Digital Identification on the Blockchain with Microsoft's ION

This article describes the concept of digital identification on the blockchain and the working mechanism of Microsoft's ION.


From time immemorial, identification has been an integral part of the human race signified by many things such as tribal marks, body piercings, etc. In short, all humans have an identity, but how we identify ourselves has continually changed over the years.

Humans identify themselves through identification cards, which is important to confirm our identity relating to people or organizations. For instance, anyone opening a bank account, checking into a hotel, traveling out of a country, or even applying for a driver's license needs a form of identification card that is personal to the owner.

The advent of technology has reshaped how humans can identify themselves, especially online (digital) identification. As the way to represent identity changed gradually from analog to digital (internet), many people lost the liberty to manage their identity credentials online. This has prompted the belief in some people that blockchain could be the answer to the identity problem created by the internet since it is purely decentralized.

The identification on a blockchain will limit the control of people's identity to their own hands instead of a third party. Hence, they have complete control over their data.

This article goes beyond identity on the blockchain to exploring in detail the Microsoft ION identity solution. It defines identity on the blockchain, discusses how ION works and the various architectures and system features that make it unique from other identity networks on the blockchain. 

What is Digital Identification in Blockchain?

Digital identification in the blockchain uses blockchain principles to create an identity card and provide management in such a way that gives control to the owner rather than a third party. Since the first blockchain implementation in bitcoin, it has been useful in various applications, including identity, healthcare, supply chain, etc.

Thanks to Bitcoin, a decade ago, that aroused the curiosity of developers, cryptographers, and distributed systems engineers to solve the problems associated with centralized identity systems. Today, cryptographers and other distributed system players are deploying identity solutions on various blockchains, viz; Bitcoin's ION, Cardano's Atala Prism, Ethereum's Element, and so on.

The distributed system community, through groups like Internet Identity Workshop IIW, World Wide Web Consortium W3-C, Rebooting Web of Trust RWoT, are exploring the ideas and technical processes of the traditional identity system. Hence, proposing decentralized identities to achieve a fully distributed and decentralized identity. The purpose behind DID, a foundational technical component of decentralized digital identity, is to give ownership and control to individuals.

While many solutions are proffered, the common denominator is finding a scalable, user-owned unique identifier to a set of cryptographic keys and routing endpoints. So many solutions thus far are not focused on achieving a scalable and decentralized network that doesn't require utility tokens, consensus mechanisms, and trusted validator nodes.

In response to the above-stated issue, Microsoft proposed and launched Identity Overlay Network, also known as ION. Before exploring the solutions, architectures, and killer features of Microsoft's ION, it is crucial to discuss in-depth more about identity.

Why Digital Identification on Blockchain?

Digital identification on the blockchain could solve some of the problems associated with our present identification process. These problems are:

Models of Digital Identity Management

What is Self-Sovereign Identity?

Before defining Self-Sovereign Identity, we should understand that the user-centric model cannot give autonomy, which users need. So, the SSI was introduced to provide sovereignty and put total control in the hands of users.

Self-Sovereign Identity (SSI) is a digital identity that people can store on their devices without relying on an external party. The concept of SSI is purely decentralized and gives the power to create and manage an individual's identity to the owner instead of a third party.

The Working Priciple of Digital Identity on the Blockchain

The digital identity in a blockchain is decentralized, and it operates based on the following components:

Advantages of Digital Identification in Blockchain

Blockchain identification has numerous advantages, which are elaborated on below.

What is ION?

The idea behind ION is to achieve a scalable, resilient, user-owned decentralized identity system where users do not need utility tokens, consensus, and trusted validated nodes. By implication, users own and operate their nodes. ION is a layer 2, public, permissionless, decentralized DID overlay network that runs atop the Bitcoin blockchain and leverages a deterministic DPKI protocol called Sidetree.  

Before fully deploying ION in early March, Microsoft started exploring Sidetree between 2017 and 2018. During this period, they determined if it was worth investing in. Upon realization, the team worked in collaboration with SecureKeyMattr, Consensys, Transmute, GeminiBitpayCasa among others to codify Sidetree into a formal specification with the decentralized identity foundation.

ION Architecture

Microsoft ION Architecture

Microsoft's ION comprises a collection of microservices, including a Bitcoin Core, IPFS, and MongoDB (for local data persistence). Simply put, the majority of ION's code comprises Sidetree protocol. As a Sidetree based DID network, it combines Sidetree logic module; a chain-specific read/write adapter, a content-addressable storage protocol (e.g., IPFS), MongoDB, and an existing layer one protocol. 

The content-addressable storage protocol like IPFS helps replicate data between nodes. The above combine to form the Sidetree protocol that enables the creation of layer 2 DID networks that run atop existing blockchains (layer 1) at thousands, or even tens of thousands, of PKI operations per second. The Sidetree requires no additional consensus like several other layer 2 solutions. It simply relies on a decentralized chronological ordering of operations provided by the underlying blockchain. Unlike monetary units and asset tokens, IDs are not intended to be exchanged and traded. To achieve greater scalability without relying on additional layer 2 consensus schemes, trusted validator lists, or special protocol tokens. Also, the Sidetree is designed to allow all nodes of the network to arrive at the same Decentralized Public Key Infrastructure (DPKI) state. This allows an identifier based solely on applying deterministic protocol rules to chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via IPFS.

ION Working Mechanism

Microsoft ION working


ION leverages a single on-chain transaction, blockchain-agnostic Sidetree protocol to anchor tens of thousands of DID/DPKI operations on a Bitcoin chain. The ION node processes and encodes transactions with a hash used to fetch, store, and replicate the hash-associated DID operation batches via IPFS. Without requiring an additional consensus, the nodes process the hash associated DID operation batches following a DIF's set of deterministic rules, enabling them to independently arrive at the correct DPKI state for IDs in the system. The nodes are designed to fetch, process, and assemble DID states in parallel, and also, the aggregate capacity of nodes can run at tens of thousands of operations per second.

How to Run ION and Create DIDs

To run ION, you need to meet certain hardware and software requirements. 

Hardware requirement; 

Software requirement

Make sure you have running on your machine, Windows, or Linux operating system. Upon meeting the listed prerequisites, follow the below to run ION and create DIDs; 


Though digital identification in the blockchain is a field that is still new, it gives an assurance of more tight and user-centered control of one's data than centralized databases. It reduces the risk of getting people's information to hackers who use it for different nefarious activities. Microsoft proffered a scalable, resilient, user-owned identity management system that doesn't require utility tokens, trusted validator nodes, and additional consensus mechanism through ION, a layer two solution to decentralized identity.

Also read DeFi Lending: A Primer


Hegic protocol is the non-custodial, decentralized, and on-chain Option trading platform built on the Ethereum blockchain. Hegic allows you to buy WBTC and ETH Options or sell ETH Options using the Hegic token. To sell, you have to provide liquidity.

What is an Option?

An Option is a smart contract that gives you the right to buy or sell an underlying asset at a specific price within a certain time frame. There are two types of Options which are the Call and Put Option.

Call Option 

A Call Option is a contract that gives you the right but not the obligation to buy an asset at a certain price on or before a particular date. A buyer is known as a holder. 

Put Option

A Put Option is a contract that gives you the right but not the obligation to sell an asset at a specific price within a particular time frame. A seller is called a writer.

Strike Price

A Strike Price is the fixed price at which you can buy or sell an underlying asset if the Option is exercised (i.e., if you decide to buy or sell an asset). For example, the Strike Price is the buying price for Call Options and the selling price for a Put Option.

Option Premium

The price of an Option contract is called an Option Premium. There are four ways to trade Options, which are:

Buy Call

A Buy Call is a price above the Strike Price that you can exercise your right to buy. You may be wondering why you should buy an asset above the current price. The reason is explained with the example below. A Premium is paid to make a Buy Call. The risk involved with a Buy Call is minimal, as the maximum amount you can lose is the premium paid.

For example, if the Strike Price of Ethereum is $500, you can place a call to buy it at $600 within a week. Instead of paying $500 for the Ethereum now, you will pay $100 (Premium), and once the price gets to $700, you can exercise your right to buy and have made a net profit of $100. Your net profit is $100 because the Premium is subtracted from the total profit.

If the price is at $600 or below at expiration, the Option will expire worthless, and you will lose $100 (Premium) rather than $500 if you had bought without using an Option.


Buy Put

A Buy Put is the price below the Strike Price that you can exercise your right to buy. A Premium is also paid to make a Buy Put. The risk involved with a Buy Put is minimal, as the maximum amount you can lose is the Premium paid.

For example, if the Strike Price of Ethereum is $500, and you place a Put-Call at $400 within a week at a premium fee of $10, you can exercise your right to buy once the price gets to $400 or below before the expiry date. You will make a profit of $90 because the Premium will be subtracted from the gain. If the price does not decrease below $500 at the end of the week, you will lose just $10.

Sell Call

A Sell Call is a choice you make to sell a Call Option when the price falls below the Strike Price. A Premium is paid by the buyer of the call to you. Risk is high, as you are obliged to sell at the Strike Price if the buyer exercises the right to buy.

For example, if the Strike Price of Ethereum is $300, and the price falls below the Strike Price at the contract’s expiration. The seller will get a profit from the Premium paid. If the price becomes higher than the Strike Price, the seller will have an obligation to sell Ethereum at $300.

Sell Put

A Sell Put is the choice you make to sell a Put Option when the price falls below the Strike Price. A Premium is paid by the buyer of the call to you. Risk is high, as you are obliged to sell at the Strike Price if the buyer exercises the right to sell.

For example, if the Strike Price of Ethereum is $300, the price rises above the Strike Price at the contract’s expiration. The seller will get a profit from the Premium paid. If the price becomes lower than the Strike Price, the seller will have an obligation to buy Ethereum at $300.

Factors Affecting Option Prices

Three elements affect the Options price. These elements are:

Time to Expiration:

The time remaining for an Option contract to expire is called the Time to Expiration. A holder or writer can decide to exercise the, stop the contract to take profit or loss before the contracts expire, or let the contract expire and become worthless. 

Underlying Asset’s Price:

This is the Strike Price set for an asset. Any price above the underlying asset’s price in the Call Option is called out of the money. At the same time, any price below it is called in the money. The reverse is the case for the Put options. An increase in the underlying asset price causes an increase in the Call Option Premium and a decrease in the Put Option. A reduction in the asset price causes a decrease in the Call Option Premium and an increase in the Put Option. 


This is the extent to which an asset’s price swings. It can be a high volatility asset or a low volatility asset. The higher the volatility, the higher the price, and the lower the volatility, the lower the price. 


In conclusion, Hegic uses the American style Options to exercise your right before the expiration date. This style of usage is an excellent advantage of Hegic over the other decentralized Option trading platform.

Also read about Opium protocol.