On February 12, 2018, Microsoft announced that it would use its blockchain to develop Decentralized IDs. I’m going to write about why a big company like Microsoft is trying to develop these dApps and what they mean.
1. Original Text
: Decentralized Digital Identities and Blockchain–The Future as We See It
1) What we see
Alex Simons from Microsoft Identity Division publishes a post called Decentralized Digital Identity and Blockchain – The Future as We See It through an MS blog. Modern society is undergoing digital change in which the digital and physical societies intertwine with each other. That is why we argue that there should be a new model for digital IDs to improve people’s privacy and security.
They say their cloud identity system has already helped hundreds of millions of people work, play and achieve more. Microsoft, however, says that even without the current identity, billions of people dream of a world where they can raise children, start businesses, and improve their quality of life. And to do this, each individual should be able to store and control their identity data directly (without ever having to agree constantly before using a service or transfer ID data to a service provider).
“Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.”
2) What we’ve learned
MS points out the problems of the identification system so far, and explains why DIDs are necessary.
(1) Own and control your Identity
In order for users to use an application or service today, a wide range of agreements on the collection, use and storage of their identity are required. However, given the frequent and sophisticated data leakage and identity theft, users need a means to preserve their identity. And it is deemed that blockchain technology and protocols are suitable for implementing decentralized IDs.
(2) Privacy by design, built in from the ground up
Today, apps, services, and organizations deliver convenient, predictable, tailored experiences that depend on control of identity-bound data. We need a secure encrypted digital hub (ID Hubs) that can interact with user’s data while honoring user privacy and control.
(3) Trust is earned by individuals, built by the community.
Traditional identity systems are mostly geared toward authentication and access management. A self-owned identity system adds a focus on authenticity and how community can establish trust. In a decentralized system trust is based on attestations: claims that other entities endorse – which helps prove facets of one’s identity.
(4) Apps and services built with the user at the center.
Some of the most engaging apps and services today are ones that offer experiences personalized for their users by gaining access to their user’s Personally Identifiable Information (PII). DIDs and ID Hubs can enable developers to gain access to a more precise set of attestations while reducing legal and compliance risks by processing such information, instead of controlling it on behalf of the user.
(5) Open, interoperable foundation.
To create a robust decentralized identity ecosystem that is accessible to all, it must be built on standard, open source technologies, protocols, and reference implementations. For the past year we have been participating in the Decentralized Identity Foundation (DIF) with individuals and organizations who are similarly motivated to take on this challenge. We are collaboratively developing the following key components:
– Decentralized Identifiers (DIDs) – a W3C spec that defines a common document format for describing the state of a Decentralized Identifier
– Identity Hubs – an encrypted identity datastore that features message/intent relay, attestation handling, and identity-specific compute endpoints.
– Universal DID Resolver – a server that resolves DIDs across blockchains
– Verifiable Credentials – a W3C spec that defines a document format for encoding DID-based attestations.
(6) Ready for world scale
To support a vast world of users, organizations, and devices, the underlying technology must be capable of scale and performance on par with traditional systems. Some public blockchains (Bitcoin [BTC], Ethereum, Litecoin, to name a select few) provide a solid foundation for rooting DIDs, recording DPKI operations, and anchoring attestations. While some blockchain communities have increased on-chain transaction capacity (e.g. blocksize increases), this approach generally degrades the decentralized state of the network and cannot reach the millions of transactions per second the system would generate at world-scale. To overcome these technical barriers, we are collaborating on decentralized Layer 2 protocols that run atop these public blockchains to achieve global scale, while preserving the attributes of a world class DID system.
– As you all know, it may be pointing to Bitcoin Cash (BCH).
(7) Accessible to everyone
The blockchain ecosystem today is still mostly early adopters who are willing to spend time, effort, and energy managing keys and securing devices. This is not something we can expect mainstream people to deal with. We need to make key management challenges, such as recovery, rotation, and secure access, intuitive and fool-proof.
3) Our next steps
As a next step we will experiment with Decentralized Identities by adding support for them into to Microsoft Authenticator. With consent, Microsoft Authenticator will be able to act as your User Agent to manage identity data and cryptographic keys. In this design, only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can’t see) encrypted using these cryptographic keys.
Once we have added this capability, apps and services will be able to interact with user’s data using a common messaging conduit by requesting granular consent.
2. Why MS develops DID: practical importance of decentralized identity authentication
Current Internet technology is useful for sharing neutral information, but there is a big limitation in sharing information that contains value. And the information that contains the most important value in real life is the information about identity. If someone else can copy my identity, it means that my presence in the Internet environment can be copied indefinitely. If this is the case, the replica will be able to control the original financial account and use the public service without hesitation. For this reason, sharing identity information in the current Internet environment will require a certificate certified by a ‘trusted third party organization (TTP). The fact that I am ‘real me’ is proved by a third party. Taking this into consideration, you will see why government sites, financial applications, etc., require a public certificate to use a series of services.
However, there are considerable difficulties and problems in using and managing current identity information. First, the inconvenience of issuing and using public certificates is. If you want to use apps and various services through the Internet, it is necessary to authenticate your ID through a public certificate. However, the process of issuing the certificate and its use itself create considerable time friction, given the overall economy. That is, I am wasting considerable resources on proving myself.
Second, there are concerns about identity data leakage and theft. In order to use various apps or services in the current Internet environment, the right to collect and use personal information of users of the service must be allowed. At this time, the user does not have the ability or means to control his or her personal information, but the service provider stores vast amounts of personal information on the central server. What could happen in this case? The problem has already been experienced many times by many countries. In 2014, a large amount of personal information leakage happened at a credit card company in Korea! In addition, there have been frequent incidents of personal information leakage by users in large enterprises such as Auction (e-bidding company), Nexon (Korea’s No.1 game company), and Nate (search portal). Under the current system, accidents, whether inadvertently or malicious, cannot be prevented in advance. And the damage is severe. Once personal information is leaked, it is common to suffer from persistent spam. In the extreme, he or she could be the victim of a crime.
Personal information leakage incident of credit card company in S. Korea : In 2014, an employee of a credit rating company (KCB) illegally sold personal information of credit card companies such as KB Card, NH Card, and Lotte Card to loan ad companies. The amount of personal information leaked is about 100 million, which could be said to have leaked information about almost all economically active people. The details of the information leaked were ‘name, resident registration number, mobile phone number, home phone number, e-mail address, home address, company address, company information, card number, expiration date, credit limit.’
If a blockchain-based database supports ID, it can solve all of the problems seen earlier. Personal information can be prevented from being distorted. In addition, there is no problem with information leakage as users of the service can authenticate their identity without having to entrust all personal information to the service provider. Individuals can also have the right to control their identity. Indeed, each individual is the owner of his or her identity.
On the other hand, considering that the largest demand for a safe and efficient identity system is a country, the importance of a decentralized identity authentication system becomes greater. States have a duty to create, retain and manage the personal information of all populations operating within their borders. Furthermore, it is necessary to efficiently manage the personal information of the public in order to support efficient government services. Let’s take a real example. The U.S. National Tax Service (IRS) has used an identification number (PIN) code that can be identified when processing income tax payments and rebates. However, the IRS has often been leaked tax information by hackers. Hackers used stolen tax information to get a PIN and then received hundreds of tax refunds in their bank accounts. If the blockchain-based decentralized identity authentication technology is successfully established, it can eradicate these tax frauds and provide faster and safer government services. So, of course, wouldn’t the government use the DIDs system?
If so, there will be sufficient economic incentives for MS to develop DIDs apps. Think about it. Identity Authentication is essential to carry out work that requires ‘buy power’ in the current internet environment or to receive financial and government services. However, conventional identity problems were extremely slow, dangerous, and inefficient. If there is a safe and fast identity service in this situation, isn’t it just a blue ocean? If the technical problems that Microsoft is considering (such as Layer 2 protocol) are successful, it can create bank accounts, subscribe to Facebook, and receive government services in just a few seconds. Users’ efforts and time can be reduced and costs can be reduced. Naturally, there will be an increased demand for decentralized identity and a love call from many service providers. In fact, DIDs’ software is a killer app that connects all apps and services. I can’t imagine receiving an important service without proof of identity.
What remains is a technical issue. Although safety is met for a blockchain base, it cannot replace the current identity system unless sufficient ‘speed’ is guaranteed. That is why Microsoft is considering layer 2 systems such as lighting networks. At this time, layer 2 system is a solution to solve scalability problem. Creating additional data layers on a blockchain and synchronizing transactional information with each other while exchanging and receiving blockchain information. For example, a lighting network does not record transactions between two processes that open and close a payment channel in a block chain, so approval can be processed quickly without waiting for a confirmation. Then, DIDs from Microsoft will move with similar mechanisms. The ID data itself is stored in the identity hub and the task of performing ID authentication is quickly approved by off-chain transactions. And the only result is that it is stored on a blockchain.
If decentralized identity systems are successfully developed, our lives can change much more safely and efficiently. This is why Microsoft is interested in the block chain and many blockchain projects are scrambling to develop identity applications. Bridan Blumer, CEO of Blockone, declared that the first of many existing public block chains to implement decentralized ID authentication technology and record the most IDs on the blockchain would be the winners of the game. Of course I agree entirely with the idea. The day will come soon when our favorite and beloved services and apps will be implemented on the blockchain. When that happens, you can create bank accounts in seconds, get safe and immediate government services, and never be mistaken for spam accounts in the community.