Solana Attestation Service (SAS) Explained: KYC Once, Access Everywhere

Key Takeaways

• Solana Attestation Service (SAS) introduces privacy-preserving identity verification to Web3.
• Users can use SAS to prove credentials like KYC, jurisdiction, or accreditation without revealing sensitive data on-chain.
• SAS enables seamless, reusable identity across dApps. One verification unlocks access across multiple dApps, removing the need for repeated KYC.
• SAS requires only a single SDK call for integration, eliminating the need for apps to manage identity infrastructure or user data.

As decentralized applications (dApps) and blockchain ecosystems mature, they continue to grapple with a foundational problem: identity verification. In a system designed to minimize central authority, how do you establish trust without sacrificing privacy?

One of the top high-performance blockchains, Solana, has stepped up to address this challenge via the Solana Attestation Service (SAS), which links off-chain identity verification to on-chain communication. Launched in May 2025, SAS introduces a way to link real-world credentials to blockchain accounts in a privacy-preserving, reusable, and composable manner.

Let’s explore what SAS is, how it works, why it matters, and how it could redefine identity in the decentralized world.

What Is the Solana Attestation Service?

At its core, the Solana Attestation Service is an open, permissionless protocol designed to enable secure, verifiable credentials on-chain without exposing sensitive personal data. It allows trusted third parties, known as issuers, to create attestations about a user’s identity or qualifications, which are then stored in the user’s wallet.

These attestations can be used across various applications to verify things like:

• Know Your Customer (KYC) status
• Geographic eligibility
• Accredited investor status
• Age verification
• Association with a real-world organization or event

The attestation itself does not reveal sensitive information. Instead, it’s a cryptographic proof that the claim has been verified by a trusted party. This system preserves privacy while enabling seamless and secure access to services.

The Solana Identity Group: Powering the Future of On-Chain Identity

The SAS initiative is the first release from the Solana Identity Group, a collaborative effort among ecosystem players such as:

• Solana Foundation: Supporting growth and security of the network.
• Civic: A leader in decentralized identity.
• Solana.ID: Specializing in on-chain reputations.
• Trusta Labs: Leveraging AI for identity and Sybil resistance.
• Solid: Building globally interoperable identity tools.

Together, these organizations are laying the foundation for a standardized, composable identity layer on Solana.

How the Solana Attestation Service Works

The Solana Attestation Service (SAS) operates through a three-party model and a dedicated on-chain program:

• Issuer: The issuer is a trusted party (such as a KYC provider, event organizer, or government agency) that creates attestations for users. These attestations are digitally signed to demonstrate their authenticity and adhere to established standards.
• SAS Program: An on-chain program responsible for issuing, verifying, and managing attestations. It ensures that attestations are composable, interoperable, and verifiable without reliance on any centralized authority.
• Holder: The user (holder) receives the attestation and stores it in their digital wallet. Users can carry their validated credentials around the ecosystem because SAS is integrated into wallets that are compatible with Solana, such as Phantom or Backpack.
• Verifier: This could be any dApp, protocol, or smart contract that requests proof of certain attributes, like age or residency, before granting access to services or tokens. Verifiers never see the full underlying data, only the validated claim.

Since this system is non-custodial, composable, and interoperable, developers can stack and combine attestations like building blocks without having to start from scratch when designing verification systems.

Steps to Create an Attestation

1. Define the schema: Establish the structure of the attestation, specifying the type of claim (e.g., “is over 18”, “resides in the UK”).
2. Issue the attestation: The issuer signs the attestation using their private key, associating it with the holder’s wallet address.
3. Store the attestation: The signed attestation is stored on-chain or off-chain, depending on privacy requirements, and linked to the holder’s wallet.

These attestations can then be presented by the holder to verifiers, who can validate the authenticity without accessing underlying personal data.

Key Features of SAS

Here are the key features of Solana’s Attestation Service (SAS):

• Portable credentials: Users can reuse their attestation across other platforms after completing a verification process once.
• Privacy by default: Only information that is required is shared. Sensitive data is never shared or kept without permission.
• Composable and interoperable: Multiple attestations can be stacked by developers to accommodate complex use cases.
• Instant verifiability: There is no need for specialized backend systems because verifiers can verify credential validity with one SDK call.
• Open infrastructure: Anyone can build on SAS. No central authority governs who can issue or verify attestations.

Getting Started with Solana’s SAS

To integrate SAS into your application or to issue attestations, follow these steps:

• Install the SAS SDK: For JavaScript/TypeScript projects, install the SAS library manually, as shown below:

For Rust, ‘cargo add solana-attestation-service-client’ command is used.

• Explore documentation: Review the official SAS documentation to understand the available functions, schemas, and integration methods.
• Implement attestation logic: Utilize the SDK to create, sign, and verify attestations within your application. The SDK provides functions to handle the entire attestation lifecycle.
• Test your integration: Before deploying to the mainnet, test your implementation on Solana’s devnet to ensure functionality and security.
• Deploy to mainnet: Once testing is complete, deploy your application to the Solana mainnet and start issuing or verifying attestations.

Core Use Cases of SAS

SAS supports a wide range of applications across Web3:

• KYC passports: Users undergo KYC once and reuse verified credentials across exchanges, DeFi platforms, and launchpads.
• Region-based access control: Depending on the jurisdiction of the user, projects may fence participation, content, or tokens.
• Sybil resistance: By confirming user uniqueness, you can stop bot attacks and ensure fair token distributions.
• Investor accreditation: Verify the eligibility of investors for platforms that offer real-world assets that are tokenized.
• DAO reputation systems: Build trust and merit-based systems where votes and rewards reflect real contributions.
• DePIN & location proofs: Power decentralized infrastructure networks by verifying hardware or geolocation.

Key Ecosystem Adopters of SAS

The success of SAS lies in its adoption. Leading projects have already integrated or announced plans to support the protocol:

• Civic: Users with Civic Pass now automatically hold SAS-compatible credentials. Compliant access to assets throughout Solana dApps can be unlocked with these credentials.
• Solana.ID: Solana.ID leverages SAS to verify work and career attestations, allowing employers to issue immutable proofs of employment.
• Solid: Solid issues “Priority Passes” that include KYC and social credentials. These are usable across multiple Solana applications.
• Trusta labs: Combines AI and SAS for identity verification, Sybil resistance, and user targeting in DeFi and governance.
• RNS.ID: Enables sovereign digital identities backed by the Palau government, integrated with SAS for trusted, on-chain verification.
• Wecan: Bridges official government registries (e.g., land or shareholder records) to the blockchain using SAS.
• Polyflow: Supports verifiable transactions and identities in PayFi applications, making payments traceable and compliant.
• Range: Enhances blockchain security with on-chain identity intelligence. SAS attestations feed into Range’s analytics and monitoring tools.
• Sumsub: A leading KYC provider, Sumsub now supports SAS attestations for its Reusable Identity framework, helping users onboard seamlessly across platforms.
• Honeycomb protocol: Gaming SDK that uses SAS to enable verifiable missions, profiles, and reputations across games on Solana.

Solana Attestation Service vs. World Network

The Solana Attestation Service (SAS) and the World Network (World ID) are two decentralized identity systems designed to bring trust and privacy to Web3, but they approach the problem in fundamentally different ways.

SAS, launched in May 2025 by the Solana Foundation in partnership with Civic, Solid, Trusta Labs, and Solana.ID, enables users to receive verifiable credentials, such as KYC verification, accredited investor status, or geographic eligibility, that are cryptographically signed by trusted issuers and linked to their Solana wallet.

These attestations can be reused across dApps without exposing sensitive data, allowing for a privacy-preserving and composable identity layer native to the Solana blockchain. SAS is SDK-based and requires no special hardware, making it accessible to both developers and users. It supports use cases in DeFi, region-restricted access, DAO participation, Sybil resistance, and more.

In contrast, the World Network, developed by Tools for Humanity and supported by Sam Altman, is built around the concept of World ID—a global, biometric-based digital identity. Users prove their human uniqueness by scanning their iris at a device called the “Orb.”

According to the project, the biometric data is not stored; instead, it’s converted into a zero-knowledge proof that can be used across Web3 platforms. The system is designed to prevent Sybil attacks and enable fair participation in digital economies, including use cases like token airdrops, decentralized voting, and Universal Basic Income (UBI).

While SAS is focused on regulatory compliance and privacy for real-world credentials, World ID emphasizes proof of personhood, with an expanding presence across Ethereum and other chains, including eventual integration with Solana.

Criticisms of World Network

World Network has encountered significant scrutiny over its biometric data collection practices. Critics argue that the project’s reliance on iris scans for identity verification raises serious privacy concerns.

Despite claims that biometric data is deleted post-processing, skepticism remains about potential misuse or unauthorized access to sensitive information. Notably, privacy advocates like Edward Snowden have expressed apprehension, emphasizing the risks associated with biometric data collection.

Furthermore, World Network’s operations have been suspended or banned in several countries due to regulatory and ethical concerns:

• Spain: In March 2024, the Spanish Data Protection Agency ordered World to cease its biometric data collection activities, citing violations of the European Union’s General Data Protection Regulation.
• Hong Kong: In May 2024, the Office of the Privacy Commissioner for Personal Data directed World to halt operations, highlighting risks to personal data privacy and the unnecessary nature of its verification process.
• Germany: The Bavarian data protection authority concluded that World’s practices infringed upon data protection laws, ordering the deletion of all stored iris codes collected within the country.
• Kenya: Operations were suspended in August 2023 due to concerns over security, privacy, and financial implications.
• Indonesia: In May 2025, the Ministry of Communication and Digital Affairs temporarily suspended World’s activities following public complaints and potential violations of electronic system regulations.

These actions reflect growing global apprehension regarding the ethical and legal implications of biometric data collection, especially when involving vulnerable populations or lacking transparent consent mechanisms.

In contrast, by leveraging cryptographic attestations from trusted issuers, SAS allows for reusable and privacy-preserving identity verification across decentralized applications within the Solana ecosystem.

However, it’s important to note that SAS is still in its early stages. While it has garnered interest and initial adoption from projects like Civic and PolyFlow, its long-term viability and scalability remain to be demonstrated. The effectiveness of SAS in addressing complex identity verification challenges, ensuring widespread adoption, and maintaining robust security standards is yet to be fully realized.

The Future of Programmable Identity on Solana

The future of identity in crypto will be:

• User-controlled
• Compliant
• Interoperable
• Privacy-focused

All of these are provided by Solana’s Attestation Service in a format that customers can rely on and developers can incorporate. It lowers operational complexity, regulatory friction, and redundancy.

SAS establishes Solana as a pioneer in safe and expandable blockchain identity infrastructure as the need for identity-aware applications grows across DeFi, gaming, and real-world asset platforms.

Conclusion

The Solana Attestation Service is more than a protocol, it’s a foundational layer for a safer, smarter Web3. SAS will soon be recognized as the identity standard for the Solana ecosystem and beyond due to the backing of significant identity and compliance providers, an expanding number of use cases, and an intuitive developer interface.

For users, it means control. For developers, it means speed and trust. For regulators and institutions, it means compliance without compromise.

SAS is here. And it’s just the beginning.

FAQs