This article describes the concept of digital identification on the blockchain and the working mechanism of Microsoft's ION.
From time immemorial, identification has been an integral part of the human race signified by many things such as tribal marks, body piercings, etc. In short, all humans have an identity, but how we identify ourselves has continually changed over the years.
Humans identify themselves through identification cards, which is important to confirm our identity relating to people or organizations. For instance, anyone opening a bank account, checking into a hotel, traveling out of a country, or even applying for a driver's license needs a form of identification card that is personal to the owner.
The advent of technology has reshaped how humans can identify themselves, especially online (digital) identification. As the way to represent identity changed gradually from analog to digital (internet), many people lost the liberty to manage their identity credentials online. This has prompted the belief in some people that blockchain could be the answer to the identity problem created by the internet since it is purely decentralized.
The identification on a blockchain will limit the control of people's identity to their own hands instead of a third party. Hence, they have complete control over their data.
This article goes beyond identity on the blockchain to exploring in detail the Microsoft ION identity solution. It defines identity on the blockchain, discusses how ION works and the various architectures and system features that make it unique from other identity networks on the blockchain.
Digital identification in the blockchain uses blockchain principles to create an identity card and provide management in such a way that gives control to the owner rather than a third party. Since the first blockchain implementation in bitcoin, it has been useful in various applications, including identity, healthcare, supply chain, etc.
Thanks to Bitcoin, a decade ago, that aroused the curiosity of developers, cryptographers, and distributed systems engineers to solve the problems associated with centralized identity systems. Today, cryptographers and other distributed system players are deploying identity solutions on various blockchains, viz; Bitcoin's ION, Cardano's Atala Prism, Ethereum's Element, and so on.
The distributed system community, through groups like Internet Identity Workshop IIW, World Wide Web Consortium W3-C, Rebooting Web of Trust RWoT, are exploring the ideas and technical processes of the traditional identity system. Hence, proposing decentralized identities to achieve a fully distributed and decentralized identity. The purpose behind DID, a foundational technical component of decentralized digital identity, is to give ownership and control to individuals.
While many solutions are proffered, the common denominator is finding a scalable, user-owned unique identifier to a set of cryptographic keys and routing endpoints. So many solutions thus far are not focused on achieving a scalable and decentralized network that doesn't require utility tokens, consensus mechanisms, and trusted validator nodes.
In response to the above-stated issue, Microsoft proposed and launched Identity Overlay Network, also known as ION. Before exploring the solutions, architectures, and killer features of Microsoft's ION, it is crucial to discuss in-depth more about identity.
Digital identification on the blockchain could solve some of the problems associated with our present identification process. These problems are:
Before defining Self-Sovereign Identity, we should understand that the user-centric model cannot give autonomy, which users need. So, the SSI was introduced to provide sovereignty and put total control in the hands of users.
Self-Sovereign Identity (SSI) is a digital identity that people can store on their devices without relying on an external party. The concept of SSI is purely decentralized and gives the power to create and manage an individual's identity to the owner instead of a third party.
The digital identity in a blockchain is decentralized, and it operates based on the following components:
Blockchain identification has numerous advantages, which are elaborated on below.
The idea behind ION is to achieve a scalable, resilient, user-owned decentralized identity system where users do not need utility tokens, consensus, and trusted validated nodes. By implication, users own and operate their nodes. ION is a layer 2, public, permissionless, decentralized DID overlay network that runs atop the Bitcoin blockchain and leverages a deterministic DPKI protocol called Sidetree.
Before fully deploying ION in early March, Microsoft started exploring Sidetree between 2017 and 2018. During this period, they determined if it was worth investing in. Upon realization, the team worked in collaboration with SecureKey, Mattr, Consensys, Transmute, Gemini, Bitpay, Casa among others to codify Sidetree into a formal specification with the decentralized identity foundation.
Microsoft's ION comprises a collection of microservices, including a Bitcoin Core, IPFS, and MongoDB (for local data persistence). Simply put, the majority of ION's code comprises Sidetree protocol. As a Sidetree based DID network, it combines Sidetree logic module; a chain-specific read/write adapter, a content-addressable storage protocol (e.g., IPFS), MongoDB, and an existing layer one protocol.
The content-addressable storage protocol like IPFS helps replicate data between nodes. The above combine to form the Sidetree protocol that enables the creation of layer 2 DID networks that run atop existing blockchains (layer 1) at thousands, or even tens of thousands, of PKI operations per second. The Sidetree requires no additional consensus like several other layer 2 solutions. It simply relies on a decentralized chronological ordering of operations provided by the underlying blockchain. Unlike monetary units and asset tokens, IDs are not intended to be exchanged and traded. To achieve greater scalability without relying on additional layer 2 consensus schemes, trusted validator lists, or special protocol tokens. Also, the Sidetree is designed to allow all nodes of the network to arrive at the same Decentralized Public Key Infrastructure (DPKI) state. This allows an identifier based solely on applying deterministic protocol rules to chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via IPFS.
ION leverages a single on-chain transaction, blockchain-agnostic Sidetree protocol to anchor tens of thousands of DID/DPKI operations on a Bitcoin chain. The ION node processes and encodes transactions with a hash used to fetch, store, and replicate the hash-associated DID operation batches via IPFS. Without requiring an additional consensus, the nodes process the hash associated DID operation batches following a DIF's set of deterministic rules, enabling them to independently arrive at the correct DPKI state for IDs in the system. The nodes are designed to fetch, process, and assemble DID states in parallel, and also, the aggregate capacity of nodes can run at tens of thousands of operations per second.
To run ION, you need to meet certain hardware and software requirements.
Make sure you have running on your machine, Windows, or Linux operating system. Upon meeting the listed prerequisites, follow the below to run ION and create DIDs;
Though digital identification in the blockchain is a field that is still new, it gives an assurance of more tight and user-centered control of one's data than centralized databases. It reduces the risk of getting people's information to hackers who use it for different nefarious activities. Microsoft proffered a scalable, resilient, user-owned identity management system that doesn't require utility tokens, trusted validator nodes, and additional consensus mechanism through ION, a layer two solution to decentralized identity.
Also read DeFi Lending: A Primer