Decentralized Identity, IPFS and ION

by Dietrich Ayala on 2020-06-11

IPFS logo and ION logo

Identity is a key part of how we all interact with each other on the internet every day—sometimes every moment of every day. And sometimes each raging moment as we do the “forgot your password?” dance yet again. Regardless, forging a path forward for user-controlled online identity is a table-stakes requirement for the dweb to succeed.

But, identity is hard. There are no easy solutions for interoperable decentralized digital assertions of self. Privacy, security, validity, access control, surveillance, GDPR, KYC, anonymity. It’s like Inception but each nested dream level is the same minefield, and those minefields are littered with projects that’ve tilted at the identity windmill, leaving naught behind but vinyl stickers slowly being covered up on our laptops.

Hope has not forsaken this land. The Decentralized Identity Foundation has been plugging away at this challenge for many years, as have groups like Rebooting the Web of Trust. And there’ve been efforts to build decentralized identity systems on top of IPFS, such as IPID,, the IPFS IDM, and most recently the Ceramic Network.

However, today we’re celebrating the launch of a decentralized identity protocol and service from an unlikely place: Microsoft.

Microsoft has been increasingly present in open-source tools and services in the past few years, and has now launched a standards-based decentralized identity service called ION.

ION logo

ION has been under development for over a year, and is an instance implementation of Sidetree (a blockchain-agnostic distributed PKI protocol) that runs on the Bitcoin blockchain.

And it stores transaction data on IPFS.

ION architecture diagram

Like HTTP, IPFS does not have user identity built into the protocol. However, IPFS provides resiliency, validation, and future-proofing features that HTTP cannot:


The ION implementation is in JavaScript (specifically, TypeScript) so it made sense for them to use js-ipfs as a Node.js service. ION rolls up batches of identity transactions, publishes it through their IPFS node, and then writes the address (CID) of that batch to the Bitcoin blockchain.

In order to meet Microsoft’s needs for using js-ipfs as a long-running process we added cancelable requests to all APIs, ensuring that as requests were being made and handled, the underlying objects, memory, file handles, and other resources created up and down the stack are cleaned up properly. Huge thanks goes to Alex Potsides (@achingbrain) for implementing this long-needed feature, which shipped in js-ipfs 0.44.0.

What this looks like for developers is the ability to set timeouts on requests:

const cid = new CID('QmWillNeverResolve')

try {
  await ipfs.get(cid, {
    timeout: 1000 // abort after 1000ms
} catch (err) {
  console.err(err) // err is a TimeoutError

Try ION Now!

This is the public beta of ION, and it is now running live on the Bitcoin blockchain.

In the launch post, Microsoft’s ION project lead Daniel Buchner explains how to run a node and use decentralized identities in your apps and services today.

The project is open source, built on open standards, and you can run your own node—so try it out or contribute to the project today!