How to build a legal tech app with no blockchain

2 min readAug 6, 2021

Or how I learned to love Verified Credentials

I wrote this XOPA Paper (XDV organization proposal arch) where I postulate that in a Verified Credentials model (VC), you have:

  • Issuer: Signs or issues credentials using government mandated HSM or Smart cards to legally bind these credentials.
  • Holder: Same as VC model, but can enroll into a “peer” like id with issuer. Issuer can create an attestation credential to eg link a wallet address. Next time holder uses a certain DID with Issuer, it can be attested.
  • Verifier: Same as VC model, requests Verified Presentation to verify proof

Use Case # 1 — Use HSM / Smartcard to whitelist a set of user wallet address

This is the poor man’s shortcut for business to avoid excessive PKI costs. In this case, it is similar to what I described, the workings goes like:

  • Business already has KYC, the user goes through KYC onboarding and if vouched, gets registered in a database as whitelisted for wallet enrollment.
  • The API service (onsite) is connected to HSM/Smartcard and issues VCs following XOPA-002, which creates a challenge/response.
  • User when asked to enroll, signs with wallet.
  • The result gets attached to the credential or some ledger, but it is stored as a XAdes detached signature.
  • Any regulatory concern is addressed with append-only log of XAdes detached signatures.

Use Case # 2 — Invoice or Legal Design (Template design)

Similar to use case #1, but here we use both XAdes and VC as dual model data sources. Because it can customized, let’s assume the basic use case: a legal design marketplace.

  • Legal Tech company sells legal design templates as NFTs
  • Marketplace manages all the buy/sell (orderbook) features
  • Buyes obtains the design template and starts using it eg Adobe Sign or some other software. Assume is a software capable of VC and XAdes.
  • Any changes are stored as VC and XAdes and kept in an append only store, maybe IPFS or Swarm Bee using Feeds feature.
  • Again, you’ll get the merkle tree, append-only, zero gas features without actually using a full fledge blockchain while keeping copies or documents fully legally backed by regulations.

Hope you enjoy reading this article, where I explain one of the XOPA research articles.

— Rogelio




Industrias de Firmas Electrónicas, S.A. (IFESA) es la primera empresa panameña dedicada a tecnologías basadas en algoritmos criptográficos, firmas electrónicas,