Why Microsoft is building a Bitcoin-based ID verification system
After more than a year in development, Microsoft has chosen Bitcoin as the blockchain platform for a decentralized identification (DID) verification system that will allow users to have secure access to an online persona via an encrypted database hub.
The implications of the new ID network could include the elimination of passwords. A company would be able to verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer could verify their identity for a loan without exposing personally identifiable information – again with a click of a button.
“We believe every person needs a decentralized, digital identity they own and control, backed by self-owned identifiers that enable secure, privacy preserving interactions,” Alex Simons, vice president of program management for Microsoft’s Identity Division, wrote in a Monday blog. “This self-owned identity must seamlessly integrate into their lives and put them at the center of everything they do in the digital world.”
A blockchain-based ID system relies on a digital wallet that serves as a repository for all kinds of personal and financial data – info that can only be shared after a specific request and only with the permission of the owner who holds the public key. (On a typical Bitcoin network, digital wallets store bitcoin currency.)
There are multiple vendors in the DID space that are either in the early research-and-development stage or are testing their products in pilot projects, according to Homan Farahmand, a senior research director with Gartner. Microsoft is by far the largest.
Microsoft’s Project ION (Identity Overlay Network) is an open-source, Layer 2 network that runs on top of the Bitcoin blockchain, an approach the company said will greatly improve the throughput of a DID system “to achieve tens of thousands of operations per second.”
One of Bitcoin’s inherent problems is its slow transactional performance and its inability to scale due to computer processing overhead; each node (computer) on a Bitcoin network gets a copy of the ledger in near-real time and a consensus mechanism requires nodes to verify the authenticity of new entries by solving a complex mathematical problem.
By using a sidetree (Layer 2 network) to offload processing overhead to an adjacent network, the main blockchain is freed from consensus requirements. On Microsoft’s Bitcoin platform, only a user’s hashed ID is rooted on the blockchain, while actual identity data is encrypted and stored in an off-chain ID Hub that Microsoft can’t see.
Bitcoin is not alone in exploring Layer 2 technology for increasing performance. Ethereum, another of the world’s most popular blockchain platforms, has been exploring Layer 2 protocols as well.
As it’s based on Bitcoin, ION will be a public, permission-less network anyone can use to create DIDs and manage their Public Key Infrastructure (PKI) state, Daniel Buchner, a program manager with Microsoft’s Identity Division explained. Unlike a permissioned blockchain – more typically aimed at business use cases – no one administers a public blockchain. The users on the network verify new blocks of data entered through a consensus mechanism.
Unlike monetary units and asset tokens, IDs are not intended to be exchanged and traded, which enables ION to achieve far greater scale without relying on additional Layer 2 consensus schemes, trusted validator lists, or special protocol tokens, Buchner explained.
All nodes of the network are able to arrive at the same PKI state for an identifier by applying deterministic protocol rules to chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via an Interplanetary File System (IPFS). That type of content address system is similar to the internet’s HTTP location-based system.
“There are many aspects of the protocol left to implement before it is ready for testing on Bitcoin mainnet. On low-powered consumer reference hardware we’ve observed tens of thousands of DID operations per second,” Simons wrote. “As with our previous announcements, we’re sharing our work as early as possible — rough edges and all — to start a conversation with the community and encourage collaboration.”
Over the past two years, Microsoft has been exploring how to use Blockchain and other distributed ledger technologies to create new types of digital identities designed to enhance personal privacy, security and control.
In developing ION, Microsoft has been working with the Decentralized Identity Foundation (DIF), a non-profit consortium whose members include other tech vendors such as IBM, NEC and RSA, as well as blockchain startups and large vertical industry firms such as Aetna and WeBank (China’s first online-only bank).
Between now and its launch, which will take months, Microsoft is asking open-source developers and members of the “identity community” to run through its code and help it log any bugs.
“In the coming months, we’ll work with open source contributors and members of identity community to prepare for a public launch of the ION network on Bitcoin mainnet,” Bushner wrote. “During this time, the project’s code will evolve rapidly and is best suited for use by experienced developers. If you’re not an experienced developer but would still like to interact with an ION node, we deployed an early preview build of ION on Azure.”