Howdy folks,
We started on a journey with the open standards community to empower everyone to own and control their own identity. I’m thrilled to share that we’ve achieved a major milestone in making this vision real. Today we’re announcing that the public preview for Azure AD verifiable credentials is now available: organizations can empower users to control credentials that manage access to their information.
This blog post provides an overview of our standards-based platform, and the first solution we’ve built on that platform--to enable a new form of identity verification. We’re also sharing lessons learned from customers during private preview and next steps for improving interoperability with other standards-based systems. Ankur Patel from my team is here to share more.
Best Regards,
Alex Simons (Twitter: @Alex_A_Simons)
Corporate Vice President Program Management
Microsoft Identity Division
-----------------------------------------------------------------
Hello again. In June 2020, we reported on the open standards community’s progress on decentralized identity. The Decentralized Identifiers (DID) core specification is now very close to joining Verifiable Credentials (VC) as a ratified standard. Today, I’m thrilled to share details about the public preview capabilities of Microsoft’s platform, based on these standards, called Azure AD verifiable credentials.
Azure AD customers can now easily design and issue verifiable credentials to represent proof of employment, education, or any other claim, so that the holder of such a credential can decide when, and with whom, to share their credentials. Each credential is signed using cryptographic keys associated with the DID that the user owns and controls.
Please visit http://aka.ms/verifyonce to learn more.
Unlike current proprietary identity systems, verifiable credentials are standards-based which makes it easy for developers to understand, and doesn't require custom integration. Applications can request and verify the authenticity of credentials from any organization using APIs included in the platform SDK.
Just as they manage any other permission requests, users can manage and present credentials using Microsoft Authenticator, with one key difference under the hood. Unlike domain-specific credentials, verifiable credentials function as “proofs” that users control, even when they’re issued by organizations. Because verifiable credentials are attached to DIDs that users own, they can be confident that they—and only they—control who can access them and how.
| Government of Flanders is one of the many early customers that leveraged the private preview capabilities to make it easier for citizens to start a new business. Today, a citizen must provide proof of income and citizenship. By presenting verifiable credentials issued by their bank as proof of income and by their government as proof of citizenship, they could easily meet these requirements. This is one of the many scenarios that came to life during private preview. |
In addition to announcing public preview of the Azure AD verifiable credentials platform, we’re excited to share with you a new solution based on this approach. Usually, highly regulated interactions, such as pre-employment checks or applying for a loan, are expensive and time-consuming. Microsoft is partnering with industry leading identity verification service providers to make it possible to verify an identity once and present it to anyone. Azure AD customers can leverage this solution to validate official documents and electronic records across 192 countries to confidently verify identities. End-users can present these credentials to quickly start a job, apply for a loan, or access secure apps and services—without having to repeatedly share their sensitive information.
Please visit http://aka.ms/verifyonce to learn more about all our partners.
We’re grateful for everything we’ve learned from our customers, and to members of Decentralized Identity Foundation, Open ID Foundation, and W3C who collaborated with us to develop new standards that enable individuals and organizations to verify credentials directly.
While this is an important milestone, we have a lot of work ahead to enable verification on a larger scale while protecting individual privacy. Now that we have built the foundation, we are working on our next key milestone: continue to enrich credentials with implementations that enable additional privacy preserving features and increase our interoperability with solutions from other members of the Decentralized Identity and Verifiable Credentials community.
Let’s build a more trustworthy internet together. We were amazed by the variety of ideas that customers presented to us during private preview. We can’t wait for you to try the new platform!
Ankur Patel (@_AnkurPatel)
Principal Program Manager
Microsoft Identity Division
Resources:
- Get involved with http://identity.foundation , the industry working group for all things Decentralized ID (DID)
- All things Azure AD Verifiable Credentials: http://aka.ms/verifyonce
- Quick overview: http://aka.ms/didexplained
- Documentation for developers: http://aka.ms/didfordevs
- Blogs (including scale and performance and self-owned key recovery😞 http://aka.ms/azureadblog/did)
Learn more about Microsoft identity:
- Return to the Azure Active Directory Identity blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Azure Feedback Forum
Microsoft
