Open-source development has always enjoyed a little juice from the private sector.
One of the most notable examples is Red Hat Software, a multibillion dollar corporation that has built open-source software for the international community. It was purchased by IBM in 2019 but still carries out its original function.
Microsoft is another example of a highly profitable private company that releases open-source software. The computer monolith has helped to maintain the Linux source code for some time. It supported the software on its Azure cloud program and eventually integrated the Linux kernel into its own OS.
The company also has an affinity for Bitcoin, apparently. As we covered in the spring of 2019, Microsoft has tasked a development team to build a decentralized identity system on top of Bitcoin. Dubbed ION, the second layer network, like Bitcoin’s Lightning Network, will feature its own node structure to complement Bitcoin’s own and will be completely open source.
Project lead Daniel Buchner believes that this system could unlock a radical new methodology for digital ownership and online credentials. Bitcoin Magazine sat down with Buchner to discuss the project, what prompted Microsoft to pursue it and what the future of the internet with digital IDs will look like.
Selling Microsoft on Bitcoin
Microsoft has had a longstanding tradition with open-source projects. So how did ION become part of that legacy? Was it a hard sell to get Microsoft building on Bitcoin?
I started the group that works on decentralized IDs (DIDs) at Microsoft. There are some tactical things we had to do. For the DIDs to really be a reality, you have to make them capable of standing up to the volumes that you expected. So often when you see this piloted, it’s [with] a few hundred participants [and] it works fine. But when you start thinking about having to deploy it on the scale that we want to — 1.5 billion people — you crunch the calculations and you realize it’s not going to work.
So, for us, Bitcoin was a necessary condition for success. The reason it wasn’t a super hard sell was that it was something we had to have and we knew we couldn’t own it. We wanted something that was differentiated and decentralized — because otherwise we could do this with a database like Azure.
So it’s actually a business problem. We currently can’t issue digital IDs that are owned by the user and not a company. It’s not just because we want to do the right thing but it’s right from a business perspective.
With Bitcoin, one of the biggest elements of this — and this did take some understanding — was security. All of those other use cases being possible is actually a symptom of no one controlling it. What we really made our decision based on was the decentralized nature plus the security. It’s the cost of attack and how you order transactions that’s important. When we started crunching the numbers, we realized that Bitcoin was the only chain that would probably be too costly to attack.
So was Microsoft pretty ready to support this when it realized it could leave all the rest of Bitcoin’s use cases behind and just focus on the base layer’s security and timestamping?
It became easier when it got down to dollars and cents — we said, “Here are the attack vectors within the realm of possibility, here are all the different technologies in the stack. Look, if you take away all of what the news media or what people say about how these technologies are used, you have empirical data.”
The options and choices became pretty clear because it’s just about hard numbers. There are still subjective fears, but at the end of the day, security is security is security.
What does Microsoft get out of building open-source software?
It’s not selfless. I mean, we’re doing it for the right reasons, but we have to have a scalable system for DIDs that is viable at the implementation scale we require. We looked around and that just wasn’t there. It’s kind of like a secondary benefit because this exists, we can do a credential use case. Something like LinkedIn could have credentials that back it so you don’t have a bunch of fake accounts. We will not actually derive any economic benefit. Operational costs are low enough that it will be very a small cost compared to other identity services we run.
The Importance of Bitcoin-Based Decentralized IDs
With that example in mind, could you speak to the importance of DIDs for the internet and its users?
Everything in the world you see around you today, there are few cases of true digital identity. People are used to accounts, but that’s not really identity — that’s a password to get into someone’s server somewhere. Your accounts are not yours, your email is not yours — if those companies disappear, those are gone. The issue becomes, you can’t have legal, personal and business assurance of the continuity of anything tied to those accounts.
Imagine the moral hazard if I had an…