Microsoft is leveraging blockchain technology to create a trustless digital identity scheme, but its not launching a token or building a private blockchain to do so. Its building on Bitcoin instead.
Announced on May 13, 2019, Project ION is an open-source, Layer 2 network built out of the public key infrastructure protocol Sidetree. In practice, “it is akin to Lightning, in that there is no secondary consensus among ION nodes,” a source close to the network’s development told Bitcoin Magazine.
“This is just like Bitcoin, but for IDs,” the source said.
The idea here is to make user names obsolete. Instead of logging into Facebook, email or any other application with a username, users can use a digital decentralized ID (DID) instead. This DID, like a private key when signing a transaction to the Bitcoin network, proves ownership. Individual ION nodes on the secondary network will be responsible for keeping track of these DIDs and timestamping them onto the Bitcoin blockchain for reference and attestation.
To create an ID, a user would wrap a public key into a DID creation document on the ION network, signing this input with their private key and sending it to a node on the network. This ION node then archives the metadata (without accessing the data itself) as a DID document for other nodes to reference. To set ownership of the DID in stone, the node batches reference hashes for all of the DIDs it has received into an OP_RETURN transaction and anchors it to the Bitcoin blockchain (this can be done on a variable schedule, either every block, every few blocks, etc.).
Every time a user updates their DID state — by creating a sub-ID or updating metadata, for example — the corresponding node updates these changes in the DID document. And whenever a batch is anchored on the blockchain, each ION node, which is constantly monitoring the blockchain, will identify the hashes as originating from the ION network. They’ll then pluck this transaction batch from the network, reference the DID documents in the nodes that sent it and sync up with the latest states of the IDs to keep the network up to date. Nodes can choose to batch transactions and monitor the chain, while others that wish to cut operation costs may simply monitor the chain to keep DID states up to date.
“Unlike money, decentralized identifiers don't have the same doublespend problem,” the source told Bitcoin Magazine. “All we need is chronology.”
This chronology is the key to DID owners proving that the most current state of a digital identity belongs to them. In practice, it would work like this: When sending a DID to a verifier, this party would challenge a user to resolve the state of this identity with its corresponding DID document on the network to prove ownership. This can only be done using a secret value given to the DID owner when the identity is hashed onto the blockchain, and only an owner can resolve or update a DID’s state using this value.
Users can create various identities under this schemata for any number of use cases. ION’s DIDs could be used for zero-knowledge, proof ID verification in bars, for example, or it could be used for membership programs with hotels and airlines — there’s also innumerable use cases for signing into online services.
The source emphasized that, while Microsoft has been developing the technology, it’s open source and anyone can run a node. Plus, the legacy computer company won’t charge a fee for the service.
According to the announcement, a handful of companies have shown early interest in running ION nodes, including Bitcoin hardware and security firm Casa, data center Equinix and internet security company Cloudflare.