Microsoft builds DID System based on Bitcoin Network helping to make decentralized identity a reality

During the last week, Microsoft released an early preview of a new Decentralized Identity Overlay Network (DID) called ION (Identity Overlay Network) that anyone can use to create Decentralized Identities (DIDs) and manage their public key infrastructure (PKI) status using a dedicated public network running on the blockchain. The design goal of is to create a decentralized offering based on Bitcoin that can also meet the scale and performance requirements needed to make DID a reality.

Although Microsoft ION is not the first decentralized identity product in the industry, Microsoft's move has the potential to affect the entire technology industry. In part, because many enterprises are using Microsoft’s infrastructure and products today and if Microsoft can promote the widespread use of decentralized identity by integrating DID functions into Microsoft’s infrastructure and consumer products.

Prior to this, two organizations had been working to make DID a reality. The Decentralized Identity Foundation (DIF) and the World Wide Web Consortium (W3C). As of today, the W3C has begun to formulate the decentralized ID (DID) specification currently in draft 1.0 and are supported by early industry leaders such as ArcBlock, uPort, Civic, and Sovrin who have all launched DID solutions around the draft W3C DID specification.

The W3C’s work is important for the industry because if W3C DID standard is formed, it means that even if each companies identity systems are different they still use some common components allowing for of the offerings to be "interconnected" with each other ensuring that any user using a W3C compliant wallet or identity system can use and access any other W3C compliant identity system ensuring an improved user experience and adoption across different industries, use cases and more.

In the past identity systems from Google, Facebook and others are all proprietary and designed not to interact with each other, but instead are created to hook users into a single platform to help aggregate data about that user for the benefit of the company. With these new interconnected systems, a user can move freely through the different systems and maintain control over their data the entire time.

As an example, if a user is utilizing ArcBlock’s recently released ABT Wallet that is building using the open W3C compliant “DID:ABT,” assuming Microsoft's identity service follows the standard any user that leverages ABT Wallet can instantly and directly access Microsoft's service without additional registration, as well as using the original DID-based Verifiable Claims such as certificates and bills obtained through ArcBlock’s identity framework. The reverse is also true for anyone using a Microsoft enabled identity app or service.

Back in February 2018, Microsoft announced that it would make decentralized identity a priority for the company's overall blockchain strategy. In October 2018, Microsoft published a White Paper titled "Decentralized Identity". To summarize, Microsoft's position expressed in the white paper is basically the same as that in the industry - “today, when digital life and the physical world are constantly blending, everyone needs a controlled, decentralized digital identity, supported by their own identity identifiers, which can carry out secure and private interactions. This autonomous identity must be seamlessly integrated into people's lives and placed at the centre of their activities in the digital world.”

Microsoft has also revealed that they view decentralized identity as a way to further strengthen their position in the cloud computing market. It hopes to upgrade its existing cloud identity system so that any individual organization and device can fully control their digital identity and data - what to share, who to share with, and when necessary, to take it back completely under its own control. To realize this vision individuals will need a secure, encrypted digital center where they can store their identity data and easily manage their online profiles and service that they access, and this is opposite view of how most users access online services today where a user grants extensive licenses to numerous Internet applications and services who in turn disseminate/sell their identity data to whomever they choose. Of course, there are other companies attempting to do something similar. Today, Sovrin has become a pioneer of enterprise-level solutions for the Hyperledger Indy project giving enterprises the ability to immediately use “open source” identity services. Similarly, the DID:ABT protocol from ArcBlock and the underlying framework of blockchains are completely interconnected, and in fact is the first bottom-up scheme to support DID in the industry.

Microsoft first introduced its DID technology infrastructure framework in the white paper (see figure above), which consists of the following seven technology modules:

1. W3C Decentralized Identity (DIDs): Identity created, owned and controlled by users independently of any organization or government. According to the annotations made by W3C, DID is the only identifier in the world. It links to the metadata of the Decentralized Public Key Infrastructure (DPKI). The metadata consists of DID documents containing public key materials, authentication descriptors and service-side.
2. Decentralized systems (e.g. blockchains and distributed accounts): The feasibility of DID ultimately needs to be built on a decentralized system. Block -chain technology provides the mechanism and functions required by DPKI. This is also the reason why DID becomes technically viable only after blockchain technology emerges.
3. DID User Agent: To enable real-life users to use decentralized identity applications, help DIDs create, data and privilege management, and signature verification DID-related declarations.
4. Global DID parser: Using a set of DID drivers provides a standard way to find and parse various DID implementations across decentralized systems. For example, did at the beginning of did: abt, where abt indicates that this is the DID provided by ArcBlock, so the technology provider of DID can be located by global DID parsing. his is one of the keys to the interconnection of DIDs.
5. Identity Center: A replicable grid for encrypted storage of personal data, consisting of cloud and edge instances such as mobile phones, computers or smart speakers, facilitates the storage and interaction of identity data.
6. DID authentication: An authentication protocol based on DID. This may be the first way that DID technology is perceived by end users when it comes to the ground, that is, DID can be used to login various services supporting DID.
7. Decentralized applications and services: DIDs combined with personal identity data storage centers can create new applications and services that store data in user identity centers and operate within authorized scope.

Microsoft has made it clear in their white paper that it wants to work with the community to actively develop a blockchain network that supports a DID implementation, and plans to develop a wallet-like application as a user agent for managing DIDs and related data. So far, the recently released ABT Wallet released and apps from Civic and uPort are the only DID-based Wallet products in the market. Six months after the publication of the white paper, Microsoft delivered the first version of ION becoming the first large enterprise with actual technology products in the field of decentralized identity.

Microsoft’s ION is an open public network based on the open source protocol Sidetree, which runs on bitcoin. Most of the code is composed of common components defined by the Sidetree protocol including Sidetree’s core logic module, read/write adapter of the targeted blockchain, and content addressing storage protocol that can replicate data between nodes. ION can anchor tens of thousands of DID/PKI operations on Bitcoin using a single chain transaction. The transaction is encoded with a hash, and the ION node uses hash to obtain, store and replicate related DID batches through the IPFS distributed storage protocol. Unlike virtual currency assets, identity cannot be exchanged and traded, so the network does not need a separate consensus mechanism, main chain or side chain. Nodes can acquire, process and assemble DID states in parallel, and their aggregation capability allows them to run at the speed of tens of thousands of operations per second. At present, the main difference between other DID implementations and ION is how the data is carried on the blockchain. For example, Hyperledger Indy (Sovrin) is a method called "Public Permissioned Chain" that requires the use of its block chain technology for ID. ArcBlock's DID technology implants the foundation of DID into its Forge development framework and SDK, which enables any chain and application based on its framework to have the ability to support DID. There are chains dedicated to DID in its ABT network.

In short, as one of the biggest and most successful enterprises in the global IT industry, Microsoft's support for DID is something that will move the identity industry forward. It can take the lead in supporting the industry's open standards and has the potential to transform how people interact with services, apps, devices and more. As a pioneer and innovator of DID exploration, ArcBlock will work with Microsoft in the future to further build the infrastructure of the future information society.