Microsoft Corporation

05/13/2019 | News release | Distributed by Public on 05/13/2019 08:00

Preview announced for new Identity Overlay Network running atop the Bitcoin blockchain

Howdy folks,

Today's post is the next step in realizing our vision for the future of decentralized identities, which we laid out last year. We believe every person needs a decentralized, digital identity they own and control, backed by self-owned identifiers that enable secure, privacy preserving interactions. This self-owned identity must seamlessly integrate into their lives and put them at the center of everything they do in the digital world.

We've been hard at work contributing to numerous emerging standards and developing open source components in furtherance of that vision, Identity Hubsbeing our most recent contribution. Identity Hubs provide secure, encrypted storage of personal data and they rely on decentralized systems (blockchains and distributed ledgers) to anchor their identifiers. Unfortunately, those systems have not had the performance characteristics required to power a truly worldwide decentralized identity system.

That is until now. Today, we're announcing an early preview of a Sidetree-based DID network, called ION (Identity Overlay Network) which runs atop the Bitcoin blockchain based on an emerging set of open standards that we've developed working with many of our partners in the Decentralized Identity Foundation. This approach greatly improves the throughput of DID systems to achieve tens-of-thousands of operations per second.

I've asked Daniel Buchner, a program manager on my team who works on standards and open source solutions, to present our latest contributions in this area. His post introduces another major component we've been developing-in collaboration with other members from Decentralized Identity Foundation (Decentralized Identity Foundation (DIF)-to create a scalable foundational layer for decentralized identity systems.

As always, we'd love to hear your thoughts and feedback.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)
Vice President of Program Management
Microsoft Identity Division


Hi, it's Daniel from Identity team focusing on developing standards for Decentralized Identity. Today, the most common digital identifiers we use are email addresses and usernames, provided to us by apps, services, and organizations. This puts identity providers in a place of control, between us and every digital interaction in our lives. Our goal is to create a decentralized identity ecosystem where millions of organizations, billions of people, and countless devices can securely interact over an interoperable system built on standards and open source components.

Recent advancements in decentralized consensus systems (e.g. blockchains, distributed ledgers) provide capabilities that can be leveraged to create Decentralized Identifiers (DIDs)that are owned by the user. While blockchains unlock the ability to create highly secure, censorship resistant identity systems, their transactional volumes are severely limited when compared to traditional systems. The most robust, decentralized, public blockchains operate at just tens of transactions per second, nowhere near the volume a world full of DIDs would demand.

This post details our joint effort with various members of the identity and blockchain communities to address the performance and scale needs of DID systems, while maintaining the properties of decentralization and self-ownership that differentiate them from existing identity technologies. There is no simple solution to this problem-one can't just change a variable to increase the transactional volume of these system without degrading the very attributes of decentralization that make them valuable. To tackle this challenge, we've been collaborating with members of the DIF, notably ConsenSys and Transmute, to develop a blockchain-agnostic protocol for creating scalable DID networks, called Sidetree.

Today, we're announcing an early preview of a Sidetree-based DID network, called ION(Identity Overlay Network), which runs atop the Bitcoin blockchain. ION is a public, permission-less, open network anyone can use to create DIDs and manage their Public Key Infrastructure (PKI) state. ION is designed to deliver the scale required for a world of DIDs, while inheriting and preserving the attributes of decentralization present in the Bitcoin blockchain. The code for the ION reference node is still under rapid development, and there are many aspects of the protocol left to implement before it is ready for testing on Bitcoin mainnet. On low-powered consumer reference hardware we've observed tens-of-thousands of DID operations per second. As with our previous announcements, we're sharing our work as early as possible-rough edges and all-to start a conversation with the community and encourage collaboration.

The generic components specified by the Sidetreeprotocol comprise the majority of ION's code. ION, like all Sidetree-based DID networks, is a combination of the core Sidetree logicmodule, achain-specific read/writeadapter, anda content addressable storage protocol(e.g.IPFS)that replicatesdata between nodes. Together, these components enable the creation ofLayer 2 DID networks that run atop existingblockchains(Layer 1)atthousands,or even tens of thousands,of PKI operations per second.Theonly form of consensus theSidetree protocol requires is adecentralized chronological ordering of operations, which is exactly what the underlying blockchain provides. Unlike monetary units and asset tokens, IDs are not intended to be exchanged and traded. This difference in constraints is reflected in how the protocol is designed andenables it to achieve far greater scale without reliance on additional Layer 2 consensus schemes, trusted validator lists, or special protocol tokens.All nodes of the network are able to arrive at the same Decentralized Public Key Infrastructure (DPKI) state for an identifier based solely on applying deterministic protocol rulesto chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via IPFS.

In the coming months, we'llwork with open source contributors and members of identity community to prepare for a public launch of the ION network on Bitcoin mainnet. During this time, the project's code will evolverapidlyand is best suited for use by experienced developers. If you'readeveloper interested in contributing, you can use the ION node installation guideto get a node up a running on your machine. Please file any bugs you notice as 'Issues'in the ION repo, and submit 'Pull Requests'to help accelerate development. If you'renot an experienced developer but would still like to interact with an ION node, we deployed an early preview build of ION on Azure. For more info,seeDID Registration.

We'realso engaging with ecosystem partners tooperateIONnodes. Collaborating with partnerstovalidatethe protocol and build out the network is an essential step inpreparation for mainnet release.

Here are some of theorganizations who areleaningin early to run nodes:

  • Equinix-Global interconnection and data center company. Equinix connects the world's leading businesses to their customers, employees and partners inside the most interconnected data centers.
  • Casa-Developerof hardware, apps, and services for security conscious Bitcoin users.
  • Learning Machine-Toolsand services for issuing official records in a blockchain-anchored digital format,for schools, companies, and governments.
  • Civic-Tools to control and protect identities,built using an open source secure identity verification ecosystem
  • Cloudflare-Leading Internet performance and security company that runs one of the world's largest networks

While agreat deal of development, community building, andtestingremainsto be done,we'reexcited to workwith everyone todrive this important initiative forward!


Daniel Buchner (Twitter: @csuwildcat)
Senior Program Manager
Microsoft Identity Division