All articles
solanaattestationidentitycompliancetoken-2022

Solana Attestation Service: portable on-chain credentials

SAS is an open protocol for issuing and verifying on-chain attestations — KYC, eligibility, badges — without putting private data on-chain. Here's the credential/schema/attestation model and the honest read.

The Solana Attestation Service (SAS) is an open, permissionless protocol for issuing and verifying portable, reusable credentials — KYC, accreditation, geographic eligibility, badges — by linking off-chain verification to a wallet without putting the underlying private data on-chain. It's built by the Solana Identity Group and the Solana Foundation, launched May 2025.

The model: Credential → Schema → Attestation

  • Issuer — a trusted party (a KYC provider, event organizer, agency) defines a Credential (the issuing authority) and a Schema (the data layout: field names, types).
  • Attestation — the signed, on-chain record that a given wallet meets that credential, stored in schema-driven PDAs.
  • Verifier — a dApp checks the attestation on-chain before granting access. It trusts the issuer, not raw documents it never sees.
text
KYC provider verifies Jane off-chain (passport, liveness)
        │
        ├─ issues an Attestation: "wallet ABC… satisfies <KYC credential>"  (on-chain, signed)
        │
dApp verifier reads it on-chain → unlocks gated feature
        (no passport, no PII ever touches the chain)

Attestations can also be tokenized: a single instruction creates the attestation and mints it as an SPL Token-2022 token to the wallet, so the credential shows up as a token (with extensions like a permanent delegate enabling issuer-side control/revocation). Program ID: 22zoJMtdu4tQc2PzL74ZUT7FrwgB1Udec8DdW4yw4BdG; TypeScript SDK sas-lib.

What it's for

Reusable KYC "passports," compliant/permissioned DeFi, region-based gating, Sybil resistance, airdrop gating, accredited-investor and RWA compliance, DAO reputation, and DePIN device/location attestations — anywhere you need to prove a wallet meets a bar without re-collecting data. It pairs naturally with agent and proof-of-personhood use cases.

The honest read

Two things to be clear-eyed about. First, trust is federated, not trustless: SAS standardizes the credential format, not the issuer's honesty — a verifier still has to trust whoever issued the attestation. Second, privacy is pseudonymous, not ZK by default: raw documents stay off-chain, but the attestation↔wallet link is public on-chain (individual issuers may layer ZK in their own pipeline, but SAS itself doesn't). Adoption is early — launched mid-2025, with a partner list still skewed toward identity/compliance vendors. As an open standard for the "does this wallet qualify?" problem, though, it's the right primitive at the right layer.

References

Identity has always been the missing primitive for compliant on-chain finance. SAS doesn't solve trust — it standardizes how you express it.

Solana Attestation Service: portable on-chain credentials | devrels.xyz