Last year, Microsoft described the idea of a “self-sovereign digital identity,” and has now introduced a project that would shift login credentials to blockchain. With this model, users — not Microsoft — would be responsible for their own digital identities and the portable credentials would, in principle, allow access to numerous applications. Advocates of blockchain champion the concept as more private, preventing anyone from following the user’s activity on the Internet and limiting the opportunity for hacks.
Wired reports that Microsoft’s idea could “potentially scale to billions of users.” The company is currently “developing open source protocols and standards with the World Wide Web Consortium and the Decentralized Identity Foundation, whose members include Aetna, IBM, and Mastercard.” Notably missing from that team is Facebook, which is also “exploring blockchain technology.” Wired deems Microsoft’s choice of bitcoin as “curious,” because “bitcoin is notoriously slow, which has been a barrier to using it for much more than speculation.”
To overcome this obstacle, Microsoft is planning to use a solution it dubs ION, which is a “layer-two” solution “that stores and accesses your data away from the blockchain, using InterPlanetary File System (IPFS).” The company says ION can “potentially scale to allow tens of thousands of operations per second,” compared to 10 or less with Bitcoin.
Cornell University professor Ari Juels noted that this is just part of what Microsoft needs to do to create a “truly private and smooth enough” system that Internet users will accept. His group is developing a way to issue credentials that “preserves privacy, and how people will take care of their security keys.” Some also question whether “the current protocols can be trusted as a safe home for user data” since IPFS is a “less-proven system” than blockchain.
For these reasons, added Juels, widespread adoption of the system is unlikely “anytime soon,” although the fact that Microsoft is heading in this direction might encourage “a few brave souls … [to] embrace decentralization.” Eventually, says Wired, “more complex and sensitive forms of data, from insurance cards to passports, could perhaps be stored in a decentralized digital form,” although “the balkanized state of crypto — and the Internet at large” now stand in the way of such a reality.
“For a digital ID to work everywhere online, it needs buy-in from all the places that currently covet your login,” it says. “Ideally, it would work across different blockchains, so competing ID systems don’t arise.”