For years, tech companies have touted blockchain technology as a means to develop identity systems that are secure and decentralized. The goal is to build a platform that could store information about official data without holding the actual documents or details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralized ID platform might store a validated token that confirms the information in it. Then when you get carded at a bar or need proof of citizenship, you could share those pre-verified credentials instead of the actual document or data. Microsoft has been one of the leaders of this pack—and is now detailing tangible progress toward its vision of a decentralized digital ID.
At its Ignite conference today, Microsoft announced that it will launch a public preview of its “Azure Active Directory verifiable credentials” this spring. Think of the platform as a digital wallet like Apple Pay or Google Pay, but for identifiers rather than credit cards. Microsoft is starting with things like university transcripts, diplomas, and professional credentials, letting you add them to its Microsoft Authenticator app along with two-factor codes. It’s already testing the platform at Keio University in Tokyo, with the government of Flanders in Belgium, and with the United Kingdom’s National Health Service.
“If you have a decentralized identifier I can verify, say, where you went to school and I don’t need you to send me all of the information,” says Joy Chik, corporate vice president for Microsoft’s cloud and enterprise identity division. “All I need is to get that digital credential and because it’s already been verified I can trust it.”
Microsoft will release a software development kit in the coming weeks that organizations can use to start building applications that issue and request credentials. And long-term the company says it hopes the system could be used around the world for everything from renting an apartment to establishing identity for refugees who are struggling without documents—a dream of virtually all decentralized identification efforts.
In the NHS pilot, for example, healthcare providers can request access to professional certifications from existing NHS health care workers, who can in turn choose to allow that access, streamlining a process for transferring to another facility that previously required a much more involved back and forth. Under Microsoft’s set-up, you can also revoke access to your credentials if the recipient no longer needs access.
“In the NHS system, at each hospital health care workers go to, it used to take months of effort to verify their credentials before they could practice,” Chik says. “Now it literally takes five minutes to be enrolled in the hospital and starting to treat patients.”
A big hurdle to widespread adoption of a decentralized ID scheme has been interoperability. Having 10 competing frameworks out there wouldn’t make things easier for anyone. Currently, there are some potential competitors, like an offering from Mastercard that’s still in testing. Microsoft’s ubiquity potentially makes it a good candidate to rally a critical mass of users. With this in mind, the company developed Azure Active Directory verifiable credentials off of open authentication standards, like the World Wide Web Consortium’s WebAuthn. That should make it easier for customers to adopt the platform and for other tech giants to support its use in their products as well. Currently, Microsoft is working with digital identity partners Acuant, Au10tix, Idemia, Jumio, Socure, Onfido, and Vu Security to pilot the platform, and Chik says the goal is to expand that list quickly over time.
“We believe that to do this right we need participation from the entire community, no one organization can do this,” says Vasu Jakkal, corporate vice president of security, compliance, and identity at Microsoft. “One step at a time we’re moving toward this vision.”