment** | | -------------- | ---------------------------- | ------------------------ | | Identity Proof | W3C Verifiable Credentials | GDPR (Data Minimization) | | Trust Anchor | Solana Token-2022 (SBT) | Proof of Possession | | Kill-Switch | Permanent Delegate Burn | AML/CTF Compliance | | Transport | DIDComm v2 (Encrypted) | Data in Transit Security | Would you like me to help you draft the specific "Metadata Schema" (JSON) that your Solana SBTs will point to, so banks can see their own name and logo in the user's wallet?