Decentralized autonomous organizations (DAO) have many use cases and are becoming increasingly more popular in recent years. The paper analyses the disadvantages and problems of current DAOs (i.e., the Plutocracy problem) and presents a solution, in which the existing implementations of DAO are combined with the Self-Sovereign Identity (SSI) ecosystem to solve those issues. The solution is presented in the form of an extension to the crypto wallet MetaMask, using Snaps, which enables DAO users to create SSI-based identifiers (DID) and manage verifiable credentials (VC), which are later on used as a voting ticket in a DAO. We validate the solution by presenting the prototype of the SSI Snap and demonstrating its usage on the Snapshot decentralized voting system.
Decentralized autonomous organizations (DAOs)[
In a plutocracy, the wealthiest members of the organization/society are the people with the most power and influence, regardless of their expertise on the given topic. Adding to that, most proposals are decided by only a few members who control the majority of tokens. Therefore, most token-based DAOs are not decentralized and give their holders a false sense of security, leading them to believe that they hold any weight in the decision-making process, while it actually is in the hands of few. The problem lies in the possibility of obtaining and transferring the reputation that represents your worth in the DAO. The plutocracy problem can never be solved if the reputation can be bought. Suppose we want to make DAOs more aligned with the web3 ethos and strive for meritocracy, where the power of members is determined based on their skills. In that case, diferent ways to represent reputation must be implemented.
Imagine a made-up metaverse DAO. There are several decisions that the community can
make: changes in the smart contracts [
Reputation should be gained through experience, achievements, and other successful
contributions to some cause (e.g., DAO). This could be anything from completing a quest on Rabbithole,
committing new code to a project, or being active in the DAO communities. A credible third
party should then give a reputation to the contributors in the form of proof of contribution or
attestation to their skills and knowledge. It’s only natural to do that in a digital,
cryptographically verifiable, and tamper-proof way. And the best way to do that in a structural and reusable
way is to use verifiable credentials (VC) and verifiable presentations (VP), which are one of the
main concepts behind the Self-Sovereign Identity (SSI) paradigm [
The aim of our research was to solve the above-presented challenge of plutocracy. The main idea was to enable DAOs to use a fairer way of operating and decision calling, which however should still be based on digital and decentralized principles and enable secure verification of voters’ skills and knowledge. For this, we analyzed the possibility of using SSI principles.
As such, we had to enable the integration of SSI and DAOs in a web3 user-friendly way, which
would enable seamless binding of the two ecosystems. Currently, there is no straightforward
way to operate within SSI and DAOs on the same terms and conditions, i.e., solutions on the
market require separate mobile/web applications for blockchain (DAOs) and SSI operations.
Therefore, in this research, we define the solution to these challenges in the form of software
architecture and components, which would enable seamless integration of the two ecosystems.
Our solution is based on the MetaMask wallet, which is one of the most adopted crypto wallets
in the market, especially in the Ethereum ecosystem [
The paper has the following structure: Chapter 2 provides an overview of applied technologies, Chapter 3 describes the proposed solution, Chapter 4 showcases the performed validation, and Chapter 5 discusses the advantages and disadvantages of the approach. The paper is concluded in Chapter 6.
Our proposed solution builds upon several concepts and technologies. This chapter provides their definition, description, and role in the solution.
Decentralized autonomous organizations (DAOs) are community-controlled organizations,
where rules are enforced and governed by a computer program, instead of a central government.
The computer program is usually represented as a smart contract, which is a program for the
automated execution of agreements stored on a (decentralized) blockchain and run on the
underlying virtual machines (e.g., EVM) representing the blockchain network. Their main
purpose is to provide a way for autonomous, decentralized, and transparent governance of
organizations. The first point is achieved by the usage of smart contracts, while the other two
points are provided by the underlying blockchain technology on which the smart contracts
are run. There are diferent types of DAOs supporting a wide range of use cases from Protocol
DAOs, Investment DAOs, Grant DAOs and Gaming DAOs [
Snapshot plays a vital role in the decentralized world and DAOs [
One of the key components for interacting with blockchain technology are crypto wallets.
Their primary functionality is secure storage of cryptographic keys, with which we control
the blockchain addresses, support transaction signing, and in some cases also data encryption.
When compared with digital wallets, the major diference is that crypto wallets are focused
on the management of blockchain addresses and thus the control over their coins and tokens,
while digital wallets have a more general purpose, enabling users to control (qualified) digital
identities and identifiers, and as such use those for purposes of authentication, digital signing, as
well as the collection and management of attestations in the form of digital documents [
The most popular wallet, MetaMask, introduced Snaps, which makes building plugins for
additional functionality possible [
Technically speaking, MetaMask Snaps is a system that allows anyone to expand the capabilities of MetaMask safely. It is a JavaScript program that runs in an isolated, sandboxed environment inside the MetaMask. In addition to the existing MetaMask RPC methods, Snaps can create new RPC methods for websites to call. Unfortunately, that is the only way to interact with the Snaps, as modifying MetaMask UI is not possible (at least at the moment).
Snaps are currently only supported in the MetaMask Flask, a separate desktop browser
extension for developers. But it is expected that the Snap system will be integrated into the
main MetaMask in the future, with much more information found in their documentation [
There are three main components to a digital self-sovereign identity: DIDs, VCs, and VPs.
Decentralized Identifiers, or DIDs in short, are the new type of unique and persistent identifiers
(URI) that enable verifiable and decentralized identity [
DID Document forms the root record for a DID and is a set of data that describes a DID, including mechanisms, such as public keys and pseudonymous biometrics, that an entity can use to authenticate itself as the DID. While a public key can be obtained from the DID document by anyone, a private key used for proofs and digital signatures is safely stored in the user’s wallet. DID Document may also include other attributes or claims describing the entity, such as service endpoint, delegates, etc. These documents are often expressed using JSON-LD.
DIDs are verifiable, their corresponding DID documents are usually stored on a trusted data registry (typically a blockchain) and can be accessed by anybody. There are multiple methods for storing and resolving DIDs. For example, the method did:ethr uses a Smart Contract on Ethereum to store the DID data. Similar to blockchain addresses, DIDs are pseudonymous, however, they ofer additional capabilities such as key rotation, delegation, and a way to link a service endpoint (social media account, etc.) to the identity.
However, DIDs are not enough to represent our entire identities as they merely provide a “basket” for them. This basket must be filled with all kinds of data, usually presented in the form of credentials in the real world. Credentials are ubiquitous in our daily lives they take the forms of passports, various licenses, and certificates, ownership of bank accounts, and much more. The problem with credentials is that until recently, there had been no standard ways of representing them organized online.
Verifiable Credentials, or VCs for short, are an open standard for digital credentials to solve
this issue [
VCs are interoperable and can use a lightweight Linked Data format. It is an extension of an already successful JSON format that provides a way to include object and data typing, JSON-LD keyword aliasing, creating links via nesting or referencing, and internationalization features (describes how to express data values in diferent languages). Another format for VCs is (JSON Web Token), a popular internet format for transferring data with digital signatures. Because of that, current SSI tools often provide better support for JWTs.
Verifiable Presentation, or VP for short, expresses data from one or more VCs and is packaged so that the authorship of the data is verifiable. The data in a VP, which is often about the same subject, could have been issued by multiple issuers.
There is a lot of ongoing work on further enhancing data privacy when presenting VCs. This
can be done with Selective Disclosure and Zero-Knowledge Proofs (ZKP). Selective disclosure
enables generating proofs from only a few attributes of a credential. Using ZKPs, one could
prove the necessary condition for the attribute without revealing the actual value. In practice,
this means one could prove that they are above the age of 18 without showing their ID card,
and third parties would instantly be able to verify that data [
Now that we have a base understanding of the individual SSI components, we can look at how they work together.
SSI completely changes the paradigm of online data sharing and brings it closer to the physical world. There are three entities in the VC trust model: • Issuer that issues the credential • Holder that is the owner and subject of the credential • Verifier that receives and verifies the credential
As seen in the Fig. 1, the issuer is the entity that issues VC to the holder whom the VC is about. The holder then presents the VC to the verifier, who verifies the validity of the VC and checks if it meets the established criteria. For example, a government issues an ID card in the form of a VC to Alice. Alice is the holder of the VC. Alice wants to go to a concert at a club. Alice has to prove that she is 18+ and does so by presenting a VP, which she generates using her VC. The club then verifies if Alices VC is valid and if she is indeed older than 18. The verification process is based as follows. When the government issues a VC, they add into the VC their DID and sign the VC with their private key of the coresponding DID. The DID document of the corresponding DID is registered on a blockchain. When the club wants to verify the authenticity and validity of the VC and its proof, they can check the DID and its associated public key on the blockchain to see who issued it without contacting the issuing entity. DIDs enable VCs to be verified anywhere, at any time.
At the core of our solution is the so-called SSI Snap. A Snap as already mentioned in Chapter 2.2.1, is a plugin-like extension of the popular crypto wallet MetaMask. As shown in Fig. 2, the SSI Snap resides inside the MetaMask wallet. The idea of the Snap is to provide blockchain-based accounts, that are controlled with MetaMask, handling the core functionalities of SSI wallets, i.e., generation and control of DIDs, management of VCs, etc. With such a solution, a possible DAO stakeholder, which currently is only able to participate in voting through the management of blockchain-based tokens, would now be able to vote using the same tools (MetaMask) by passing VPs as the voting ticket. To enable such functionalities, the Snapshot, which is the decentralized voting system for DAOs, also needs to support the management of votes based on VCs and not just tokens. In this example, the VC-based votes are then validated using Snapshot and Ethereum and stored inside IPFS to make the experience fee-less.
Every user in the system needs to have a unique id and full control over his online identity.
As previously mentioned, in the SSI world, this identity is called DID. To work correctly, DIDs
require a DID method, which specifies how DIDs and DID documents are created, resolved,
updated, and deactivated [
There are various DID methods. One of the most popular methods is called did:ethr. This method uses Ethereum addresses as fully self-managed DIDs. In other words, every Ethereum account is a DID (DIDs are Ethereum addresses with a “did:ethr::” prefix). Ethereum accounts in MetaMask, used daily by millions, are essentially DIDs. What is missing is the functionality to use them and leverage their potential correctly.
Our demo will use SSI Snap to store Solidity Course Completion VC, proving that the user controlling the MetaMask account has completed a Solidity course and is qualified to vote on Snapshot governance proposals.
In order for the SSI Snap to handle functionalities related to DIDs, VCs, and VPs, we decided
to use a Veramo framework. Veramo is a performant and modular API for Verifiable Data and
SSI [
Veramo is used to generate and store DIDs and additional keypairs. The team behind Veramo implemented plugins called DIDManager, KeyManager, and PrivateKeyManager to do precisely that. However, these plugins do not come with a way to store data inside the MetaMask State. Luckily, due to the extendable nature of these plugins, it made it easier to implement a custom datastore plugin that allows the Managers to store data inside the MetaMask State.
Veramo is also used to verify and store VCs and generate VPs. Unfortunately, Veramo does not have a VCManager plugin. Nevertheless, we developed the VCManager plugin with an additional datastore plugin to save VCs in the MetaMask state.
The ability to create additional datastore plugins is also great for future implementations. In the future, we plan to implement additional ways to store data, starting with storing everything (of course encrypted) in a cloud. This will make syncing with other MetaMask wallets possible. Having multiple ways of storing data and quickly changing between them will create a better user experience. The final SSI Snap architecture is shown in Fig. 3.
To maintain as much security as possible, we have decided not to expose private keys from existing MetaMask accounts but to create and use an additional DID (Ethereum account) exclusively for generating VPs. Private keys are needed for digitally signing VPs with Veramo, since core MetaMask RPC methods do not ofer a way to sign them properly. Essentially, this means that a separate DID is generated for every MetaMask account that wants to store and manage VCs. This DID lies in the MetaMask state and is only used for generating VPs.
However, a DID can only use its own VCs, and since VCs are issued to a MetaMask account DID, the newly generated DID can’t use them. To make things right, we authorize the new DID to use VCs explicitly. Thus, the DID has to be registered as a delegate to the DID document of a MetaMask’s account. We hope this won’t be necessary in the future as MetaMask is constantly updated with new features and tighter Snaps integrations are on the horizon.
To showcase the workflow of the SSI Snap, we have designed a proof of concept (PoC) and developed a demo platform. The PoC is designed with the Ethereum blockchain platform. One of the main reasons for this is the fact that: (1) it’s one of the decentralized and public permissionless blockchain platforms, (2) the most popular and most commonly used blockchain platform for smart contracts, (3) designed and tested did:ethr method, (4) plenty of already established frameworks, including various SSI & DID frameworks and, (5) DID Documents do not need to be changed often (or even never in some cases). A more detailed description of the prototype is accessible on the GitHub repository (Online Resources).
In PoC demo, a user will install and approve the SSI Snap, add a delegate to the DID Document of the selected MetaMask account, get and store a VC after completing a straightforward course and display the VC on the profile page.
The demo can be tested freely (Online Resources). To follow it, you need to use MetaMask Flask (version >10.9.2) and have some ETH on Rinkeby testnet.
To start using the platform, the user needs to connect to the platform using the MetaMask crypto wallet. After the connection is established, the user gets a prompt to install and Connect to the SSI Snap. The user needs to give it specific permissions for the Snap to work. Besides the standard permissions, SSI Snap also needs permission to manage the MetaMask state. When the user has successfully installed the Snap and connected to the platform, they can start the Solidity course (Fig. 4). First, the SSI Snap needs to initialize for the current account.
Adding a delegate will cost the user some ETH, as it modifies the blockchain state. Once the transaction is confirmed, a new delegate is added to the DID document. To make sure a new delegate has been added correctly, we can resolve the DID Document using the DID Universal Resolver. You can see that the delegate has been added to the DID Document of the user’s account.
The next step is to fill out the form and request the VC. We also use the Veramo in the platform’s backend to generate a VC. The user will be prompted to save the VC in the MetaMask state. Currently, this is done in a non-standardized way, but we are looking into OpenID Connect standards for VC Issuance.
A VC should appear under ‘My VCs’ on the profile page if everything goes well. This VC can then be used to create a VP when the user votes on the Snapshot platform.
To use the SSI Snap, dApps only need to implement a Connect MetaMask button and call our custom RPC methods.
As a next step in the PoC we have to expand the demo with the Snapshot voting mechanism that only allows those users to vote on specific proposals within a DAO, who can provide a valid VP. As seen in Fig. 5, the user voting on the Snapshot platform selects a valid VC, for which a VP is generated, and signs a transaction containing the content of the vote, including the VP.
Our main goal was to bring support for SSI principles to DAO, i.e., enable DAOs to leverage stakeholders’ proofs of skills and knowledge as a ticket for DAO voting. This had to be achieved with the notion of bringing DIDs and VCs to the MetaMask crypto wallet. The MetaMask Snaps system allowed us to add those functionalities to the most popular crypto wallet. With our SSI Snap we provided MetaMask users access to SSI without the need to install redundant applications or software. Existing MetaMask accounts become DIDs and users can store VCs directly in MetaMask and generate VPs when needed. The SSI Snap leverages the security of MetaMask, a secure and tested wallet, used by millions, so there is no need to worry about the security of storing data in a new application. Another advantage is the ability to create additional DIDs that are not necessarily MetaMask accounts and the ability to implement additional ways of storing data. The SSI Snap will be configurable, giving the users an option to decide where their data should be stored (e.g. IPFS) and which VC serves what purpose.
A disadvantage we see in the MetaMask Snaps system is the lack of support for developing a custom user interface, hence any interaction with SSI Snap requires a dApp. There is currently also no way to choose a single VC inside MetaMask which means that all VCs need to be sent to the dApp where the user gets to select one and a dApp receives more data than necessary. Regarding configurability, another disadvantage is again the need for dApp for a user to configure the Snap to his needs. The SSI Snap also currently does not provide any way to synchronize data with other MetaMasks applications - all data is stored locally.
Overall, the SSI Snap enhances the MetaMask with SSI principles and provides unified support for DIDs and VCs without the need for users to install and use any additional applications.
Decentralized autonomous organizations are community-controlled organizations. The currently dominant form of DAOs, token-based DAOs sufer from the Plutocracy Problem. DAOs should strive for meritocracy, where the power of members is based on their skills. To achieve meritocracy, DAOs have to evolve from token-based form to a form that uses self-sovereign identity with credentials. SSI enables individuals to create and control their identities online. SSI consists of unique decentralized identifiers, verifiable credentials, and verifiable presentations.
With the goal of meritocracy in DAOs, we developed a MetaMask snaps application that allows users to securely store and use SSI in their existing MetaMask wallet. This application gives millions of existing MetaMask users easy access to the SSI.
This work was supported by the Slovenian Research Agency (Research Core Funding) under Grant P2-00577.
To learn more about the SSI Snap, its architecture, and how to use it, a GitHub repo and the course demo are available.
• GitHub: https://github.com/blockchain-lab-um/ssi-snap, • Demo: https://blockchain-lab-um.github.io/course-dapp/, • MetaMask Flask: https://metamask.io/flask/.