A radical new framework for how to authenticate online identities just went live on the Bitcoin network.
Microsoft’s Decentralized Identity team has launched v.1 of its ION “DID” network on the Bitcoin mainnet. This secondary network is a “layer 2” technology like Lightning, except instead of focussing on payments, it uses Bitcoin’s blockchain to create digital IDs for online identity authentication.
An ID network like ION could be the key to unlocking a web where users no longer have to fumble with passwords, emails and cell phones for authentication.
“We are excited to share that v1 of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well. ION does not rely on centralized entities, trusted validators, or special protocol tokens – ION answers to no one but you, the community,” Microsoft’s Daniel Bucnher writes in a blog post.
What is Microsoft’s ION?
As noted by Buchner, ION is open-source, so anyone can download the code and run an ION node to use the service. It uses Sidetree, an open-source protocol for decentralized identifiers built by devs from Microsoft, Consensys, Mattr and Transmute.
ION uses the same logic as Bitcoin’s transaction layers to sign off on identity. A public key and its associated private key are used to verify that a user owns an ID.
For example, to log in to your email or social media in a world that uses ION, you would verify you own your account by “signing” you DID with your ION account. Thanks to the cryptographic links that ION creates to Bitcoin, the ION network would verify for the service provider that you own the ID associated with your account.
Any personal data (name, age, etc) tied to that ID is stored off-chain, depending on the service. ION’s IDs are anchored to Bitcoin’s blockchain using IPFS, and ION nodes can process up to 10,000 ID requests in a single transaction.
Users can create and manage multiple IDs with different keys for different services. Some of these may be used recurrently to log into services that users access daily (like email and social media), or could be used in one-off ways, like verifying concert or event tickets.
Anyone interested in running ION can do so through a remote node or by downloading it directly on a native device.
Microsoft has developed an API for developers who would like to interact with the service without downloading a node or wallet. They’ve also built an explorer for looking up DIDs created on the network.
With v1 launched, the team will focus on releasing a “light client” for bootstrapping nodes faster and streamlining ID resolution by authorizing an ID while its related transaction is still in Bitcoin’s mempool.
Are decentralized IDs the future?
Microsoft’s ION has attracted contributions from Bitcoin and crypto mainstays like Casa, ConsenSys, Gemini, BitPay and Protocol Labs, as well as a hand from the teams at Cloudflare, Spruce, and others.
ION has also worked with the Transmute and SecureKey teams who are building their own DID networks.
Decentralized Identity is a good example of a non-monetary use case for public blockchains like Bitcoin, and it’s even on the radar of the World Economic Forum’s blockchain chief. The World Wide Web Consortium (W3C), a body for web standards founded in 1994) is currently evaluating DIDs as a candidate recommendation, meaning the forum is considering recognizing these identity frameworks as an international standard.
Blockchain Commons head and crypto veteran Christopher Allen told CoinDesk in 2019 that Microsoft embracing Bitcoin’s properties for DIDs is “a step in the right direction.”
“You could have a service that is in the cloud hosted by Microsoft Azure, but is absolutely secure because everything in it is encrypted with your keys that you control and everything that run under your authority, even though it’s in the cloud,” Allen said.