Analyse dezentraler Identifikation mittels Sidetree-Protokolls, am Beispiel von Microsoft ION
(2021)
This master thesis deals with the field of decentralized identification, using the example of the Microsoft Identity Overlay Network (ION). In the introduction, basic terms such as identity and identification are described. A special emphasis is placed on the explaining of the principle of decentralized identifiers (DIDs) and the SSI concept. ION is an implementation of the Sidetree protocol and uses its core components. This is the reason why more details and special parts of Sidetree are described in the methods chapter. Afterwards the ION history and network topology is typify more in detail. An ION node will be installed and operated on top of the Bitcoin blockchain. The installation process and the problems that arise are recorded. Then the ION tools (a programming library and its values) will be explained and the example program code is shown. As a practical addition of the ION tools, a verifiable credential solution is scripted. This solution shows the creation of ION-DID and the signature options of these identifiers. In the results chapter the knowledge acquired via the decentralized identification is evaluated. A theoretical security analysis for ION is implemented. Furthermore, a list of the currently possible uses for the network is enumerated. A discussion is initiated that compares the advantages and disadvantages of ION. The thesis ends with a conclusion and an outlook for ION and decentralized identification.
Traditional user management on the Internet has historically required individuals to give up control over their identities. In contrast, decentralized solutions promise to empower users and foster decentralized interactions. Over the last few years, the development of decentralized accounts and tokens has significantly increased, aiming at broader user adoption and shared social economies.
This thesis delves into smart contract standards and social infrastructure for Ethereum-based blockchains to enable identity-based data exchange between abstracted blockchain accounts. In this regard, the standardization landscapes of account and social token developments were analyzed in-depth to form guidelines that allow users to retain complete control over their data and grant access selectively.
Based on the evaluations, a pioneering Solidity standard is presented, natively integrating consensual restrictive on-chain assets for abstracted blockchain accounts. Further, the architecture of a decentralized messaging service has been defined to outline how new token and account concepts can be intertwined with efficient and minimal data-sharing principles to ensure security and privacy, while merging traditional server environments with global ledgers.
DID-Methoden, Wallets, Agents und Verifiable-Credentials sind grundlegende Begriffe im Kontext von Self-Sovereign-Identity (SSI) und stellvertretend für neuartige Methoden der Identitätsverwaltung im Internet. Es werden gegenwärtig Entwürfe von Standards und Spezifikationen unterschiedlicher Gruppen und Gremien forciert, die dem Paradigma von SSI gerecht werden wollen. Aus der Vielzahl technologischer Ansätze, die bereits entstanden sind, werden einige wichtige näher betrachtet und hinsichtlich ihrer Interoperabilität untersucht. Ausganspunkt ist dabei der Trust-over-IP-Stack, wie er von gleichnamiger Organisation (Trust-over-IP-Foundation) vorangetrieben wird. Dabei spielen weitere Normungsgremien eine Rolle, wie z. B. die Decentralized-Identity-Foundation (DIF) oder das World-Wide-Web-Consortium (W3C). Gegenstand der Untersuchung ist der aktuelle Stand der Technik und dessen Implikationen hinsichtlich ihrer Interoperabilität, Portabilität sowie dem angestrebten Ziel der Dezentralisierung. Dabei stehen insbesondere die beiden Entwürfe zu den Standards der Decentralized-Identifiers und des Verifiable-Credentials-Data-Models im Mittelpunkt. Es werden aber auch weitere Spezifikationen betrachtet, die diese ergänzen und für derartige Identitätsverwaltungssysteme von Bedeutung sind.