Ultimate Resource On Decentralized Identity On Bitcoin Blockchain
Microsoft is launching the first decentralized infrastructure implementation by a major tech company that is built directly on the bitcoin blockchain. Ultimate Resource On Decentralized Identity On Bitcoin Blockchain
The open source project, called Ion, deals with the underlying mechanics of how networks talk to each other. For example, if you log onto Airbnb using Facebook, a protocol deals with the software that sends the personal information from your social profile to that external service provider. In this case, Ion handles the decentralized identifiers, which control the ability to prove you own the keys to this data.
“A lot of enterprise infrastructures use Microsoft products,” Allen said. “So if they integrate this into any of their infrastructure products, they’ll have access to DID.”
Indeed, Yorke Rhodes, a program manager on Microsoft’s blockchain engineering team, told CoinDesk that Microsoft’s team has been working for a year on a key signing and validation software that relies on public networks, like bitcoin or ethereum, yet can handle far greater throughput than the underlying blockchain itself.
Underscoring the fact that Microsoft was a founding member of the Decentralized Identity Foundation, Rhodes said:
“There are systems that we have at Microsoft that give you permissions in an enterprise context, a product called Active Directory, that we think need to be able to recognize these DIDs as well.”
He added such infrastructure products and services related to Azure are among the Microsoft’s most popular offerings. This tiny piece in a giant machine, then, could have far-reaching impacts.
Meanwhile, an anonymous source with knowledge of Microsoft’s project told CoinDesk that Ion will shift from using bitcoin’s testnet to the bitcoin mainnet later this year. As such, any tech-savvy observer could run a node and contribute to this project.
Said W3C’s Allen:
“To have Microsoft say they are not scared of bitcoin, and in fact, it has some very good properties and we are willing to take advantage of those properties, is, I think, a step in the right direction.”
Stepping back, the difference between a DID under the hood, versus current infrastructure, speaks to the heart of users owning their own content and access. In the example of Facebook and Airbnb, with a DID, Facebook might be able to shut down your social media account but could not revoke access to all the tools that relied on the Facebook ID to log in. Plus, all those personal photos on Facebook would belong to the user, the holder of the DID.
Yet Facebook, in particular, may not align with Microsoft’s approach.
Another anonymous source told CoinDesk that although Facebook has been invited to participate in Microsoft’s DID projects and community efforts, so far the social media company has declined and instead continued to follow its historic approach to user data.
“They’re going in a different direction that’s not as decentralized,” the source said of Facebook.
The Wall Street Journal and others have reported that Facebook is looking to build a stablecoin-based payments platform for the social network. Yet Allen said he hasn’t seen any effort from Facebook to support DID standards or community efforts such as W3C, which may create a rift with corporations like Microsoft that are making such standards a core pillar of their business model.
Rouven Heck, head of DID at ConsenSys and active member of the W3C, told CoinDesk that Facebook is noticeably absent from community discussions across the tech industry about DIDs.
And although Rhodes said he was not aware of any dealings with Facebook, there was clearly a misalignment between the two company’s goals for using blockchain technology.
“Facebook is the complete antithesis of consumer privacy,” he said. “Their business model is based on the fact they can monetize data about you.”
What’s more, U.S. Senate Banking Committee last week wrote a letter to Facebook that voiced concerns about how the social media company will handle financial data with its crypto project, which is codenamed Libra. Few details about Libra have been shared to date outside of press reports.
In the past, Allen said that Facebook only implemented parts of protocols that enabled data sharing “in a proprietary way that only benefited” Facebook.
With regards to what approach the social media giant will take to blockchain systems, a Facebook spokesperson told CoinDesk:
“Like many other companies, Facebook is exploring ways to leverage the power of blockchain technology. This new small team is exploring many different applications. We don’t have anything further to share.”
In contrast to the allegations that Facebook is taking a different direction with its project, both ConsenSys and Microsoft are opting to make open source initiatives core pillars of their respective business models.
“If we can create certain standards it will help the system to build up faster, and that’s good for all of us,” Heck said. “The different products we have are all useful across the space and not built into some proprietary niche.”
Rhodes agrees with this approach, saying that engaging with the open source ecosystem serves Microsoft’s business objectives. He said the “philosophy of consumer ownership and consumer centricity” are core principles for designing Microsoft’s software going forward.
Allen said he hopes a sense of public responsibility will continue to be viewed as a competitive advantage – especially as Microsoft Azure goes head-to-head with Amazon Web Services for cloud market share.
“You could have a service that is in the cloud hosted by Microsoft Azure, but is absolutely secure because everything in it is encrypted with your keys that you control and everything that run under your authority, even though it’s in the cloud,” Allen said.
In Rhodes’ opinion, current experiments with blockchain technology are comparable to Microsoft releasing Windows 95 in decades past, which helped boost mainstream internet usage through a consumer-oriented operating system.
“Networking stacks were very tied to logins to existing networks,” Rhodes said of the pre-Windows 95 internet. “Like that, I think [Ion] is pretty significant.”
Decentralized Identity: How Microsoft (And Others) Plan To Empower Users To Own And Control Personal Data
Microsoft, one of the world’s largest software makers by revenue, is currently on a blockchain streak. This time, Microsoft presented a vast blockchain-related plan: a decentralized identity(DID) network built atop of the bitcoin network, which can potentially empower users all over the internet to take control over their personal data and content.
Earlier in May 2019, the United States tech giant announced its brand new Azure Blockchain Service along with Azure Blockchain Development Kit for the Ethereum blockchain. It also teamed up with Starbucks to present the first use case for its technology — tracking coffee production, from farm all the way to paper cups.
Decentralized Identity: From Helping Refugees To Fighting Data Centralization
The initiative could be traced back to the summer of 2017, when Microsoft collaborated with Accenture and Avanade to create a blockchain-powered database system that would enable multiple parties to share access to the same data with an “extremely high level” of confidentiality and security.
The prototype — running on Microsoft Azure, the tech corporation’s cloud platform — was presented to support ID2020. The group is a nonprofit, public-private partnership that has set out to deal with identity related challenges that plague over 1.1 billion people around the world. In particular those people come from less privileged social backgrounds and so the lack of documents excludes them from participating in cultural, political, economic and social life.
The concept of digital identity has been widely discussed as the key to solving those issues. For instance, the United Nations has proposed to use it to aid refugees, who form a substantial part of the undocumented population. “We want every refugee to have a unique digital identity,” Filippo Grandi, the U.N.’s high commissioner for refugees, declared in October 2017. “This will enhance accountability and facilitate two-way communication between refugees and service providers. It will also help prevent and reduce statelessness.”
Around the same time, Microsoft presented its prototype aimed at narrowing the identity gap, while the tech juggernaut also became a founding member of the Decentralized Identity Foundation (DIF). The company subsequently continued its research on how a digital identity can be decentralized, and therefore benefit not only those who don’t have an officially recognized identity, but average internet users as well — meaning practically everyone.
Fast forward to February 2018 and Microsoft unveiled more details regarding its distributed ledger technology (DLT)-based plan. Specifically, the company reported that blockchain technology allows hosting decentralized IDs (DID) on top of the distributed ledgers, and hence can grant users more control over their personal data, as opposed to having it remotely processed by “countless apps and services.” Ankur Patel, principal program manager at Microsoft Identity Division, wrote at the time:
“With data breaches and identity theft becoming more sophisticated and frequent, users need a way to take ownership of their identity. After examining decentralized storage systems, consensus protocols, blockchains, and a variety of emerging standards we believe blockchain technology and protocols are well suited for enabling Decentralized IDs. […] We need a secure encrypted digital hub (ID Hubs) that can interact with user’s data while honoring user privacy and control.”
Now, Microsoft has presented a new and an even more concrete concept: a DID network built on top of the bitcoin blockchain. Titled the Identity Overlay Network (ION), the infrastructure has been reportedly developed in conjunction with other DIF members to accommodate “tens-of-thousands of operations per second.”
Essentially, ION lets users obtain control over their own data via the management of their Public Key Infrastructure (PKI). “Today, the most common digital identifiers we use are email addresses and usernames, provided to us by apps, services, and organizations,” Daniel Buchner, senior program manager at Microsoft Identity Division, explained:
“This puts identity providers in a place of control, between us and every digital interaction in our lives. Our goal is to create a decentralized identity ecosystem where millions of organizations, billions of people, and countless devices can securely interact over an interoperable system built on standards and open source components.”
In other words, having a DID allows users to control their own data and content — including login details and photos, which is not currently possible on most social media platforms that store such data on their private, centralized servers. Consequently, some platforms might be quite skeptical about the concept of a DID. According to a CoinDesk report, Facebook, which had allegedly been invited to partake in Microsoft’s DID project, has rejected the offer and “instead continued to follow its historic approach to user data,” which involves monetization, as per various press reports.
Moreover, DIDs are supposed to be immune to hacking and data leaks, says Charlie Smith, an analyst at asset management firm Blockforce Capital. “The risk associated with security breaches and hacks could be largely reduced when considering that public blockchains are largely decentralized,” he told Cointelegraph exclusively. “Currently, large platforms control vast amounts of personal data and are suspect to centralized attacks in which bad actors can gain access to sensitive information.” According to Smith, the bitcoin network, which has never been hacked (in the conventional sense, at least) could serve as an effective public blockchain to hold private data.
Moreover, the analyst continued, public blockchains can track users who wants to access their data while keeping it safe:
“Another benefit stems from the ability for public blockchains to act as ledgers. Public blockchains, like bitcoin and ethereum, hold extensive records of every transaction that has occurred on each respective network and at the same time, cannot be altered. However, a blockchain could easily be implemented to track who accesses personal information and when. In both scenarios, a transaction of some kind is taking place. The underlying technology doesn’t need to change, just the implementation.”
Bitcoin’s Bane: Why Scalability Isn’t An Issue For Microsoft — And Other Did Networks
Notably, the tech corporation had to overcome bitcoin’s infamous scalability issue in order to make the infrastructure ready for mass consumption.
In the blog post, Microsoft explained that “the most robust, decentralized, public blockchains” operate at just tens of transactions per second, which is “nowhere near the volume a world full of DIDs would demand.” Since the company aimed to inherit the attributes of decentralization — and hence use slower, but time-proven blockchains — it had to address the throughput issue. As a result, Microsoft’s new solution reportedly ensures that as many as “tens of thousands of operations” per second can be achieved. That echoes the concept of the Lightning Network, which adds another layer to the bitcoin blockchain and performs large amounts of transactions off-chain, thus unburdening the main network.
“Critics have always been quick to compare the transaction processing abilities of the Bitcoin network with that of Visa or Paypal,” Smith told Cointelegraph. “It wasn’t until the lightning network was established that those arguments became far less valid. The ION network will face very similar critiques and will need to back up its lofty expectations with results.”
Also, Microsoft plans to collaborate with open-source contributors so that ION can publicly launch on the bitcoin mainnet “in the coming months” — meanwhile, the code has already been published on GitHub for everyone to review.
The U.S. tech giant’s plan isn’t the only DID initiative out there. Microsoft’s allies from the DIF community seem to be working on their own decentralized data solutions as well.
“As part of DIF we regularly review and give feedback to each other’s DID methods, to make sure they are interoperable,” Pelle Braendgaard, the co-founder of ConsenSys’ Self Sovereign Identity (SSI) solution uPort commented exclusively to Cointelegraph. “At ConsenSys, we’ve developed multiple DID methods. Our primary method is known as Ethr-DID.”
According to Braendgaard, although both Ethr-DID and SideTree — the blockchain agnostic protocol used by Microsoft for ION — are “very scalable,” there are some differences between the two. Specifically, he argued, SideTree DIDs “have to be created by a centralized server, currently hosted by Microsoft.”
When asked whether ION can be considered a fully decentralized project, Smith argued that it is “debatable, but all the main benefits of a decentralized network are present.” Particularly, he specified that “two major components of the ION network make it highly decentralized”:
“The system is set up so that no person or entity can control users’ identifying information and the public key infrastructure is decentralized. This means that the private and public key pairings aren’t managed by one central authority, essentially giving each user secure access to their identifying data. Even though Microsoft has spearheaded this project, they have formed it in a way that allows individuals to remain in charge of their information.”
Further, according to Braendgaard, SideTree DIDs are only useable off-chain in traditional applications, while some other DIDs — including its own — are fully usable both on blockchains and Layer 2 protocols.
Other major companies pursuing DID solutions include global online payments firm PayPal, which has recently invested in Cambridge Blockchain startup. Also a DIF member, Cambridge Blockchain is reportedly leveraging blockchain to give users more control over their digital identities.
“We envision a future where users have a lot more direct control over their personal data, and we also believe in open, interoperable architectures,” the startup’s CEO, Matthew Commons, told Forbes.
There is also Telegram, an encrypted messenger that is widely popular among the crypto community. Last year, it released a personal identification authorization tool dubbed Telegram Passport, which reportedly encrypts user’s personal ID information and allows them to securely share their data with third parties like “finance organizations, ICOs, etc.”
As per the announcement, users’ ID data is currently stored on the Telegram cloud, but “in the future, all Telegram Passport data will move to a decentralized cloud.” Indeed, that could help the messenger to boost its data tool’s security — just a few days after Telegram Passport was announced, cryptographic software and services developer Virgil Security reported that it is vulnerable to brute force attacks.
Will Microsoft’s Solution Become The Go-To One?
Microsoft’s DID-related plans seem to be highly ambitious. Specifically, the company aims to create an ecosystem where “billions of people and countless devices can securely interact over an interoperable system built on standards and open-source components.”
So, what are the chances of us seeing this come to be true?
“I can see how the ION network could potentially remove the control that apps and platforms have over digital identifiers and I believe that it could even become a worldwide-used phenomenon,” Blockforce’s Smith told Cointelegraph. “However, for that to happen, the technology powering the network would have to consistently prove that it can successfully scale.”
Once Microsoft manages to show that its network can handle thousands of transactions and operate on an industrial-scale, the data industry might be disrupted. This means that large social media platforms may have to adjust to the new rules and stop handling data in a centralized, opaque way — or else share the fate of Facebook and become infamous for regularly dealing with privacy concerns.
Decentralized Identity Could Replace All Login Functions, Says LG
A representative of LG’s information technology subsidiary LG CNS told Cointelegraph that blockchain-based identity systems could replace all login functions.
A representative of LG’s information technology subsidiary, LG CNS, told Cointelegraph that blockchain-based identity systems could become the new standard for login functions.
When asked about why the firm is pursuing the development of blockchain-based ID services, LG CNS said that it expects such systems to become “a hot topic for blockchain in the future.” The company also suggested that “maybe all login functions can be replaced.”
As Cointelegraph reported at the end of May, LG CNS partnered with U.S. firm Evernym to develop blockchain identity technology. The two firms aim to jointly develop an international digital identity standard for the World Wide Web Consortium.
Evernym, LG CNS’ blockchain partner in this enterprise, scored a $2 million investment from Overstock’s venture capital arm, Medici Ventures. Evernym previously launched its Sovrin platform, which enables organizations and governments to issue, verify, and manage digital credentials.
“Self-Sovereign Identity Standards Are Crucial”
When asked about how important he believes the project to be, Gabriel Kruman — head of strategy at blockchain firm RIF — said that “self sovereign identity standards are crucial.” He explained that those standards allow users to control their digital interactions and protect their privacy:
“Right now, our data, interactions, and reputation are trapped in silos by Big Tech companies which carry massive implications, particularly resulting in data leaks and the sale of personal data without our consent. Especially in identity-related technologies and standards it is very important to use open source technology so the systems of the future are open and available to everyone.”
RIF is the firm behind the homonymous protocol that Bitcoin (BTC) smart contract solution RSK is based on. He explained that the company is also working on an identity solution that “gives users the ability to show verifiable claims about themselves without losing their privacy.“ As Cointelegraph reported in mid-May, the firm recently launched a third-layer scalability solution.
Blockchain ID Is A Double-Edged Sword For Privacy
Kruman said he hopes the standard “will help future generations to recover the right to privacy over their digital interactions that our generation lost in the past 15 years.” He explained that such a standard could have great benefits for the security of personal data.
Kruman claims that the decentralized storage of personal ID lowers the probability of data leaks. Still, he has his reservations:
“On the other hand, I wouldn’t really like to see this tool used for mass surveillance by tech companies and governments disguised by well-intentioned standards. For that to be avoided, open-source technology is needed as well as public blockchains.”
Microsoft Releases Bitcoin-Based ID Tool As COVID-19 ‘Passports’ Draw Criticism
Microsoft’s Bitcoin-based decentralized identity tool, ION, went live with a beta version on mainnet Wednesday as one of many efforts by members of the Decentralized Identity Foundation (DIF) to fast-track tools anyone can use for COVID-19 crisis response programs.
Microsoft and ConsenSys’s uPort project are both leading DIF members. Separately, Microsoft is also collaborating with the bitcoin startup Casa to create a user-friendly interface for managing multiple digital identities.
“We’re excited to help ION take full advantage of technology like Bitcoin to vastly improve authentication, security and privacy on the internet,” Casa CEO Nick Neuman said in a press release.
“We are thrilled to have Casa collaborating on ION with us, which showcases the potential of building real-world applications that leverage the strong foundation Bitcoin provides,” Microsoft project lead Daniel Buchner said in a statement.
First announced last year, ION is meant to enable user-controlled logins that suit independent companies or services, rather than having system-providers (like Facebook) owning a user’s login credentials. ION can be used for many use cases that aren’t strictly related to health certificates or contact tracing, though the continued spread of coronavirus has influenced its potential usage.
“Almost every group in the blockchain industry is coming up with use cases,” said ConsenSys employee and DIF leader Rouven Heck, referring to potential partnerships with government agencies.
“There are conversations happening at the moment but it’s not a formal agreement,” Heck said.
“Everybody wants to move fast and has a high interest in demonstrating this technology can be very powerful.”
The race is on for companies to work with governments on such high-tech emergency ID measures. There are generally two approaches, contact tracing and digitized medical records, while some Asian governments combine them. For example, dozens of blockchain startups joined forces to start creating an “immunity passport” approved by the World Wide Web Consortium (W3C) Verifiable Credentials standard.
However, some people see both approaches as controversial, even dangerous.
In May, attorney Elizabeth Renieris resigned from her advisory role at the ID2020 consortium for decentralized ID (DID) creators, including Microsoft, saying she “cannot be part of an organization overly influenced by commercial interests that only pays lip service to human rights.”
Microsoft would not make executives available for an interview, though the company did provide a statement.
“Microsoft is continuing to work on the ION project, which has always included considerations on functionality for a wide range of use cases,” a Microsoft spokesperson told CoinDesk. “While there could be relevant software solutions inspired by new needs and current market demands, Microsoft believes in empowering people and protecting privacy and is committed to growing the open source community and industry standards.”
Microsoft’s open source ION project uses the Bitcoin blockchain for something comparable to a coat-check ticket.
Rather than include all the data about the coat (or person), which would be hard to scale, it offers a Bitcoin-ledger reference number to the data’s chronology. The heavy data is actually stored between ION nodes using the InterPlanetary File System (IPFS). Whoever is anchoring the data pays a small fee to bitcoin miners to record the reference number.
“The focus is to make things highly interoperable,” Heck said, referring broadly to the urgent work being done on solutions across the space.
Part of the reason why organizations involved with DIF are working to make their technologies compatible across use cases and systems is interoperability might, at the very least, make it easier to build privacy features that apply across the spectrum.
“Uport at ConsenSys are also working on projects,” Heck said. “Microsoft’s ION stack or Uport’s stack should be compatible.”
Even so, some privacy advocates say the project’s safeguards are lacking.
Former W3C employee Harry Halpin, now CEO of the privacy-tech startup Nym, said some of these efforts are simply repackaging previous work.
“ID2020 is just the latest attempt to violate people’s privacy using feel-good rhetoric. It’s also part of a larger business plan. Microsoft and IBM’s entire bottom line is to build identity systems,” Halpin said. “Governments need to establish identities of who owns these keys, so they say, ‘OK, we’ll have an open standard, call it decentralized, and make it mandatory.’”
In the face of such harsh criticism, blockchain advocates are working to identify and minimize the ethical risks of the tools they continue to build.
According to W3C member and nonprofit Blockchain Commons founder Christopher Allen, it’s not clear the contact tracing like Google and Apple are offering will work unless the vast majority of all Americans use them. Since it’s hard to get enough people on board for contact tracing to work, he worries the most salient result may simply be accelerated data collection.
“Probably the most dangerous type of information, out of all types of personal information, is location data,” Allen said, explaining contact tracing would require privacy tech at multiple layers, from the app level on the phone to the internet infrastructure someone uses.
“It’s incredibly hard to protect,” he said.
In reference to an open source emergency app in Israel, which does have privacy measures yet was operated in cooperation with various government entities, Allen said it’s clear “this data is already out there being collected and [location data] correlation is happening.”
Zcash Foundation researcher Henry de Valence agreed such systems are not the best use case for distributed ledger technology, or really any software.
“I don’t think people should build those systems and I don’t think they would be effective at preventing the spread of disease,” he said, adding he does not see so-called immunity passports as any better. “There’s no cryptographically strong way to prove immunity one way or another.”
Some countries, like Honduras, have already implemented some type of blockchain solution for certificates that give people a type of ticket for medical services or free movement outdoors.
However, in these cases, the government generally came up with a policy and found a startup to create the relevant tooling, rather than tech startups coming to policymakers with prospective offerings. One exception, which isn’t widely adopted so far and didn’t use blockchain technology, was NSO Group pitching surveillance technology to American police. Despite the societal risks, crypto companies are taking NSO Group’s proactive approach.
Allen is slightly more optimistic about decentralized identity tools for self-sovereign medical records.
“This architecture is ripe for solving this particular problem,” Allen said, warning this is only in reference to the digital certificate itself. (Whether the medical tests actually prove immunity is a different matter entirely.)
As someone who collaborates with both immunity passport teams and companies involved with the DIF, he said they are taking disparate approaches based on their own evaluations of the tradeoffs. He’s not sure which will be better and hopes the market will decide.
“We don’t know what the best answer is and we don’t have a strong rubric for what the best level of decentralization means,” Allen said of the immunity passport coalition. “Parties like DIF, with Microsoft and ConsenSys … [have] a different set of rubrics to decide the answer to their solution.”
On the other hand, Zcash’s de Valence remains skeptical.
“It’s the duty of technologists to ask what types of systems we’re creating and what kinds of social structures do those things create,” he said.
Although Allen warned no technology offers a panacea, especially with regards to government overreach or recurring outbreaks, he expects some type of new “verifiable credential” technology will probably emerge from this crisis.
How A Decentralized Identity Platform Could Transform Driving Forever
An open-source blockchain has broadened its decentralized identity partner base in a move that could bring trust to the DeFi sector and automotive industry.
An open-source blockchain specializing in digital identity and data has held a live ask-me-anything session with Cointelegraph.
Erick Pinos, Ontology’s Americas ecosystem lead, said the company is constantly making upgrades to its protocol — meaning big improvements have been made since it was initially released in 2017.
“Our virtual machine can handle a lot more complex transactions at the same time — and a lot more complexity in what developers can build,” Pinos noted. “We’ve always been making improvements to the core protocol, but we’re also focused a lot on smart contracts and tools that are built on top of it.”
A Flagship Product
One such tool that has been developed in house is ONT ID, a decentralized identity framework. As the global economy continues to hinge upon data — with some of the world’s biggest tech companies suffering high-profile breaches — Ontology says it has never been more important for consumers to protect their data properly.
ONT ID uses blockchain and cryptographic technology to identify and connect identities and assets — and according to the company, its single sign-on approach offers a compelling alternative to the “antiquated” landscape we see at present, where usernames and passwords are used to access online services.
The status quo is bad for three reasons, Ontology says. One, user data ends up being stored on a web application’s server. Two, this means users need to remember an endless range of username and password combinations. Three, this creates a temptation to use simple passwords so they don’t forget them — and combined with lax security measures from tech companies, breaches subsequently become more likely.
ONT ID can be used as a unified account and helps users to keep data in their own hands. Other applications include issuing graduation certificates and academic transcripts — meaning credentials are easier to verify. This also creates an added layer of privacy, as graduates can prove they meet criteria without having to reveal the exact grades earned.
More Insights From Ontology Here
According to the team, one application for ONT ID involves building trust in the automotive industry and transforming life for drivers forever. A recent video — Drive with Ontology — showed how ONT ID could one day be used to unlock cars and securely record driver data. An app would enable vehicle sharing between ONT users, allow insurance claims after accidents to be settled via smart contracts, and even enable motorists to pay for road permits, which give them a higher priority over other drivers.
An expanding network
Ontology allows developers to build on top of its blockchain, and the company has been cultivating and expanding a decentralized identity partner network. Tech integrations with Ethereum, NEAR, Binance Smart Chain, Celo, Klaytn and Tron have all been unveiled — broadening the scope for collaboration considerably.
The company’s founder, Li Jun, said: “With these new integrations, our tailored decentralized identity solutions now offer a higher degree of chain interoperability, greatly elevating the status of our offerings within the industry.
Today’s announcement also illustrates our advanced capabilities pertaining to digital identity and data management, while paving new ways for Ontology’s DeID solutions to be used across a variety of different application scenarios.”
Cross-chain functionality is a priority for Ontology, which wants its DeID framework to be available on any chain.
In time, the company also wants to offer unique application scenarios for the bustling decentralized finance sector through its OScore product — boosting the development of credit-based DeFi initiatives. For example, Wing was the first credit-based cross-chain DeFi platform built on Ontology.
Microsoft’s ION Digital ID Network Is Live On Bitcoin
Imagine never having to use a password or a username ever again. Networks like ION could make this a reality.
A radical new framework for how to authenticate online identities just went live on the Bitcoin network.
Microsoft’s Decentralized Identity team has launched the ION Decentralized Identifier (DID) network on the Bitcoin mainnet. This network is a layer 2 technology similar to Lightning except that instead of focusing on payments it uses Bitcoin’s blockchain to create digital IDs for authenticating identity online.
An ID network like ION could be the key to unlocking a web where users no longer have to fumble with passwords, emails and cell phones for verification.
“We are excited to share that [version 1] of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well. ION does not rely on centralized entities, trusted validators or special protocol tokens. ION answers to no one but you, the community,” Microsoft’s Daniel Bucnher writes in a blog post.
What Is Microsoft’s ION?
As noted by Buchner, ION is open source, so anyone can download the code and run an ION node to use the service. It uses Sidetree, an open-source protocol for decentralized identifiers built by devs from Microsoft, ConsenSys, Mattr and Transmute.
Open to the public after being in closed beta since June 2020, ION uses the same logic as Bitcoin’s transaction layers to sign off on identity. A public key and its associated private key are used to verify that a user owns an ID.
For example, to log into your email or social media in a world that uses ION, you would verify you own your account by “signing” your DID with your ION account. Thanks to the cryptographic links that ION creates to Bitcoin, the ION network would verify for the service provider that you own the ID associated with your account.
Any personal data (name, age, etc) tied to that ID is stored off-chain, depending on the service. ION’s IDs are anchored to Bitcoin’s blockchain using the InterPlanetary File System (IPFS) protocol, and ION nodes can process up to 10,000 ID requests in a single transaction.
Users can create and manage multiple IDs with different keys for different services. Some of these may be used recurrently to log into services that users access daily including email and social media, or could be used in one-off ways such as verifying concert or event tickets.
Anyone interested in running ION can do so through a remote node or by downloading it directly on a native device.
Microsoft has developed an application programming interface (API) for developers who would like to interact with the service without downloading a node or wallet. The company has also built an explorer for looking up DIDs created on the network.
With version 1 launched, the team will focus on releasing a “light client” for bootstrapping nodes faster and streamlining ID resolution by authorizing an ID while its related transaction is still in Bitcoin’s mempool.
Are Decentralized IDs The Future?
Microsoft’s ION has attracted contributions from Bitcoin and crypto mainstays including Casa, ConsenSys, Gemini, BitPay and Protocol Labs, as well as a hand from the teams at Cloudflare, Spruce and others.
ION has also worked with the Transmute and SecureKey teams who are building their own DID networks.
Decentralized Identity is a good example of a non-monetary use case for public blockchains like Bitcoin, and it’s even on the radar of the World Economic Forum’s blockchain chief. The World Wide Web Consortium (W3C), a body for web standards founded in 1994), is currently evaluating DIDs as a candidate recommendation, meaning the forum is considering recognizing these identity frameworks as an international standard.
Blockchain Commons head and crypto veteran Christopher Allen told CoinDesk in 2019 that Microsoft embracing Bitcoin’s properties for DIDs is “a step in the right direction.”
“You could have a service that is in the cloud hosted by Microsoft Azure, but is absolutely secure because everything in it is encrypted with your keys that you control and everything that run under your authority, even though it’s in the cloud,” Allen said.
Self-Sovereign Identity, 5th Year Anniversary
Five years ago, Christopher Allen wrote about “self-sovereign identity,” a key principle for crypto and the web 3.0 community. Here he reflects on its impact.
It was five years ago today that I wrote The Path to Self-Sovereign Identity for CoinDesk, my foundational article discussing the history of digital identity and laying out principles for creating a new sort of identity, based on individual control and human rights. It was written to address a problem that was growing year by year:
Facebook was increasingly controlling our access to the online world, and Google was increasingly correlating all of the information about us. Meanwhile, the refugee crisis in Europe was highlighting the problem that 1.1 billion people in the world were living without digital identity at all, denying them crucial access to financial, political and social systems.
How could we square the circle, widening access to digital identity, while making sure it was something that was controlled by us, not by huge megacorps? My answer was self-sovereign identity.
My article was very much written from atop the shoulders of giants. PGP’s Web of Trust was one of the first architectures to show a different way, where identity could be supported by peers rather than by centralized authorities. The Internet Identity Workshop (IIW) had already done a decade worth of lauded design of user-centric identity, including work with OpenID and other emerging standards.
Devon Loffreto was one of the first to talk about “sovereign source authority” in Project VRM. I am happy to have contributed to that stream of design, and I have been elated to see support grow for my own self-sovereign identity approaches over the last five years.
I feel like the principles were the most important element of my original article. They were intended as a draft that I thought would need more community input and evolve over time, but instead they resonated immediately.
I have been able to talk about them with legislators and civil servants in Taiwan, Holland and Wyoming; they speak to all of those people about the need for human dignity and control of identity on the internet. The 10 principles of self-sovereign identity have become a part of our conversation.
There’s been a bit more resistance over the name of self-sovereign identity. There was always concern that it would get intellectually conflated with the sovereign citizen movement in the United States, to which it has zero relation, but there was also concern whether it would cause unease with governments. Personally, I put the latter concern aside in May 2016 when I attended the ID2020 Summit at the United Nations and heard global ambassadors and leaders perfectly willing to use the new term.
Today, the language of self-sovereignty had spread far beyond its beginnings as a type of identity to users of many sorts of digital assets, such as cryptocurrency. Digital-asset holders speak of it as something that gives them the autonomy to make their own decisions about those assets, without any interference from third parties or other gatekeepers. So, even if there is still some question about the “self-sovereign” nomenclature in the digital-identity ecosystem, it seems to be increasingly accepted by the digital-assets community.
I think Google may actually best point to the success of the term: I remember back in 2016, people interested in my article were told to just search for “self-sovereign” and they could find it at the top of the results, but now it’s a few pages back in the searches! That reflects progress in the field: The search results are now full of articles discussing self-sovereign identity and of companies offering solutions.
I think these are the two most crucial successes to mark on this fifth anniversary: that we are all acknowledged to be people on the internet, deserving dignity and holding human rights and that the idea of self-sovereignty has become a part of the vocabulary.
It speaks to a change in our view of personhood in the 21st century that I feel is crucial. But, of course, that’s been backed up by an astounding amount of technological innovation during the last five years as well.
I’m proud that a lot of that initial movement came through work on two crucial technologies, Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), at the Rebooting Web of Trust (RWOT) workshops that I host. The work was done by a huge array of experts, leading off with Drummond Reed, Les Chasen and Manu Sporny. Five years later, VCs are a full Recommendation at W3C as an official international standard, and DIDs are a Candidate Recommendation at W3C and thus almost there. That’s the heart of the self-sovereign identity architecture: an identifier and the ability to make claims.
What does a DID look like? A DID is a digital identifier such as did:example:123 that represents you (or really, any entity) in some context. In a sense, it’s like a Social Security number or driver’s license number, except that it is controlled by you and non-identifying. A link to a DID document can provide authentication information and references to Verifiable Credentials. That allows you to make claims without forcing you to reveal a real-world identity first.
How does a DID work? A user can use a secret (usually a large number) to prove that they own a DID and thus the claims made for that DID through Verifiable Credentials. These Verifiable Credentials might give them electronic privileges, such as access to a website, or they might provide real-world details, such as date of birth, college degrees or work history.
Other entities can validate the claims by signing them. The essential point is the identifier is separate from the claims about that identifier, and thus offers better security and privacy.
How do DIDs meet the requirements of self-sovereign identity? DIDs address many of the principles of self-sovereign identity, but particularly control, access and portability. A user has personal authority over their identity, and in fact can create multiple, contextual identities to avoid correlation; a user knows all the data associated with the DID; and a user can use the DID in different contexts as they see fit.
That is a big change from something like Facebook Connect, where a third-party could suddenly and arbitrarily remove a user’s access to a variety of websites. DIDs built upon the full set of self-sovereign identity principles can go far beyond that, allowing a user total understanding of the identity they are putting forth and what information it provides to other people.
There are now any number of companies advancing these ideas: Self-sovereign identity is becoming a large industry. There are so many that the best way to talk about them is simply through an overview of the largest communities.
A variety of companies are closely aligning to the W3C specs, including members of the W3C-CCG (Credential Community Group) such as Digital Bazaar, which has persistently supported the work of Rebooting the Web of Trust; the Decentralized Identity Foundation is also working on creating a decentralized identity ecosystem, with leadership from Microsoft and Consensys; and the Linux Foundation is working on Hyperledger Indy with companies such as International Business Machines and Evernym.
It’s not just a large ecosystem, but a healthy one, with a number of different voices each suggesting different ways forward and with many new voices emerging.
Mind you, I think there’s still room for improvement.
I have always thought it was premature to tie DIDs too tightly to a methodology, especially to a specific ledger approach. That has become a point of contention as blockchain-based ledger technologies such as Bitcoin and Ethereum have been criticized for their transaction costs, energy usage and financial volatility. Fortunately, there’s already work being done to address that, via a rubric for evaluating the decentralization of DID methods.
I am also a little unsettled to see so much attention paid to Legally-Enabled Self Sovereign (LESS) Identity, and not nearly enough to Trust Minimized Identity, as I said in a talk just before the pandemic.
LESS Identity is focused on high-trust environments with real-world identity verification and is positioned for government acceptance; while Trust Minimized Identity is focused on defending human rights against powerful actors, and so has additional requirements for anonymity and is more likely to be built around peer-to-peer authentication.
It’s somewhat understandable that LESS Identity has received the most attention because it’s what businesses are more likely to need, and it still satisfies crucial self-sovereign principles such as enabling user control and allowing for minimum disclosure.
But Trust Minimized Identity was one of our major concerns when we first started talking about self-sovereign identity: Supporting the human rights of refugees, no matter where they are in the world, was one of our first and most crucial use cases, and LESS Identity won’t get us there.
In other words, there’s still a need for Trust Minimized Identity, and we must make sure that we don’t lock it out as an option as we progress on LESS Identity systems. We are doing a bit of trust-minimized work at Blockchain Commons with our did:onion method, but we have had the same trouble prioritizing it that everyone does – money is available for the LESS Identity approaches that are supported by progressive national governments, but not necessarily for trust-minimized solutions needed elsewhere.
Finally, we should remember that though DIDs and VCs may be a foundational architectural requirement to support many of the principles of self-sovereign identity, they are not themselves sufficient.
Technology can make it easier to manage electronic identity morally, but in order to ensure that principled foundation, we need to build privacy and the guarantee of human rights atop it, using cryptographic technologies such as blinding, selective disclosure, de-anonymization resistance and zero-knowledge proofs.
This is becoming particularly important today, when we are seeing DIDs and VCs being considered as the basis of vaccine credentials (aka “Immunity Passports”). The use of DID and VC technologies alone does not ensure that vaccine credentials fulfill the principles of self-sovereign identity; careful scrutiny is required to balance the needs of public health with the risks of those credentials being used for other, unintended purposes.
I became involved in the identity field in large part because I believe that identity can be a double-edged sword, usable for both beneficial and maleficent purposes.
To remain beneficial to its participants, an identity system must balance transparency, fairness and support of the common good with protection for the individual. Even with the use of DIDs and VCs, we must remain vigilant.
Despite these qualms, I am thrilled by how far self-sovereign identity has come in five years. I’m thrilled to have advocated for the term and to have suggested some principles and that these have found acceptance in our communities. I’m thrilled to have worked with folks from Rebooting the Web of Trust, from IIW, from W3C, from DIF, from Hyperledger Indy, and from any number of companies to advance these foundational ideas into a real industry, and I’m thrilled to see what comes next!
Blockchain Identity Market To Grow $3.58B By 2025, Report Claims
A new forecast for the global blockchain identity management market expects growth at a compound annual growth rate of almost 71% during 2021–2025.
A new report on the potential for blockchain identity management solutions to become integrated across sectors has forecast strong growth for its global market, at a compound annual rate of close to 71%.
The report grounds its predictions on a study broken down into segments by sector — e.g., government, healthcare, banking, financial services and insurance (BFSI), geography, and applications. It was published by the Lyon-headquartered market research solution provider ReportLinker.
Drawing on an analysis of several existing blockchain identity management market vendors — Accenture, Amazon, Bitfury Group, Civic Technologies and others — the report expects the total global market to grow by $3.58 billion between 2021 and 2025.
The study’s baseline assumption is that the market for blockchain identity management will continue to expand as the proliferation of online and cloud services and digitalization more broadly continue apace. As Cointelegraph has previously reported, the demand for more efficient, decentralized and privacy-respecting identity solutions has arisen in a vast array of diverse sectors, from public services to logistical and supply chain networks and all the way down to consumer wearables and other smart devices.
With increasing digitalization, a form of secure identity verification to access basic services — both public and private — online is quickly becoming an inescapable requirement; some have gone so far as to argue that privacy-preserving digital identity needs to be recognized as a basic right for all.
In tandem, with the global user base of social media networks now exceeding the 3.8-billion mark, some advocates have argued that blockchain offers the only adequate, equitable identity solution that can protect these users from threats such as data theft and privacy abuses.
Earlier this month, Ethereum co-founder and lead developer Vitalik Buterin pitched his vision of the future of the Ethereum network across a range of non-financial applications, singling out areas that included both decentralized social media and identity verification and attestation.