Ion ID

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

One brand of Decentralized ID (DID) originated by Microsoft based on a high performance side tree.[1]

Context

Every one knows the problem with identities on the internet. They are not under the control of users, who are extremely interested in their own Identity and want their own Privacy.

  • The current paradigm in open identity is for each conforming Relying Party to provide a list of Identifier or Attribute Providers that the User could chose from to allow access.
    • In this model it was up to the Relying Party to establish a link and share a secret with the Identifier or Attribute Provider in advance of any transactions.
    • It also required the user to pre-register with one or more of those providers, typically one of the big social sites, like: Google, Microsoft or Facebook.
  • The current most common protocol for some sort of a Distributed Identity was OpenID Connect which included Self-issued Identifier, but that feature of OpenID Connect had not been deployed in 2018.
  • Microsoft Launches Decentralized Identity Tool on Bitcoin Blockchain[2] which gets better performance at less cost with a technique which is derived from sidechains[1].

Problems

  • The big problem is Trust where there are no standards or examples of any trust without a history of trusted behavior.
  • Proof of Persistent Identity must be provided. This can be little more than the inclusion of a public key in a block chain, but that cannot provide any Assurance of protection of the Credential.
  • Most "pure" Blockchain solutions require more energy or time that is appropriate for a user on a Smart Phone.

Solutions

  • Side chains are one solution to the time and energy requirement for a full Blockchain ID solution. Ion ID is one implementation of sidechain.
  • A test registration for an Ion ID is here. "In order to complete this registration tutorial, you'll need NPM and NodeJS 8 or later installed on your machine."
  • The file to load for json is on GitHub. The following (on 2019-05-23) shows those instructions run from PowerShell in system32, that is definitely not a "best practice".
PS C:\WINDOWS\system32> npm install @decentralized-identity/did-auth-jose@0.1.12
npm WARN saveError ENOENT: no such file or directory, open 'C:\WINDOWS\system32\package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open 'C:\WINDOWS\system32\package.json'
npm WARN system32 No description
npm WARN system32 No repository field.
npm WARN system32 No README data
npm WARN system32 No license field.
+ @decentralized-identity/did-auth-jose@0.1.12
added 34 packages in 9.712s
PS C:\WINDOWS\system32>
  • the file "package.json" is on the gibhub repo. I guess it needed to be copied down first?
  • Generate keys
PS C:\WINDOWS\system32> node generate-keys.js
(node:17228) [DEP0010] DeprecationWarning: crypto.createCredentials is deprecated. Use tls.createSecureContext instead.
(node:17228) [DEP0011] DeprecationWarning: crypto.Credentials is deprecated. Use tls.SecureContext instead.
PS C:\WINDOWS\system32>
  • Get a json web token (JWT) to be signed into a signed JWT, or a JWS
{
 "@context": "https://w3id.org/did/v1",
 "publicKey": [
   {
     "id": "#key-1",
     "type": "Secp256k1VerificationKey2018",
     "publicKeyJwk": {
       "kty": "EC",
       "kid": "#key-1",
       "crv": "P-256K",
       "x": "p7Mt2Z6hXu8g_I62owqmNcrj3t1nRoWslB8eQ7JP0yY",
       "y": "KRp11VQmCLjvxTk7TWx9Pbj2fHPt5SoXQwzEYs1Cnac",
       "use": "verify",
       "defaultEncryptionAlgorithm": "none",
       "defaultSignAlgorithm": "ES256K"
     }
   }
 ],
 "service": [
   {
     "id": "IdentityHub",
     "type": "IdentityHub",
     "serviceEndpoint": {
       "@context": "schema.identity.foundation/hub",
       "@type": "UserServiceEndpoint",
       "instance": [
         "did:test:hub.id"
       ]
     }
   }
 ]
}
  • Create a JWS
PS C:\WINDOWS\system32> node make-jws.js
(node:20720) [DEP0010] DeprecationWarning: crypto.createCredentials is deprecated. Use tls.createSecureContext instead.
(node:20720) [DEP0011] DeprecationWarning: crypto.Credentials is deprecated. Use tls.SecureContext instead.
{"header":  {"alg":"ES256K","kid":"#key-1","operation":"create","proofOfWork":"{}"},"payload":"eyJAY29udGV4dCI6Imh0dHBzOi8vdzNpZC5vcmcvZGlkL3YxIiwicHVibGljS2V5IjpbeyJpZCI6IiNrZXktMSIsInR5cGUiOiJTZWNwMjU2azFWZXJpZmljYXRpb25LZXkyMDE4IiwicHVibGljS2V5SndrIjp7Imt0eSI6IkVDIiwia2lkIjoiI2tleS0xIiwiY3J2IjoiUC0yNTZLIiwieCI6IjNwWEFaWV9vNXF6VUVQUmlIeUxIQzRQTm5CSFJ1NWR3blU4SlQ5QldmUk0iLCJ5IjoiTnJ0TWJwempjb3BWTkNrWXgydTZOcldFVzU1LXpnNHo0cmFOdjIyLV9vbyIsInVzZSI6InZlcmlmeSIsImRlZmF1bHRFbmNyeXB0aW9uQWxnb3JpdGhtIjoibm9uZSIsImRlZmF1bHRTaWduQWxnb3JpdGhtIjoiRVMyNTZLIn19XSwic2VydmljZSI6W3siaWQiOiJJZGVudGl0eUh1YiIsInR5cGUiOiJJZGVudGl0eUh1YiIsInNlcnZpY2VFbmRwb2ludCI6eyJAY29udGV4dCI6InNjaGVtYS5pZGVudGl0eS5mb3VuZGF0aW9uL2h1YiIsIkB0eXBlIjoiVXNlclNlcnZpY2VFbmRwb2ludCIsImluc3RhbmNlIjpbImRpZDp0ZXN0Omh1Yi5pZCJdfX1dfQ","signature":"MEYCIQDu_16gscWY83PtUy3gbEkDF6BPBIfar0kkEtY2wsok3AIhAM1o3CUqxfHyfJlMdz3up8qiDCDD2bFiT77wfGZIi3Ih"}
PS C:\WINDOWS\system32>

References

  1. 1.0 1.1 Daniel Buchner, Toward scalable decentralized identifier systems . Microsoft Blog (2019-05-13) https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Toward-scalable-decentralized-identifier-systems/ba-p/560168
  2. Leigh Cue, Microsoft Launches Decentralized Identity Tool on Bitcoin Blockchain (2019-05-13) Coindesk https://www.coindesk.com/microsoft-launches-decentralized-identity-tool-on-bitcoin-blockchain

Other Material

  1. Decentralized Digital Identities and Blockchain perspective from Microsoft (2018-02-12) From Ankur Patel (@_AnkurPatel) - Principal Program Manager - Microsoft Identity Division.
  2. Decentralized Identity Foundation