ION – We Have Liftoff!

Four years ago, we started a journey to help develop and advance decentralized identity, an emerging form of identity technology that empowers individuals and creates new business capabilities. Our goal is to put individuals, organizations, and other entities at the center of the apps, services, and digital exchanges that increasingly play a pivotal role in our lives. Among all the technical development required to deliver decentralized identity, none is more important than Decentralized Identifiers (DIDs).

DIDs are identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company), and exist independently of any external organization or trusted intermediary. Without DIDs, you can’t have a vibrant, interoperable decentralized identity and application ecosystem. Early on we recognized the existence of a secure, scalable DID implementation was a prerequisite for the kinds of applications and services we wanted to offer, so in 2019 we set out to build one.

We are excited to share that v1 of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well. ION does not rely on centralized entities, trusted validators, or special protocol tokens – ION answers to no one but you, the community. Because ION is an open, permissionless system, anyone can run an ION node, in fact the more nodes in operation, the stronger the network becomes. Development of ION, and the Sidetree standard ION is based on, takes place in the Decentralized Identity Foundation (DIF). Read on to learn how you can integrate ION, DIDs, and Verifiable Credentials in your applications and services.

Learn more about ION here: https://identity.foundation/ion/

Use ION DIDs

Creating an open, public, permissionless DID implementation that runs at massive scale, to the tune of thousands of operations per second, while maintaining decentralization and security was a long road – now it’s time to drive adoption. To help get DIDs into the hands of users and enable developers to easily integrate ION DIDs in wallets, decentralized apps, and credential-related services, we have contributed an open source library for generating DIDs and have opened up our ION node to provide a no-hassle option for anchoring ION DIDs:

Generate ION DIDs and keys – the high-level ION.js helper library is the easiest way to start generating ION DIDs as fast as possible: github.com/decentralized-identity/ion-tools (ION.js library).

An example of generating an ION DID with the ION.js library:

Use the lower-level SDK – access a larger set of ION-related APIs that provide more granular functionality: github.com/decentralized-identity/ion-sdk (TypeScript/Node)

Anchor DIDs you generate – easily anchor your DIDs via our ION node, without having to interact with a cryptocurrency wallet or run an ION node locally: github.com/decentralized-identity/ion-tools

[ NOTE: ownership of your DIDs is based on keys you generate locally, and all ION operations are signed with those keys, so even if you use our node for anchoring DID operations (or any other node), you are always in sole control. ]

Run an ION node

Running an ION node provides the fastest lookup of ION DIDs, the highest level of security when interacting with ION DIDs, and ensures you can always resolve ION DIDs without depending on intermediaries. There are two options for running an ION node:

1. Run the Dockerized version of ION: https://github.com/decentralized-identity/ion/tree/master/docker (provides an option to connect to an existing Bitcoin node)
2. Install a node natively on your machine: https://identity.foundation/ion/install-guide/

Lookup ION DIDs

You can resolve ION DIDs to view their keys and routing endpoints using the ION Explorer interface: https://identity.foundation/ion/explorer/. This dashboard (which you’ll soon be able to run against your own local ION node) is being built-out with more views and tools as we speak, and will eventually contain interfaces to help operators monitor their local ION nodes.

Leverage ION DIDs today

Here are a few ways you can use ION DIDs right now:

1. If you are a business or organization, sign up for the public preview of the Azure AD Verifiable Credential service: http://aka.ms/vcpreview
2. Explore integrating OpenID Connect Self-Issued for DIDs to authenticate with sites, apps, and services that implement the draft specification: https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md
3. Create a DID for yourself or your company and cryptographically link it to Web domains you control, using the DIF Well-Known DID Configuration specification: https://identity.foundation/.well-known/resources/did-configuration/.
4. Use a DID to issue Verifiable Credentials, which are digital proofs that can be used to represent just about any verifiable assertion or asset, such as diplomas, membership cards, event tickets, etc. 

ION’s core protocol has been standardized

Along with ION reaching v1, so too has the protocol at its core: Sidetree. Sidetree is a specification developed alongside many others at the Decentralized Identity Foundation (DIF) that enables scalable DID networks (i.e. ION, Element, Orb) to be built atop any decentralized event record system (e.g. blockchains). We would like to thank the following collaborators who have worked on specs, contributed code, or provided feedback during this process:

• Transmute (Element)
• SecureKey (Orb)
• Mattr
• Workday
• Protocol Labs (IPFS)
• NCR
• Casa
• Gemini
• BitPay
• Consensys
• Spruce
• Cloudflare

This work would not have been possible without the contributions of folks like Orie Steele of Transmute and Troy Ronda of SecureKey, who played key roles in shaping the Sidetree specification, our colleagues in Microsoft Research, as well as Dietrich Ayala and the Protocol Labs team, who helped integrate IPFS as the P2P file replication protocol used in ION.

Open source development and codification of standards is essential to the creation of a vibrant decentralized identity ecosystem. If you are a developer or organization interested in contributing to the Sidetree specification, ION’s open source code, or any other work underway in this area, we encourage you to join the Decentralized Identity Foundation (DIF) and its Sidetree Development & Operating Group. This group is the primary place where contributors meet to discuss various technical and operational aspects of ION and the general Sidetree protocol.

Beyond v1

With ION v1 out the door, we will be turning our attention toward optimizing the ION node implementation and adding other important features, such as:

• Deliver a light node configuration, making node operation easier for low-resource devices.
• Add tooling and support for Ed25519 and BLS12-381 keys
• Enable optimistic operation ingestion for transactions still in the mempool (reduces time to resolution)
• Codify an initial set of DID type tags (used in tagging DIDs as IoT devices, software packages, etc.)
• Enable querying of ION’s decentralized DID directory based on DID type – for example: once organizations and businesses establish DIDs, you will be able to fetch all DIDs typed as Organization, LocalBusiness, etc., to build a decentralized directory. You will also be able find all DIDs of types like SoftwareSourceCode, to create decentralized code package and app registries. (NPM? How about DPM)

While launching v1 of ION is a significant milestone, we’re still in the early phases of this journey. We have a lot left to do before we can fully realize a better, more trustworthy, more decentralized Web that empowers every person and every organization on the planet to achieve more.

Daniel Buchner
Decentralized Identity, Microsoft