Solana Attestation Service: portable on-chain credentials
The Solana Attestation Service issues and verifies on-chain credentials (KYC, eligibility, badges) without private data on-chain. The model and honest read.
devrels.xyz/a/41short linkThe Solana Attestation Service (SAS) is an open, permissionless protocol for issuing and verifying portable, reusable credentials — KYC, accreditation, geographic eligibility, badges — by linking off-chain verification to a wallet without putting the underlying private data on-chain. It's built by the Solana Identity Group and the Solana Foundation, launched May 2025.
The model: Credential → Schema → Attestation
- Issuer — a trusted party (a KYC provider, event organizer, agency) defines a Credential (the issuing authority) and a Schema (the data layout: field names, types).
- Attestation — the signed, on-chain record that a given wallet meets that credential, stored in schema-driven PDAs.
- Verifier — a dApp checks the attestation on-chain before granting access. It trusts the issuer, not raw documents it never sees.
KYC provider verifies Jane off-chain (passport, liveness)
│
├─ issues an Attestation: "wallet ABC… satisfies <KYC credential>" (on-chain, signed)
│
dApp verifier reads it on-chain → unlocks gated feature
(no passport, no PII ever touches the chain)Attestations can also be tokenized: a single instruction creates the attestation and mints it as an SPL Token-2022 token to the wallet, so the credential shows up as a token (with extensions like a permanent delegate enabling issuer-side control/revocation). Program ID: 22zoJMtdu4tQc2PzL74ZUT7FrwgB1Udec8DdW4yw4BdG; TypeScript SDK sas-lib.
What it's for
Reusable KYC "passports," compliant/permissioned DeFi, region-based gating, Sybil resistance, airdrop gating, accredited-investor and RWA compliance, DAO reputation, and DePIN device/location attestations — anywhere you need to prove a wallet meets a bar without re-collecting data. It pairs naturally with agent and proof-of-personhood use cases.
The honest read
Two things to be clear-eyed about. First, trust is federated, not trustless: SAS standardizes the credential format, not the issuer's honesty — a verifier still has to trust whoever issued the attestation. Second, privacy is pseudonymous, not ZK by default: raw documents stay off-chain, but the attestation↔wallet link is public on-chain (individual issuers may layer ZK in their own pipeline, but SAS itself doesn't). Adoption is early — launched mid-2025, with a partner list still skewed toward identity/compliance vendors. As an open standard for the "does this wallet qualify?" problem, though, it's the right primitive at the right layer.
References
Identity has always been the missing primitive for compliant on-chain finance. SAS doesn't solve trust — it standardizes how you express it.
Keep reading
SECZ went live on the NYSE and on Solana on the same day. On Solana every Securitize asset is a Token-2022 mint that enforces its own compliance — but the tokenized stock uses defaultAccountState + pausable + scaled UI amount, while the funds use a transfer hook. Here's what that means when you integrate them, with the real mainnet mints.
Blockchains settle transactions; they don't coordinate who you're transacting with, whether they're compliant, or how to reconcile the off-chain context. OTL — backed by Fireblocks, Robinhood, MetaMask, Stripe's Privy and the Solana Foundation's consortium — is an open stack for exactly that. Protocol view.
Your wallet is your identity. Sign In With Solana turns that into a real auth protocol: a structured message, a wallet signature, and a server that verifies the Ed25519 sig and issues a session. No email required. Here's how to implement the full stack — frontend signIn call, backend nonce management, signature check, and JWT — plus the security edge cases that trip people up.
Get new articles in your inbox
Technical deep-dives on Solana tooling, infrastructure, and ecosystem. No noise.
