Proposal: RFP: The Aragon Network needs a decentralised ID solution!

According to the Aragon Network Charter, those elected to lead an Aragon Network Sub-DAO need to be verified with a Decentralised Identity solution. Which solutions should we use?

Please reply to this post with your proposed solution, including:

  • the name
  • Summary about the solution (especially mentioning what makes it different)
  • Links to any documentation and traction metrics
  • The advantages of this solution
  • Limitations and risks of using it
  • Any associated costs

The solutions proposed will be submitted for a community vote on 4th of October 2021


The key criteria from my side is the speed of implementation, as we only need a handful of candidates to prove they’re not bots and this can be done manually (no need to integrate at this stage).

Also note that we can change this deicison at any point in the future, so we’re looking for a minimal viable solution :slight_smile:

Proof of Humanity.

It uses video proofs combined with social verification on-chain. It implements an arbitration court over challenged profiles.

Straightforward composability with any mainnet contract. ~9k verified humans. Check the UBI token integration with it:

Requires a user to generate their Proof of Humanity. 0.128 ETH deposit cost for each profile rn.


Proposed decentralized identity solution for Aragon Network DAO: BrightID.

What makes it unique

BrightID is a layer-0 identity system for the decentralized web. It is a privacy-preserving, social graph based identity lego that allows users to prove to applications that they are human and only exist once in any given system.

Structured as an open source public good, it is available to any interested application.

29,000+ verified users and rapidly growing in dozens of countries around the world.

Applications including Gitcoin, 1Hive, Rabbithole, and are using it today for Sybil resistance.


The first version of BrightID was created through a grant from Aragon Nest to build a pseudonymous decentralized unique id solution. The final milestone (integrate with Aragon app’s planned “identity” module) was cut due to a lack of funds in Aragon. (Every Nest grant received a budget cut at that time.)

The BrightID team has a deep working knowledge of Aragon. Its own DAOs have pioneered several innovations–such as “membership” DAOs (one-person-one-vote), and the use of Sub-DAOs.

A decentralized unique identity solution ought to be pseudonymous–all that should be required is a simple check mark showing that the DAO user is unique. Any use of a profile should be optional when considering a member’s uniqueness.


The integration can be done conveniently through an Aragon app.

Here is the original sketch of the BrightID Aragon app integration from 2018. The basic idea of scanning a QR code to link a person’s BrightID to an application (or in this case a DAO) has since been implemented and used by all integrating apps. (See

BrightID uses social graph analysis to identify duplicate accounts.

BrightID’s architecture allows a person to use a different address with each app (or DAO) and still be verified as unique. Addresses or personas in different apps or DAOs are unlinkable through the use of blind signatures released in API version 6.



  • Pseudonymity
  • A person can use a separate, unlinkable address or persona for each DAO and still be considered “unique.”
  • The solution can be delivered as an Aragon app
  • Verifications are always improving. The upcoming Aura app creates a self-regulating “helper graph” that can in turn be used to verify most users. It will overcome the first problem mentioned in limitations, below.


  • The verifications generated by BrightID may be considered too permissive or too strict. On one hand, “connection parties” allow someone to create a small number of sybils by being a tourist among different verifying groups. On the other hand, “yekta” verifications require proximity to the center of the graph, which isn’t practical for most new users.
  • A decentralized, pseudonymous ID user could rent their verification to someone else. E.g. user A doesn’t care about Aragon Network DAO, but user B does, so user B pays user A to use BrightID for pseudonymous verification for a second account in the DAO. This limitation isn’t unique to BrightID.


Each BrightID user must be sponsored once in their lifetime to fund BrightID as a public good. The current cost is about 10 cents per user. Aragon Network DAO could choose to sponsor its users or it could refer users to other DAOs or apps to sponsor them (or users can sponsor themselves.)

Smart contracts cost gas. BrightID’s contracts have been deployed on Mainnet, IDChain, xDai chain, and Arbitrum.


Update: some members of Bright DAO heard about this challenge and started building a BrightID gatekeeper for Aragon permissions. Forum post. DAO proposal. It should be completed this weekend.

We would still need an onchain registry for users to upload their verifications. We could use as-is if mainnet is the chain for the DAOs. As you can see, gas costs to use that on mainnet are quite expensive.

CLR.Fund is close to having a working registry on Arbitrum. Do you know what chain(s) Aragon Network DAO and sub daos will use @daniel-ospina ?


Shouldn’t the overall size of the pool of verified individuals be criteria to enable a wider base of potential candidates? For the same reason, would accepting multiple solutions be a viable option?

Disclaimer: I am a full-time member of Aragon Association core team

1 Like

How are we defining “verified” here?

I’m assuming that BrightID works with trust scores, with trust increasing the more people that verify you. If so what is the minimum level of trust that must be obtained to be considered “Verified”?

@adamstallard @daniel-ospina

I think we should also be mindful that many of the candidates applying for the Sub-DAO roles will likely not already be registered on the chose dID solution. We should therefore allow a reasonable time frame for candidates that have expressed interest to be on a Sub-DAO to verify.

What would you suggest is a reasonable timeframe to complete verification @adamstallard @santisiri ?


Humanode is the first crypto-biometric network where one human = one node that brings Sybil resistance and innovative governance models to the crypto industry using private biometric technology.

What makes us different?

To validate users’ identities and to create a Sybil-proof system, Humanode introduces a verification mechanism when the identity is derived from one or more unique features of the human body—with the implementation of premiere biometric solutions such as 3D facial recognition and private liveness detection mechanism for identification of real human beings.

As of uniqueness check, the possibility of a match between two different people is 1/12’800’000. Considering liveness check, the possibility of spoofing an identity without a real human in front of the camera is 1/80’000. Furthermore, these numbers increase approx 2.1 times in accuracy every year.

Humanode’s world’s first decentralized auditable pseudonymous biometric identification layer can be utilized in a variety of applications and platforms, such as Aragon.

The project’s key feature is privacy. Users don’t need to rely on other people to prove their ID, only on the network. Humanode enables users to control the verified credentials they hold, and their consent to use those credentials is essential for an identity system to be self-sovereign. This minimizes the unintentional sharing of users’ personally identifiable information (PII).


Sybil resistance in modern PoW and PoS networks is capital-based, making them plutocracies at the very core. The founders of Humanode felt that these plutocracies inevitably lead to centralization, and as a result, mining cartels and validator oligopolies dominate the market.

Humanode founders and core team members have worked together to realize their core concept of one person = one node = one vote, and create a protocol that can prove one’s unique identity through private biometric authentication schemes and grant permission to launch a node and verify transactions running an EVM compatible network.

As the project evolved, it became clear that on top of being able to create the financial platform we were aiming for, the Humanode cryptobiometric identity solution could assist in creating more democratic and decentralized DAO’s no matter what chain.


â–˛Telegram ANN
â–˛Telegram Chat
â–˛About the testnet
â–˛Testnet application


  • Privacy-preserving. Humanode utilizes cryptobiometrics which is based on a combination of various technologies and exists at the intersection of the disciplines of mathematics, information security, cybersecurity, encryption, zero-knowledge–proofs.
  • Biometric Sybil resistance. Biometric processing with liveness detection and periodic verification of identity. A single user can only create one biometric identity.
  • Self-sovereignty. The Humanode protocol applies principles of self-sovereign identity, requiring that users be the rulers of their own ID. In Humanode, there is no centralized third party to control one’s ID, thus ID holders can create and fully control their identities.
  • Pseudonymity. All biometric identifications created on Humanode are auditable pseudonymous biometric identifications, meaning users will be able to stay pseudonymous without the need of revealing their identity by proving they are real, living, and unique human beings.
  • Not time & resource-consuming. There are no social verification and profile creation costs. Users do not need to wait for other people to check their ID and to put money on a stake but only to scan their faces (or other biometric modalities in the future).
  • Easy to use. Humanode provides simple and sexy UI, the app is to be easily utilized even by non-tech users.


  • Bringing the solution to life will take time. Humanode is now on the testnet stage, with the mainnet launch scheduled for June 2022. The integration will be possible only next year.
  • Limited privacy so far. Currently, Humanode utilizes the same privacy standards as world leading companies biometrics, with enclaved and cryptographically secure biometrics planned for the mainnet.

Associated costs

The product is still at the testnet stage, so it is not possible to calculate the exact pricing at this time. Having said that, all transactions in the Humanode network are firmly grounded in a cost-based fee system which is based on real-world costs calculated in USD. The cost in general is calculated as follows.



Idena is the first Proof-of-Person blockchain based on democratic principles. Every mining node is linked to a cryptoidentity – one single person with equal voting power and mining income.

Every unique human can become an Idena validator no matter who they are and where they live. To start mining Idena, you need to prove you are a unique human. It does not require the disclosure of any personal data (no KYC). You need to appear online when the validation ceremony starts and solve a series of flip-tests (CAPTCHAs).

Links and documentation

Idena Whitepaper and technology
Idena Auth documentation
Idena network stats
Idena community resources and channels


Anonimity and sybil-resistant cryptoidentity. It’s semi-unique which means you can easily validate one account, but it’s much harder to get two and impossible to get many accounts. It can not be bought and sold, its value grows with age, it can not be taken over. Anonymous and Sybil-resistant identity is a missing part for Web 3.0.

No authorities. Cryptoidentity is mutually verified by users with no central authority in the peer-to-peer network. It is anonymous, self-managed, and valid globally. Cryptoidentity has no central issuer, so it can not be banned, restricted or censored.

Equal human rights. All cryptoidentities in Idena have equal rights: to validate other identities, to vote, to verify transactions. Self-sovereign, decentralized and anonymous cryptoidentity prevents human rights abuse by the powerful, and supports the rights of the individual to be oneself and to freely associate.

Sharding + Cryptoidentity = Scalability Scalable blockchain performing thousands of transactions per second can be built without compromising its safety and decentralization. Sharding combined with cryptoidentity is the solution to the blockchain trilemma: network throughput increases with the number of validated users forming more and more new shards.

Instant finality. Idena implements a Proof-of-Person Sybil control mechanism and committee-based BFT consensus with fast finality. Every block mined by Idena validators is final with almost 100% probability, which means that blockchain forks are almost not possible. You need to wait just 2 blocks to make sure your transaction will be never reverted.

Eco friendly mining. Idena blockchain is driven by eco-friendly Proof-of-Person consensus. To verify transactions, Idena miner needs to have a valid cryptoidentity and keep their node online. Mining income does not depend on your hardware. It doesn’t require to use up high volumes of electricity, GPUs or mining rigs.

Limitations and risks

L1 blockchain. Idena runs on a dedicated blockchain developed to support the high network load during the validation ceremony. Compared to L2 solutions, decentralized integration is harder but offers low transaction costs.

Associated costs

Idena validation is and will remain free for everyone. To keep the status of the cryptoidentity, the user has to take part in regular validation ceremonies every 20 days or so. On the other hand, it guarantees up-to-date identity status and gives much stronger sybil protection.

1 Like

Would it be possible for us to require voters to enter in some information ( screen name or wallet info) and then have a program create a hash based on that information. Then aragon and the person in question could keep that hash and use that for verification upon voting. So when you vote, for that vote to go through, you would then enter your hash that is linked to your info

Getting verified in BrightID is fast (less than 1 hour for the algorithm to process a user that has made the requisite connections), so the most important factor would be giving candidates enough time to realize that they have an additional requirement to fulfill.

1 Like

For our first pass at this, we should set the bar low–a user just needs to have connected to one member of a seed community. That means they could either attend a BrightID “connection party,” or an Aragon gathering where a seed community member is present and making connections.


Great to see testnet launched. Thoughtful breakdown of the Associated costs

1 Like

Hey everyone. Nice to see that you are looking to use a DID Solution.
If you want a working framework following the W3C Standard, have a look at IOTA’s DID Framework.
It is in use and we could support you setting it up for the Aragon SubDAO’s
Creating a DID on IOTA is totally free, no transaction costs or other fees are applied.
Full open-sourced works in Rust and javascript.
Check it in our Wiki: IOTA Identity Framework Guide | IOTA Wiki
If you wanna try it out use the Selv app POC: Selv - A digital Selv, under your control. (
Happy to answer all your questions.

Why use IOTA Identity over other implementations?#

IOTA Identity is a framework to implement Self-Sovereign Identities on IOTA. Inherently, IOTA provides some unique features that have a major impact on the usability of the framework.


IOTA is a feeless Distributed Ledger Technology, which means that messages can immutably be stored inside the Tangle at no cost, nor a requirement of holding any cryptocurrency tokens. That means that SSI applications can directly deploy towards the main network without any problems, as compared to most other SSI solutions running on a test network or having cryptocurrency requirements. This doesn’t just make IOTA Identity have predictable costs and prevent issues around cryptocurrency holding taxes and legislation, it also makes it a fair network as anyone would be able to create one or more identities at no cost. The wealth of someone is irrelevant, making it the most inclusive SSI solution.


Without the need for a token, IOTA Identity can directly be used on the main network without having to purchase and manage a cryptocurrency token. In addition, the framework provides easy-to-use APIs that allow both standardized behavior or flexible, yet more complex access. Lastly, IOTA Identity provides a Stronghold solution for managing secrets securely, without requiring developers to reinvent the security wheel.

General Purpose DLT#

IOTA is a general-purpose DLT as compared to some for-purpose DLTs with restricted use cases. That means that SSI can easily be combined with other DLT features such as payments, data streams, smart contracts, and access control. It will no longer be needed to utilize multiple DLT projects alongside each other.


I think BrightID has the best solution for a couple of reasons:

  1. Their verification process is designed for all types of users, especially for non-technical users, as it’s super easy and simple.

“Unlike other ID verification tools, BrightID requires no ID number, date of birth, or proof of address. All you need to provide is a picture and a name of your choice to facilitate making connections and other activities. You can even change them at any time.”

  1. Their “Connection Party” that @adamstallard is talking about is ideal for both onboarding people into verification, and it is a very low bar for participation. This would be especially useful in a longer term solutions as well, as it facilitates scale once a few people are verified + it incorporates community / social aspects that aren’t necessarily there with other dID solutions.

"Your BrightID is verified based on the social relationships that you present with your connections. Use the buttons on the bottom of the home screen to start making connections. One person shows a QR code for the other one to scan. The profiles data will then be exchanged through a secure p2p channel. They will then select the level of connections based on how much they know each other. It might be “already known”, “just met”, or “suspicious”. "


Getting verified on Proof of Humanity takes at least 3.5 days (Proof of Humanity Tutorial (Register & Vouch) - Kleros).
This requires someone to vouch for you immediately after you submitted your profile.
High gas prices are likely to cause delays in this process because people tend to want to wait with their profile upload.


The vote is live here

If you’re an ANT holder, make sure to vote (or follow the same link an vote as “abstain” to approve the vote but let the community choose)


AN DAOs are on polygon and ETh for now, BSC is next on the list.
We’re exploring rollup solutions like Arbitrum et all but still early and would still need a way to bring things back to Eth… So tricky for now.


Congratulations to BrightID which has been chosen by ANT holders as the preferred decentralised identity solution to be used with the Aragon Network DAO as per this vote - Aragon Voice - the ultimate solution for creating and managing proposals and voting in a decentralized, cost-effective, and secure manner