Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
ION – We Have Liftoff!
Published Mar 25 2021 09:00 AM 130K Views
Microsoft

ION – We Have Liftoff!

 

Four years ago, we started a journey to help develop and advance decentralized identity, an emerging form of identity technology that empowers individuals and creates new business capabilities. Our goal is to put individuals, organizations, and other entities at the center of the apps, services, and digital exchanges that increasingly play a pivotal role in our lives. Among all the technical development required to deliver decentralized identity, none is more important than Decentralized Identifiers (DIDs).

 

DIDs are identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company), and exist independently of any external organization or trusted intermediary. Without DIDs, you can’t have a vibrant, interoperable decentralized identity and application ecosystem. Early on we recognized the existence of a secure, scalable DID implementation was a prerequisite for the kinds of applications and services we wanted to offer, so in 2019 we set out to build one.

 

We are excited to share that v1 of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well. ION does not rely on centralized entities, trusted validators, or special protocol tokens – ION answers to no one but you, the community. Because ION is an open, permissionless system, anyone can run an ION node, in fact the more nodes in operation, the stronger the network becomes. Development of ION, and the Sidetree standard ION is based on, takes place in the Decentralized Identity Foundation (DIF). Read on to learn how you can integrate ION, DIDs, and Verifiable Credentials in your applications and services.

Learn more about ION here: https://identity.foundation/ion/

 

Picture1.png

 

Use ION DIDs

Creating an open, public, permissionless DID implementation that runs at massive scale, to the tune of thousands of operations per second, while maintaining decentralization and security was a long road – now it’s time to drive adoption. To help get DIDs into the hands of users and enable developers to easily integrate ION DIDs in wallets, decentralized apps, and credential-related services, we have contributed an open source library for generating DIDs and have opened up our ION node to provide a no-hassle option for anchoring ION DIDs:

Generate ION DIDs and keys – the high-level ION.js helper library is the easiest way to start generating ION DIDs as fast as possible: github.com/decentralized-identity/ion-tools (ION.js library).

An example of generating an ION DID with the ION.js library:

 

Picture2.png

 

Use the lower-level SDK – access a larger set of ION-related APIs that provide more granular functionality: github.com/decentralized-identity/ion-sdk (TypeScript/Node)

 

Anchor DIDs you generate – easily anchor your DIDs via our ION node, without having to interact with a cryptocurrency wallet or run an ION node locally: github.com/decentralized-identity/ion-tools

[ NOTE: ownership of your DIDs is based on keys you generate locally, and all ION operations are signed with those keys, so even if you use our node for anchoring DID operations (or any other node), you are always in sole control. ]

 

Run an ION node

Running an ION node provides the fastest lookup of ION DIDs, the highest level of security when interacting with ION DIDs, and ensures you can always resolve ION DIDs without depending on intermediaries. There are two options for running an ION node:

 

  1. Run the Dockerized version of ION: https://github.com/decentralized-identity/ion/tree/master/docker (provides an option to connect to an existing Bitcoin node)
  2. Install a node natively on your machine: https://identity.foundation/ion/install-guide/

 

Lookup ION DIDs

You can resolve ION DIDs to view their keys and routing endpoints using the ION Explorer interface: https://identity.foundation/ion/explorer/. This dashboard (which you’ll soon be able to run against your own local ION node) is being built-out with more views and tools as we speak, and will eventually contain interfaces to help operators monitor their local ION nodes.

 

pic3.png

 

 

Leverage ION DIDs today

Here are a few ways you can use ION DIDs right now:

  1. If you are a business or organization, sign up for the public preview of the Azure AD Verifiable Credential service: http://aka.ms/vcpreview
  2. Explore integrating OpenID Connect Self-Issued for DIDs to authenticate with sites, apps, and services that implement the draft specification: https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md
  3. Create a DID for yourself or your company and cryptographically link it to Web domains you control, using the DIF Well-Known DID Configuration specification: https://identity.foundation/.well-known/resources/did-configuration/.
  4. Use a DID to issue Verifiable Credentials, which are digital proofs that can be used to represent just about any verifiable assertion or asset, such as diplomas, membership cards, event tickets, etc. 

 

ION’s core protocol has been standardized

Along with ION reaching v1, so too has the protocol at its core: Sidetree. Sidetree is a specification developed alongside many others at the Decentralized Identity Foundation (DIF) that enables scalable DID networks (i.e. ION, Element, Orb) to be built atop any decentralized event record system (e.g. blockchains). We would like to thank the following collaborators who have worked on specs, contributed code, or provided feedback during this process:

 

 

This work would not have been possible without the contributions of folks like Orie Steele of Transmute and Troy Ronda of SecureKey, who played key roles in shaping the Sidetree specification, our colleagues in Microsoft Research, as well as Dietrich Ayala and the Protocol Labs team, who helped integrate IPFS as the P2P file replication protocol used in ION.

 

Open source development and codification of standards is essential to the creation of a vibrant decentralized identity ecosystem. If you are a developer or organization interested in contributing to the Sidetree specification, ION’s open source code, or any other work underway in this area, we encourage you to join the Decentralized Identity Foundation (DIF) and its Sidetree Development & Operating Group. This group is the primary place where contributors meet to discuss various technical and operational aspects of ION and the general Sidetree protocol.

 

Beyond v1

With ION v1 out the door, we will be turning our attention toward optimizing the ION node implementation and adding other important features, such as:

  • Deliver a light node configuration, making node operation easier for low-resource devices.
  • Add tooling and support for Ed25519 and BLS12-381 keys
  • Enable optimistic operation ingestion for transactions still in the mempool (reduces time to resolution)
  • Codify an initial set of DID type tags (used in tagging DIDs as IoT devices, software packages, etc.)
  • Enable querying of ION’s decentralized DID directory based on DID type – for example: once organizations and businesses establish DIDs, you will be able to fetch all DIDs typed as OrganizationLocalBusiness, etc., to build a decentralized directory. You will also be able find all DIDs of types like SoftwareSourceCode, to create decentralized code package and app registries. (NPM? How about DPM)

 

While launching v1 of ION is a significant milestone, we’re still in the early phases of this journey. We have a lot left to do before we can fully realize a better, more trustworthy, more decentralized Web that empowers every person and every organization on the planet to achieve more.


Daniel Buchner
Decentralized Identity, Microsoft

20 Comments
Microsoft

History will remember this fondly. Congrats.

Copper Contributor

I wonder if this is IBC and eris-db compliant?

Copper Contributor
Spoiler
Congratulations! I'll start testing shortly.
Copper Contributor

What is the status of Element (support for Ethereum)?  Are you working on support for that too, or just Bitcoin?

Thanks!

Copper Contributor

I am curious... why did you choose to build this on top of the Bitcoin chain, when you have options like Ethereum, which seems much better suited. 

Copper Contributor

Good for decentralized world. I think ION and Kevacoin are doing the same thing in the same way. Kevacoin is a key-value data store on blockchain, providing easy yet powerful decentralized data storage, peer-to-peer and open source too. Everyone could get a permanent decentralized number ID to add any blockchain addresses and other datas. It is possiable to use ION DIDs on blockchain too.

Microsoft

@-KLYE-: I am only loosely familiar with IBC, but it bears mentioning again that ION is not itself a blockchain, so I am not sure if IBC is as relevant for such a system.

Microsoft

@cryptochrome: Bitcoin is simply a more secure system than any other blockchain, and has stood the test of time in a highly adversarial environment. ION does not require any complex smart contract functionality, just embedding hashes into the chain, so we put strength of the network, security, and minimized attack surface first when selecting it.

Copper Contributor

@csuwildcat that is simply not true. Bitcoin's security stems from proof of work, which today is VERY concentrated in the hands of a few major mining corporations (who could easily launch a 51% attack, if they wanted, or could flood the network with empty blocks, if they wanted). Ethereum's security is *at least* on par with that of Bitcoin and will only increase when ETH2 is launched and switched to proof of stake. 

 

This is most likely not the reason why Microsoft chose Bitcoin. I hope they will elaborate on this. 

 

Copper Contributor

I just hope that microsoft, converts at least 10% of their accounting balance sheets into bitcoins, if they are going to use the technology at least they help with some capital, thanks

Copper Contributor

@cryptochromeYou are wrong. Ethereum is by no means more secure than Bitcoin. To answer your false claims:

1. Bitcoin mining is in the hands of a few major mining POOLS (not corporations in a classical sense), which also thanks to Stratum V2 do not have power over their participants

2. Bitcoins security is not only based on the miners but on the nodes as well (good luck setting up an Ethereum-full (archive) node

3. PoS will lead to more centralization, which many studies and current live PoS projects clearly show

 

Further why Bitcoin is way more secure than Ethereum:

 

1. Bitcoin runs for 10 years with no major exploits (unlike ETH)

2. Bitcoin doesn't have a person with big influence over the network (no Vitalik)

3. Bitcoin allows running a full node for 100$

 

Microsoft knows what they are doing!

Copper Contributor

@JayOkocha 

 

Sorry friend, but you are pretty misinformed. 

BTC mining operations are extremely concentrated with mining companies, just as I said. Yes, there are large pools, but the majority of the hashrate is coming from just 5 companies, all of which are in China. They control 49% of the global hashrate. China overall controls 65% of the global hashrate. The remaining 35% are mainly spread across the US, Russia and Kazahkstan, as well as Iran. Some of those 35% are pools, not all of it. 

https://www.statista.com/statistics/1200477/bitcoin-mining-by-country/

https://www.bloomberg.com/news/articles/2020-01-31/bitcoin-s-network-operations-are-controlled-by-fi...

It has become a real problem. 

PoS may lead to concentration in some cases, but it is not the case with Ethereum, which the statistics for the ETH2 Beacon Chain clearly show. There are literally thousands of decentralized pools to create validator nodes, and unlike ETH's mining operation, which suffers the exact same issue as BTC (concentration, primarily China), the ETH2 validator pools on the beacon chain are very decentralized. 

We can argue over the details all day long, and I am sure we will each find correct arguments. But saying that Bitcoin is way more secure than other chains is an outdated myth. Bitcoiners, especially the maximalist types, need to finally open their eyes. 

Copper Contributor

@cryptochrome 

 

They said bitcoin first is better. It is a good choice because this will help all bitcoin codes fork blockchains to test ION.  and there will be second, third...too.

 

I think ION is as same as ElectrumX, any blockchain or distributed ledgers could use ION to create DIDs. 

 


Sidetree is a protocol for creating scalable Decentralized Identifier networks that can run atop any existing decentralized anchoring system (e.g. Bitcoin, Ethereum, distributed ledgers, witness-based approaches) and be as open, public, and permissionless as the underlying anchoring systems they utilize. 

 

Copper Contributor

@cryptochrome 

Sorry, but you´re not right! A 51% attack isn´t so easy and it is much to expensive. Why should a miner do this? To kill his own business? To destroy Bitcoin? (The mining e.g. in China was forbidden, but the miners were still mining!)  A 51% Attack is puplished within seconds (because everyone can follow the network from everywhere)  and in this (impossible) case the honest users and miners can react (fork!)!

Bitcoin is the safest, decentraliced P2P Network (no central Identities) in the world and Microsoft says this in its ION-paper... Ethereum  isn´t as safe, because it´s Proof of Stake and in PoS, the identities can manipulate the chain- because they are IDENTITIES! 

Sorry, that´s reality ;)

Copper Contributor

@Timbo155 Ethereum is not PoS. It will be PoS when ETH2 launches in about 18-24 months. Right now, it's PoW, just like Bitcoin. 

As for the 51% attack, I am not saying they will do it (they would be crazy), I am saying they could do it. What do we know of those 5 chinese companie that already control 49% of the global hashrate? Very little. But we do know that China is an adversary of the US. I don't want to sound the conspiracy theory alarm bells, but anyone ignoring this is pretty naive. That about 15% more of the hash rate is also concentrated in China and another 15% in Iran and Kasahkstan doesn't make this any better. That's 80% of Bitcoin's global hash rate in the hands of countries that the US is in trade wars with, sanctions, etc. 

 

But as I said earlier, we can discuss the details of which chain is better or more secure until we fall off our chairs (like so many others already did before us). The point is: Microsoft did not state anywhere why they chose Bitcoin over any other chain. I was just curious about the reason (and I don't think it has anything to do with BTC allegedly but not evidently being the most secure chain). 

 

Copper Contributor

@cryptochrome 

Bitcoin isn't perfect. decentralisation and security are probabilistic so we will never reach 100%

Nothing comes closer to 100% then bitcoin though. Your arguments have been debunked many times but they seem to keep popping back up whenever a bull market attracts new people (and scammers looking to profit of them via altcoins).  https://jimmysong.medium.com/debunking-the-empty-block-attack-10513858b3f8?postPublishedType=initial

 

Now for ethereum, all you have to do is look at the weakest link: the full archival node! 

There are ca. 4 left. Infura is the most important full archival node operator. When they went down, ethereum went down.

https://cryptobriefing.com/infura-outage-sparks-debate-over-ethereums-decentralization/

 

It turns out that inflating blocks with massive amounts of data creates irreversible centralisation. Bitcoin developers were ridiculed when they fought to keep the blocks small. Ethereum now proves that they were right.

 

Bitcoin mining is getting more decentralised so it is being solved. Ethereum's problems look far less likely to be solved.

 

 

Copper Contributor

@nomofiat 

Not sure why you have to get personal and make baseless assumptions as to me being "new to crypto". We've been discussing this topic in a fairly objective fashion until you popped in. Just for the record, I bought my first Bitcoin in 2013, so I am hardly new. Does that mean I know everything and I am correct all the times? No.

 

I was not wrong however in my opinion that BTC is not necessarily the most secure blockchain and I have given different arguments to make my point. Here are some more:

 

1. Bitcoin chain is susceptible to routing attacks, where large ISPs could split the bitcoin network into fragments by hijacking BGP ASes. It also allows for delay and partition attacks. This has been well researched and you can read up on it here, for example:

 

2. Furthermore, we have numerous successful double-spend attacks on record, the last one documented in 2019 (read the “Unconfirmed Transaction Attacks" paragraph:


https://www.gemini.com/cryptopedia/double-spend-attacks-bitcoin

 

Does any of this mean I don't like Bitcoin? No, to the absolute contrary (it's by far the largest position in my portfolio). So there is no need to get all defensive just because I have a slightly less rose tinted opinion about its security.

 

Yes, Etherrum has its issues too, nobody is denying that. They are being worked on as we speak. 

 

And I repeat myself again: I am not really interested in hearing Bitcoin maximalist's rose tinted opinions on how their favorite crypto is the best in the world (we can discuss this for hours without coming to a conclusion). I wanted to hear - from Microsoft - why they chose Bitcoin over something else. No one here but Microsoft can answer that. All you can do is make assumptions, and I am not interested in those. 

 

Copper Contributor

Is it possible to generate/order a personal ION ID? If not yet, when might this be possible?

Copper Contributor

I know this post was two years and it is still useful even today for those one what wants to learn DID and Ion.

One question is about the DID registration. I use the sample code from https://github.com/decentralized-identity/ion-tools

// Generate and publish create request to an ION node
let createRequest = await did.generateRequest(0);
let anchorResponse = await anchor(createRequest);
console.log(anchorRequest)

in my local, and the execution succeeds. It print did document.

Previously I am capable of query the DID document via the DID URI embeded in the print log. but one day, i am no longer able for this, all are 404.

 

I also post his question in https://stackoverflow.com/questions/76574466/unable-to-query-did-document-from-register-after-creati...

with more information and if you can have tips or suggestion, it would be helpful. Thanks in advance.

 

Co-Authors
Version history
Last update:
‎May 18 2023 10:15 AM
Updated by: