Microsoft has announced a new, early preview of a distributed identity system running on top of the bitcoin blockchain that it envisages can offer a workable alternative to systems like Facebook Login, the social network's authentication service for users logging into different apps across iOS, Android, the web, Windows 10, and other devices.
The latest component of Microsoft's answer to this challenge is ION, or Identity Overlay Network, an identity system that could offer a different online identifier to ones used today, such as a Google Gmail addresses or a user name from a particular app, like Facebook.
SEE: 10 tips for new cybersecurity pros (free PDF)
As Microsoft's Alex Simons recently pointed out: "Presently, most of our digital identity and personal data is controlled by a few central service providers. These providers, generally corporations, control our data, including having the ability to deny or revoke access to it."
Microsoft envisages that identifiers and public cryptographic keys can be 'anchored' to the blockchains or ledgers of various cryptocurrency, such as bitcoin or ethereum.
In this vision, identity hubs would be used to store identity information, official paper documents, and so on in a way that users control, rather than a central provider. These would be combined with a Decentralized Identifier, or DID, registered on a blockchain and linked to one or more public keys. Users prove ownership by possessing the corresponding private key.
ION runs on the bitcoin blockchain and, according to Simons, addresses the performance issues that stand in the way of a global decentralized identity system, allowing for tens of thousands of operations per second. This moves it closer to the scalability of an identity service like Microsoft's own Azure Active Directory systems that employees use to sign into enterprise networks.
According to Daniel Buchner, a senior program manger from Microsoft's identity division, ION enables much larger throughput than existing decentralized systems.
"While blockchains unlock the ability to create highly secure, censorship-resistant identity systems, their transactional volumes are severely limited when compared to traditional systems. The most robust, decentralized, public blockchains operate at just tens of transactions per second, nowhere near the volume a world full of DIDs would demand."
To achieve scalability, Microsoft has been working with others on a blockchain-agnostic protocol for creating DID networks called Sidetree, which ION is based on.
"ION is a public, permission-less, open network anyone can use to create DIDs and manage their Public Key Infrastructure (PKI) state," says Buchner.
"ION is designed to deliver the scale required for a world of DIDs, while inheriting and preserving the attributes of decentralization present in the bitcoin blockchain.
It's still early days for the protocol, which is not ready for testing. But he notes that on low-powered consumer hardware Microsoft has observed "tens of thousands of DID operations per second". However, ultimately the goal is for the decentralized identity system to support "millions of organizations, billions of people, and countless devices".
Facebook CEO Mark Zuckerberg has also entertained the idea of using blockchain for Facebook login, but it could also mean Facebook has less control to cut off third-party apps, such as the personality quiz app that gave Cambridge Analytica data on millions of Facebook users.
Zuckerberg recently described the technology in a chat with a Harvard Law professor, as reported by The Verge.
"You basically take your information, you store it on some decentralized system and you have the choice of whether to log in in different places and you're not going through an intermediary.
"There's a lot of things that I think would be quite attractive about that. For developers, one of the things that is really troubling about working with our system, or Google's system for that matter, or having to deliver services through Apple's App Store is that you don't want to have an intermediary between serving the people who are using your service and you.
"Where someone can just say, 'Hey, we as a developer have to follow your policy and if we don't, then you can cut off access to the people we are serving'. That's kind of a difficult and troubling position to be in."
More on Microsoft and security
- Microsoft recommends using a separate device for administrative
- Microsoft SharePoint servers are under attack
- Microsoft security chief: IE is not a browser, so stop using it as your default
- Microsoft Build 2019: Microsoft launches election security service, SDK
- Microsoft wants to kill Windows password expiration policy TechRepublic
- Microsoft rejected facial recognition sales out of concern about misuse CNET