Microsoft’s dream of decentralized credentials enters the real world

For years, technology companies have touted blockchain technology as a way to develop secure and decentralized identity systems. The goal is to build a platform that could store information about official data without holding the actual documents or the details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralized ID platform can store a validated token that confirms the information it contains. Then when you are patented in a bar or need proof of citizenship, you can share those pre-verified credentials instead of the actual document or data. Microsoft has been a leader in this pack and now details tangible progress towards its vision of decentralized digital ID.

At its Ignite conference today, Microsoft announced that it will launch a public preview of its “Azure Active Directory verifiable credentials” this spring. Think of the platform as a digital wallet like Apple Pay or Google Pay, but for credentials rather than credit cards. Microsoft starts with things like college transcripts, diplomas, and work credentials, letting you add them to its Microsoft Authenticator app with two-factor codes. He is already testing the platform at Keio University in Tokyo, with the Flemish government in Belgium and with the National Health Service in the UK.

“If you have a decentralized ID, I can check, for example, where you went to school, and I don’t need you to send me all the information,” says Joy Chik, vice president of the school. Microsoft’s cloud and corporate identity division. “All I need is to get these digital credentials and since they’ve already been verified I can trust them.”

Microsoft will be releasing a SDK in the coming weeks that organizations can use to start building apps that issue and request credentials. And in the long term, the company says, it hopes the system can be used around the world for everything from renting an apartment to establishing the identities of struggling undocumented refugees – a dream of virtually all identification efforts decentralized.

In the NHS pilot, for example, healthcare providers can apply for access to professional certifications from existing NHS healthcare workers, who in turn may choose to authorize this access, streamlining a transfer process to another establishment that previously required much more involved feedback. back and forth. In Microsoft’s setup, you can also revoke access to your credentials if the recipient no longer needs access.

“In the NHS system, in every hospital that health workers go to, it took months of effort to verify their credentials before they could practice,” Chik says. “Now it literally takes five minutes to get registered at the hospital and start treating patients. “

Interoperability is a major obstacle to the widespread adoption of a decentralized identification system. Having 10 competing executives wouldn’t make it any easier for anyone. Currently, there are potential competitors, such as a Mastercard offer which is still in the testing phase. Microsoft’s omnipresence potentially makes it a good candidate for rallying a critical mass of users. With that in mind, the company has developed Azure Active Directory verifiable credentials from open authentication standards, such as WebAuthn from the World Wide Web Consortium. This should make it easier for customers to adopt the platform and other tech giants to support its use in their products as well. Currently, Microsoft is working with digital identity partners Acuant, Au10tix, Idemia, Jumio, Socure, Onfido, and Vu Security to drive the platform, and Chik says the goal is to quickly expand this list over time. .