This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.
Today’s post is the next step in realizing our vision for the future of decentralized identities, which we laid out last year. We believe every person needs a decentralized, digital identity they own and control, backed by self-owned identifiers that enable secure, privacy preserving interactions. This self-owned identity must seamlessly integrate into their lives and put them at the center of everything they do in the digital world.
We’ve been hard at work contributing to numerous emerging standards and developing open source components in furtherance of that vision, Identity Hubs being our most recent contribution. Identity Hubs provide secure, encrypted storage of personal data and they rely on decentralized systems (blockchains and distributed ledgers) to anchor their identifiers. Unfortunately, those systems have not had the performance characteristics required to power a truly worldwide decentralized identity system.
That is until now. Today, we’re announcing an early preview of a Sidetree-based DID network, called ION (Identity Overlay Network) which runs atop the Bitcoin blockchain based on an emerging set of open standards that we’ve developed working with many of our partners in the Decentralized Identity Foundation. This approach greatly improves the throughput of DID systems to achieve tens-of-thousands of operations per second.
I’ve asked Daniel Buchner, a program manager on my team who works on standards and open source solutions, to present our latest contributions in this area. His post introduces another major component we’ve been developing—in collaboration with other members from Decentralized Identity Foundation ( Decentralized Identity Foundation (DIF)—to create a scalable foundational layer for decentralized identity systems.
As always, we’d love to hear your thoughts and feedback.
Alex Simons (Twitter: @Alex_A_Simons)
Vice President of Program Management
Microsoft Identity Division
Hi, it’s Daniel, from the Microsoft Identity team focused on developing standards for Decentralized Identity. Today, the most common digital identifiers we use are email addresses and usernames, provided to us by apps, services, and organizations. This puts identity providers in a place of control, between us and every digital interaction in our lives. Our goal is to create a decentralized identity ecosystem where millions of organizations, billions of people, and countless devices can securely interact over an interoperable system built on standards and open source components.
Recent advancements in decentralized consensus systems (e.g. blockchains, distributed ledgers) provide capabilities that can be leveraged to create Decentralized Identifiers (DIDs) that are owned by the user. While blockchains unlock the ability to create highly secure, censorship resistant identity systems, their transactional volumes are severely limited when compared to traditional systems. The most robust, decentralized, public blockchains operate at just tens of transactions per second, nowhere near the volume a world full of DIDs would demand.
This post details our joint effort with various members of the identity and blockchain communities to address the performance and scale needs of DID systems, while maintaining the properties of decentralization and self-ownership that differentiate them from existing identity technologies. There is no simple solution to this problem—one can’t just change a variable to increase the transactional volume of these system without degrading the very attributes of decentralization that make them valuable. To tackle this challenge, we’ve been collaborating with members of the DIF, notably ConsenSys and Transmute, to develop a blockchain-agnostic protocol for creating scalable DID networks, called Sidetree.
Today, we’re announcing an early preview of a Sidetree-based DID network, called ION (Identity Overlay Network), which runs atop the Bitcoin blockchain. ION is a public, permission-less, open network anyone can use to create DIDs and manage their Public Key Infrastructure (PKI) state. ION is designed to deliver the scale required for a world of DIDs, while inheriting and preserving the attributes of decentralization present in the Bitcoin blockchain. The code for the ION reference node is still under rapid development, and there are many aspects of the protocol left to implement before it is ready for testing on Bitcoin mainnet. On low-powered consumer reference hardware we’ve observed tens-of-thousands of DID operations per second. As with our previous announcements, we’re sharing our work as early as possible—rough edges and all—to start a conversation with the community and encourage collaboration.
The generic components specified by the Sidetree protocol comprise the majority of ION’s code. ION, like all Sidetree-based DID networks, is a combination of the core Sidetree logic module, a chain-specific read/write adapter, and a content addressable storage protocol (e.g. IPFS) that replicates data between nodes. Together, these components enable the creation of Layer 2 DID networks that run atop existing blockchains (Layer 1) at thousands, or even tens of thousands, of PKI operations per second. The only form of consensus the Sidetree protocol requires is a decentralized chronological ordering of operations, which is exactly what the underlying blockchain provides. Unlike monetary units and asset tokens, IDs are not intended to be exchanged and traded. This difference in constraints is reflected in how the protocol is designed and enables it to achieve far greater scale without reliance on additional Layer 2 consensus schemes, trusted validator lists, or special protocol tokens. All nodes of the network are able to arrive at the same Decentralized Public Key Infrastructure (DPKI) state for an identifier based solely on applying deterministic protocol rules to chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via IPFS.
In the coming months, we’ll work with open source contributors and members of identity community to prepare for a public launch of the ION network on Bitcoin mainnet. During this time, the project’s code will evolve rapidly and is best suited for use by experienced developers. If you’re a developer interested in contributing, you can use the ION node installation guide to get a node up a running on your machine. Please file any bugs you notice as “Issues” in the ION repo, and submit “Pull Requests” to help accelerate development. If you’re not an experienced developer but would still like to interact with an ION node, we deployed an early preview build of ION on Azure. For more info, see DID Registration.
We’re also engaging with ecosystem partners to operate ION nodes. Collaborating with partners to validate the protocol and build out the network is an essential step in preparation for mainnet release.
Here are some of the organizations who are leaning in early to run nodes:
- Equinix— Global interconnection and data center company. Equinix connects the world's leading businesses to their customers, employees and partners inside the most interconnected data centers.
- Casa—Developer of hardware, apps, and services for security conscious Bitcoin users.
- Learning Machine—Tools and services for issuing official records in a blockchain-anchored digital format, for schools, companies, and governments.
- Civic—Tools to control and protect identities, built using an open source secure identity verification ecosystem
- Cloudflare— Leading Internet performance and security company that runs one of the world's largest networks