Hi everyone - I am really excited to have Daniel Buchner, one of my team members and one of the brains behind the development of the Sidetree protocol at DIF here to talk about a huge step for us at Microsoft in the decentralized identity space. This work has been a long time in the making, and we are looking forward to your thoughts and feedback.
The inception of Bitcoin a decade ago reinvigorated cryptographers, computer scientists, and distributed systems engineers with new optimism about the possibility of decentralizing many aspects of digital life. A subset of these folks who also participate in the identity community began working on the problem of decentralized identity. Their efforts started to take shape as the community explored ideas and approaches to the underlying technical problems in groups like Internet Identity Workshop (IIW) and Rebooting Web of Trust (RWoT). As decentralized identity gained momentum over the next few years, what started as optimism and ideas evolved into something many believe can shift ownership and control of identity and personal data back to individuals.
Decentralized Identifiers (DID) is the foundational technical component that makes decentralized identity possible. Unlike centralized identifiers commonly used today (email addresses, usernames, etc.), DIDs are generated, owned, and controlled by individuals, not companies or other centralized entities. There are many different approaches to creating DID protocols, but they all revolve around the same concept: user-owned unique identifiers tied to a set of cryptographic keys and routing endpoints. While it’s not difficult to create a basic DID protocol, creating a robustly decentralized and scalable network without resorting to trusted validator nodes, utility tokens, and other mechanisms, is incredibly challenging.
Almost four years ago, the core concepts of the blockchain-agnostic Sidetree DID network protocol (which underpins ION) were first sketched out. As the concept matured through 2017-18, it became clear to Microsoft the technology was something worth investing in, so we began developing a Sidetree prototype within the Decentralized Identity Foundation (DIF). Through the tireless efforts of collaborators from many areas of the DID ecosystem, Sidetree is in the final stages of being codified into a formal specification within DIF’s Sidetree Development & Operating Group. Collaborators like Transmute (developers of the Sidetree-based method, Element), SecureKey, Mattr, Consensys, and many others, have been instrumental in shaping the Sidetree protocol. Every discussion, GitHub Issue, and line of code you contributed made this possible – thank you!
ION moves to Bitcoin mainnet
We’re thrilled to see ION make the leap to Bitcoin mainnet for its public beta. ION is an open, public, permissionless ‘Layer 2’ network built on open source code that anyone can review, run, and contribute to. From the very start, ION has been developed as a decentralized network designed to operate independently of centralized parties and trusted intermediaries, including Microsoft. ION doesn’t rely on special utility tokens, trusted validator nodes, or additional consensus mechanisms; the deterministic progression of Bitcoin’s linear block chronology is the only consensus it requires. The core promise of DID technology is to empower all individuals and entities with ownership and control over their identities, which aligns well with our mission of empowering every person to work, play, and achieve more. To deliver on that promise, we have chosen a different path from some of the more centralized approaches to DID technologies—and we believe ION exemplifies that choice.
ION is an open source, Apache 2 licensed project developed in DIF, which you can contribute to via the ION and Sidetree repos on GitHub. The ION reference implementation is comprised of the following key components:
- ION’s core service module (TypeScript)
- Bitcoin node (Bitcoin Core)
- IPFS node (JS IPFS)
- MongoDB (selected for its familiarity among developers)
Below is a high-level functional diagram of ION’s topology which includes nodes that embed IPFS CIDs into Bitcoin, retrieve and replicate DID operation data via the IPFS protocol, and process DID operations in accordance with ION’s deterministic protocol rules.
As an open, public, and permissionless network, ION does not rely on privileged validators or trusted authorities of any kind – anyone can run a node to participate in the network. In this spirit, we’d like to thank all the individuals and organizations who have been operating nodes and providing feedback since our ION prototype announcement last year, as well as the next wave of collaborators who will run nodes, provide feedback, and help harden ION during the beta run-up to a v1 final release:
- Mattr – provider of open, standards-based, interoperable capabilities and toolkits for decentralized identity.
- NCR – leading software and services-led enterprise provider in the financial, retail, and restaurant industries.
- Transmute – digitizing critical trade documentation to give importers a competitive edge in the increasingly dynamic global marketplace.
- Casa – the easiest, most secure way to protect bitcoin. Users get peace of mind that their bitcoin is safe, while keeping control of their private keys.
- BitPay – leading blockchain payment processor, and the exclusive service provider supporting Microsoft’s Bitcoin needs for ION, XBOX, and the Microsoft Store.
- Gemini – empowering individuals through crypto by providing a simple, elegant, and secure way for people to buy, sell, and store cryptocurrency.
- Fold – building the payments stack for a new economy—one that puts privacy and bitcoin within reach of every shopper.
Using ION today
To get started with ION, you can create ‘unpublished’ ION DIDs with basic client libraries (which you can instantly use for authentication and credential use cases), run your own node to create ‘published’ DIDs that are discoverable on the ION network, or find a node to publish DID operations for you. Since the keys for your DIDs never leave your hands, and all ION operations are signed locally on your device, you have the assurance that only you can modify the state of your DIDs, no matter how you choose to interact with the ION network.
How to run ION and create DIDs:
- Use a CLI to generate DIDs locally: https://aka.ms/ion-cli
- Get an ION node running quickly via Docker: https://aka.ms/ion-docker
- Natively install an ION node yourself: https://aka.ms/ion-install-guide
How you can use DIDs right now:
- Users can create their own DIDs and use OpenID Self-Issued DID auth to authenticate with sites, apps, and services that implement the draft specification: https://identity.foundation/did-siop/
- Users, companies, and other entities can create DIDs and cryptographically associate them with Web domains, creating a provable bidirectional ownership linkage using the DIF Well-Known DID Configuration specification: https://identity.foundation/.well-known/resources/did-configuration/.
- Issuers, such as companies, agencies, and other entities, can create DIDs to issue Verifiable Credentials to users. These credentials could be digital versions of just about any type of proof or assertion, including those stuck in the analog world of paper printouts.
- Plug the ION DID driver into an instance of the DIF Universal Resolver to resolve DIDs (may require some configuration for resolving mainnet DIDs): https://github.com/decentralized-identity/uni-resolver-driver-did-ion
If you’re a company or organization looking to get more involved with ION, we encourage you to join the Decentralized Identity Foundation (DIF) and its Sidetree Development & Operating Group. This group is the primary place where contributors meet to discuss various technical and operational issues for ION, as well as the Sidetree protocol that underpins it.
Next steps for ION
The move to Bitcoin mainnet for public beta testing is a major step in the march toward a final v1 release. Over the coming months, we be helping to grow the community of early adopters, code contributors, and node operators who will provide feedback to harden the protocol and improve the ION reference implementation. You can track progress via GitHub Issues on the Sidetree and ION repos. We will also be working on demos and projects that utilize ION for a range of use cases, which we plan to develop with the community via hackathons and other collaborative events.
Our next major milestone will be to launch the final v1 version of ION this fall. We encourage you to join us in Decentralized Identity Foundation (DIF) and the wider identity community to ensure this work reflects the needs of every stakeholder—which is all of us—because everyone has a right to own and control their digital identity.