August 15, 2020

Market News

Microsoft ION – Self Sovereign Identities

Microsoft ION – beta version is online. The time has come when the physical world is united with the digital world. A time in which our consistently modern way of life makes it necessary to create a digital image of ourselves. Digital identities stand for verifiable identities in compliance with the highest security standards and the protection of privacy.

Microsoft ION on Bitcoin Blockchain

Detached from government entities, the blockchain can offer a technology that turns a vision into reality. Self-confident blockchain-based identities require decentralized identifiers. Companies and blockchain developers are therefore intensively researching options for the practical use of their applications.

Microsoft has also devoted itself to the possibilities of controlling personal data on the Internet and the digital world and developed the ION project. Motivated by the optimism of recent years, the researchers are convinced that decentralization will revitalize many aspects of digital life.

What started with optimism has meanwhile become the serious effort of the greats on the market to give people control over their digital identity and personal data. It's about globally unique identifiers in a variety of contexts, with data like this:

  • Email address
  • Username
  • ID numbers in passports or driving licenses, tax matters or health insurance
  • Product and serial numbers

The Blockchainwelt newsletter

Find out all the latest news from the blockchain world in a timely and convenient manner by email to your mailbox!
Guaranteed free & without spam!

Newsletter illustration


Digital identifiers for user identification

Technologically, this can not only be implemented at Microsoft ION with the so-called digital identifiers. While the previous central solutions depended on identifiers such as the e-mail address or the user name, the DIDs can be generated, managed and controlled by everyone.

This is also the approach of Microsoft ION, in which a technological method of decentralization is used against the current position of power of companies, governments or states. DIDs allow unique user identification, tied to a series of cryptographic keys and routing endpoints.

The creation of the DIDs is not very complex, but companies are faced with the challenge of creating a robust, decentralized and scalable network that does not require the use of trustworthy utility tokens, validation nodes or other mechanisms.

Every digital identity must be able to be seamlessly integrated into all everyday processes and, of course, be able to act in a highly interoperable manner. Microsoft ION uses the so-called Sidetree DID network protocol on the Bitcoin blockchain. With the Sidetree protocol, scalable DPKI networks can be created that run on any existing distributed ledger system.

Each of us needs a digital identity that belongs only to him and that stores all identity information securely and confidentially. This own identity must be easy to prove and ensure that everyone has full control over the access and use of their identity data. source

DPKI stands for Decentralized Public Key Infrastructure, i.e. a decentralized infrastructure that can issue, distribute and check digital certificates. Decentralized because it takes place in computer-aided communication without a central trust unit.

2-layer solution on Bitcoin blockchain

Currently available in beta, the alpha version is expected to follow this fall. ION stands for Identity Overlay Network and is described by the company as an open, approval-free second-layer network. In the long term, this should make the use of user names superfluous. When the Microsoft ION team has completed its development, each participant should be able to operate its own ION node in the network.

The second layer on the Bitcoin Blockchain is structured in such a way that data protection-friendly and decentralized applications act on the basis of universally encrypted messaging. Support in the form of nodes during the development of the beta version included:

  • Bitcoin self custody service
  • Casa , provider of Bitcoin self custody solutions
  • BitPay and
  • the Gemini stock exchange.

But the ION network is not only available for private users. Companies can also use it and create verifiable credentials, for example.

The main features of Microsoft ION are:

  • Control over your own identity
  • Data protection as a basic concept for the encrypted digital hub (ID hub)
  • Interact with user data without compromising privacy and control
  • Proof of identity in the decentralized system serves as a basis of trust
  • Applications and services with personalized experience through meaningful evidence
  • Minimize compliance risks
  • Open interoperable standards for decentralized identities
DID architecture, source

The key components of Microsoft ION

Decentralized identifiers enable a verifiable, decentralized digital identity and thus identify every subject, such as a person, an organization, an object or a data model. DIDs are designed so that they can function decoupled from central registers, identity providers and certification bodies.

These are URLs, Uniform Resource Locators, which link a DID subject to a DID document and thereby enable trustworthy interactions with this subject. Each DID document can express cryptographic material, verification methods, or service endpoints that provide a number of mechanisms by which a DID controller can demonstrate control over the DID. However, a DID document may also contain semantics on a topic that it identifies.

Identity hubs

They allow users to save and share data securely. The data store contains semantic data objects. Each object is signed with an identity and accessible via a globally recognized API format that is explicitly suitable for semantic data objects. A global namespace manages the unique identifiers by which hubs can be addressed. As a result, each entity can own one or more instances of a hub.

The owner of the data can access this data and documents from anywhere, even if they are offline. The synchronization takes place between the hub instances without the general ledger in the ledger. The ID Hub is an encrypted identity store for verification purposes. It also offers computing endpoints and message / intent relay.

Universal DID resolver

This tool allows the resolution of identifiers, whereby ION works with self-confident identifiers instead of domain names. These identifiers are created and registered by the entities and form the basis for every identity and communication system. While every identifier was previously assigned by a company or state level, the Universal DID resolvers allow completely self-confident architectures and protocols.

This eliminates the need for a central authority. The central task of this resolver is to retrieve the identification information. This includes the cryptographic keys and the service endpoints. Blockchain developers can deploy the Universal Resolver on a local computer by cloning a Github repository. This is here to find.

Today's digital identity landscape is patchy, inconsistent and what works in one country often doesn't work in another. We have the ability to establish a system that puts people first and in control of their identity information and what it is used for, said Ajay Bhalla, president of cyber and intelligence solutions at Mastercard, source

Verifiable credentials

This specification provides a mechanism by which the login information can be expressed on the web in a cryptographically secure manner, in compliance with data protection law and in a machine-checkable manner. Understanding credentials in the physical world is easy, but much more difficult in the digital world. The machine-readable checking of certificates, educational qualifications or financial accounts on the web, for example, has not yet been reliably possible.

The difficulty is that the credentials cannot already be expressed on the web and that we do not currently have the same advantages as in the physical world. The goal is to build an ecosystem with verifiable credentials and presentations of documents and receipts.

However, it is important that the verifiable credential contains the same information as a physical credential. This will be made possible in the future by digital signatures that use tamper-proof and trustworthy technologies and thus represent the physical counterpart of the previous login information. A clear advantage is that they are characterized by trust even at a distance.

Microsoft ION Alpha in fall 2020

On the way to its final version, the switch to the Bitcoin Mainnet is important and correct. Microsoft ION plans to use the next few months until the release of the alpha version primarily to expand the community of early adapters, code contributors and node operators. The protocols are also intended to improve the ION reference implementation . Further use cases are to be developed via hackathons.