I appreciate your team's effort and Microsoft's intent with ION, as this is clearly a gap in the digital identity service value chain. I have some queries related to preserving privacy and control of users digital identity transactions over the blockchain network. Would appreciate you could take a look.
- Performance: ION is stated to overcome current throughput limitations over the blockchain network allows for tens of thousands of operations per second. Is it sufficient to meet the transaction volume of DIDs (Decentralized Identities) from billions of people and devices across the world?
- Control: It's not clear to me how users would be in complete control of their information on the bitcoin blockchain. For instance, my understanding is that the open network Public Key Infrastructure (PKI) secures the transaction by ensuring only authorized application/service providers with a public key will have access to user's personal identity, however,
- How does ION ensure that the shared personal identity information is being used by app/service providers for authorized purposes only?
- What happens after the purpose of the transaction is fulfilled? It's unclear how access to the identity data will be revoked once the purpose of that interaction is fulfilled.
- If for whatever reason, the authorized application/service provider still has access to user's personal information outside of the network then the user is no longer in control of that data anymore and it could become a privacy nightmare.
- I am assuming that once the transaction is authorized, user's personal identity gets shared with the designated service provider, who would be in possession of that information until explicitly asked to revoke following privacy regulations such as GDPR, CCPA.
- Security and reliability: Is there an effort to overcome the vulnerability of the bitcoin blockchain network to well-coordinated attacks that tend to take control over majority CPU power?
Thanks again for all the effort that is going into this initiative.
Microsoft