Explore additional proof-of-personhood providers beyond BrightID

[jeremymanning]

Context

T086 selected BrightID as the initial proof-of-personhood provider for Humanity Points verification (FR-S070). This choice was made because BrightID is decentralized, free, requires no biometric collection, and has a REST API.

Action items

Evaluate and potentially integrate additional providers to offer users choice and improve Sybil resistance:

• Gitcoin Passport — composable identity with multiple attestation sources
• World ID (Worldcoin) — strong uniqueness guarantee via iris scan (privacy trade-off)
• Government ID (Stripe Identity, Jumio) — strongest identity assurance (cost trade-off)
• Proof of Humanity (PoH) — Ethereum-based, video verification
• Civic — reusable identity verification

Design considerations

• Multiple providers should be supported simultaneously (user picks one or stacks several)
• HP weight should vary by provider strength (government ID > BrightID > phone)
• Privacy implications of each provider must be documented
• Provider unavailability should degrade gracefully (not block enrollment)

Current state

BrightID integration is stubbed in src/identity/personhood.rs with context ID derivation, API response types, and deep link generation. HTTP client integration pending (needs ureq or reqwest dependency).

[jeremymanning]

Resolved by PR #58. BrightID (primary), OAuth2 (GitHub/Google/Twitter), and phone/SMS (Twilio) identity verification all implemented. Additional providers can be added as needed.