Scalable, Flexible Infrastructure for Decentralized Identity
This week, the DIF Steering Committee officially approved the first major release of the Sidetree Protocol specification, "v1" so to speak. This protocol has already been implemented, and four of its implementers have been collaborating intensively for over a year on expanding and extending this specification together.
What exactly is a “Sidetree”?
Sidetree is a protocol that extends “decentralized identifiers” (DIDs), one of the core building blocks of decentralized identity. Decentralized identifiers (DIDs) enable a person or entity to securely and directly “anchor” their data-sharing activities to a shared ledger, secured by cryptography. The first generation of DID systems accomplished this with a 1-to-1 relationship between “blockchain addresses” (cryptographic identities) and the more flexible, powerful addresses called DIDs. These latter functioned as privacy-preserving extensions of the blockchain addresses to which they were closely coupled. In this way, each DID effortlessly inherited the formidable security guarantees of those blockchains-- but in many cases, they also inherited scalability problems and economic models that were a bad fit for many DID use-cases.
Sidetree is a systematic, carefully-engineered protocol that loosens that coupling between anchor-points on a distributed data system (usually a blockchain) and the DID networks anchored to them. Crucially, it replaces the 1-to-1 relationship with a 1-to-many relationship, pooling resources and security guarantees. Depending on the use-case and implementation strategies chosen, the protocol can optimize for scalable performance, for developer-friendly ergonomics and SDKs, for the portability of DIDs and networks of DIDs across multiple anchoring systems, and even for high-availability in low-connectivity contexts where a global blockchain cannot be relied upon directly.
The name “sidetree” combines two hints as to its early technical inspirations and superpowers. Each Sidetree network functions as a kind of identity-specific “Layer 2” overlay network where participating nodes root aggregated operational data into transactions of the underlying chain. This mechanism has many high-level conceptual similarities with the “sidechains” of other “Layer 2” systems, such as the Lightning network running atop Bitcoin or state channel implementations on Ethereum. It also shares with merkle “trees” (and DAGs like IPFS) the self-certifying property of content-addressability, a core building block of decentralized and distributed systems.
Leveraging concepts from sidechains and “Layer 2” network protocols, Sidetree was first proposed by Microsoft’s Daniel Buchner and has been incubated in the DIF community, evolving along the way with major contributions from a growing list of DIF members.
The team that delivered the specification
A global consumer and enterprise app, service, hardware, and cloud infrastructure provider whose mission is to empower every person to achieve more. Microsoft is proud to have worked on Sidetree and implemented the Sidetree protocol via its contributions to ION. As a key piece of infrastructure that is foundational to its Decentralized Identity work, Microsoft is committed to the continued development of Sidetree and ION in DIF.
SecureKey is a leading digital identity and authentication provider, and is a champion of the ecosystem approach to decentralized identity and verifiable credentials, revolutionizing the way consumers and organizations approach identity and attribute sharing in the digital age. This ecosystem-first philosophy informs our investment in Sidetree as a protocol for extensibility and scalability, which can evolve its featureset, and its network model over time. Of particular technological interest to us is how Sidetree can be overlaid on a wide variety of ledger and propagation systems. This will enable identity systems that span many use cases and work across public blockchains, federation and witness protocols, and permissioned blockchains without being locked to any particular ledger technology.
Transmute uses decentralized identifiers (DIDs) and verifiable credentials (VCs) to secure critical trade data by digitizing key trade documents so that they’re traceable and verifiable anywhere in the world, easily accessible and selectively shareable, searchable and auditable, and impossible to forge or alter. Transmute contributed to Sidetree’s development because it leverages batch processing capabilities to achieve enterprise scale and retains maximum optionality for our customers, allowing their business to span many blockchains and trust frameworks. Transmute sees Sidetree-based networks as necessary for scaling up decentralized identity capabilities to a global enterprise scale, where thousands of verifiable transactions per second can be processed at an unbeatable price.
Mattr works with communities and a growing network of companies to shift industries like digital identity towards a more equitable future, providing tools to support digital inclusion, privacy and end-user control. Sidetree represents a significant leap forward in thinking around how to create truly decentralized infrastructure for resilient identifiers. We welcome the agnostic and extensible approach not just to distributed ledgers but also to content addressable storage and other building-blocks of flexible infrastructure. We look forward to integrating many of the DID systems coming out of the Sidetree standardization effort.
The first generation of Sidetree Systems
Transmute maintains Sidetree ledger adapters for Ethereum, Amazon QLDB, Bitcoin and Hyperledger Fabric. We also support interoperability tests with DID Key, the Universal Wallet Interop Spec, the VC HTTP API, and Traceability Vocabulary. Transmute has built Sidetree.js, an implementation of the Sidetree protocol based on the DIF’s codebase that focuses on modularity: it is a Typescript monorepo where each component of a Sidetree node (Ledger, Content Addressable Storage, Cache database) can be substituted with different implementations that use a common interface.
SecureKey has created a ledger-agnostic Go implementation of Sidetree along with Orb and Hyperledger Fabric variations built on top. The did:orb method enables independent organizations to create decentralized identifiers that are propagated across a shared decentralized network without reliance on a common blockchain. By extending Sidetree into a Fediverse of interconnected registries, Orb provides the foundation for building digital ecosystems on top of decentralized identifiers using a federated, replicated and scalable approach.
Microsoft is a primary contributor to ION, an open source, public, permissionless implementation of Sidetree on the Bitcoin ledger. There are several repositories and public utilities that make working with ION easier, including:
- ION GitHub repo: the main repository for the code that powers ION nodes
- ION Install Guide: A step-by-step guide for installing an ION node
- ION Explorer: A graphical interface for viewing DIDs and auditing other data transactions published to the public ION network.
What's next for Sidetree
One significant feature on the horizon is to add support for pruning of verbose lineage data (which is no longer needed to maintain the secure backbone of DIDs in a Sidetree implementation) at Sidetree’s anchor points. This addition will allow Sidetree-based networks to purge upwards of 95% of legacy operation data in a decentralized way that maintains all of the security guarantees the protocol currently makes.
Another near-future feature is the so-called “DID Type Table.” DIDs in various DID Method implementations may be typed to provide an indication as to what they DID might represent. The Sidetree WG will publish a table of types (not including human-centric types) that stand for organizations, machines, code packages, etc., which DID creators can use if they want to tag a DID with a given type.
The medium-term roadmap is up for discussion, so if you have ideas get involved!