Microsoft: Blockchain-based ID lets users control digital identity
The company says it has been looking into ways to use Blockchain and other distributed ledger technologies to create new types of digital identities. These “Decentralized Digital” identities, the company says, would be designed from the ground up to enhance personal privacy, security, and control.
“We believe it is essential for individuals to own and control all elements of their digital identity,” says Ankur Patel from Microsoft’s Identity Division. “Rather than grant broad consent to countless apps and services, and have their identity data spread across numerous providers, individuals need a secure encrypted digital hub where they can store their identity data and easily control access to it.”
The company acknowledges that such a goal requires cooperation and partnering among many companies and organizations. In its latest announcement, the company shares its best thinking based on what it has learned so far:
- With data breaches and identity theft becoming more sophisticated and frequent, users need a way to take ownership of their identity. After examining decentralized storage systems, consensus protocols, blockchains, and a variety of emerging standards, Microsoft believes blockchain technology and protocols are well suited for enabling Decentralized IDs (DID).
- Today, apps, services, and organizations deliver convenient, predictable, tailored experiences that depend on control of identity-bound data. What’s needed is a secure encrypted digital hub (ID Hubs) built from the ground up for privacy that can interact with a user’s data while honoring user privacy and control.
- Traditional identity systems are mostly geared toward authentication and access management. A self-owned identity system adds a focus on authenticity and how community can establish trust. In a decentralized system, trust is based on attestations: claims that other entities endorse – which helps prove facets of one’s identity.
- Some of the most engaging apps and services today are ones that offer experiences personalized for their users by gaining access to their user’s Personally Identifiable Information (PII). DIDs and ID Hubs can enable developers to gain access to a more precise set of attestations while reducing legal and compliance risks by processing such information, instead of controlling it on behalf of the user.
- To create a robust decentralized identity ecosystem that is accessible to all, it must be built on standard, open source technologies, protocols, and reference implementations. For the past year, Microsoft has been participating in the Decentralized Identity Foundation (DIF) with individuals and organizations who are similarly motivated to take on this challenge. Key components that are being collaboratively developed include Decentralized Identifiers (DIDs), Identity Hubs, Universal DID Resolver, and Verifiable Credentials.
- To support a vast world of users, organizations, and devices, the underlying technology must be capable of scale and performance on par with traditional systems. Some public blockchains (Bitcoin [BTC], Ethereum, Litecoin, to name a select few) provide a solid foundation for rooting DIDs, recording decentralized public key infrastructure (DPKI) operations, and anchoring attestations. While some blockchain communities have increased on-chain transaction capacity (e.g. blocksize increases), this approach generally degrades the decentralized state of the network and cannot reach the millions of transactions per second the system would generate at world-scale. To overcome these technical barriers, Microsoft is collaborating on decentralized Layer 2 protocols that run atop these public blockchains to achieve global scale, while preserving the attributes of a world-class DID system.
- The blockchain ecosystem today is still mostly early adopters who are willing to spend time, effort, and energy managing keys and securing devices. Key management challenges – such as recovery, rotation, and secure access, intuitive, and fool-proof – need to be made to make the technology accessible to everyone.
For its next step, the company is looking to experiment with Decentralized Identities by adding support for them into its Microsoft Authenticator app. With consent, Microsoft Authenticator will be able to act as a user’s User Agent to manage identity data and cryptographic keys.
In this design, only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can’t see) encrypted using these cryptographic keys. Once this capability has been added, apps and services will be able to interact with a user’s data using a common messaging conduit by requesting granular consent.
Initially the company says it will support a select group of DID implementations across blockchains, with more likely to be added in the future. Looking ahead, the company says that it plans to share information about its proofs of concept as well as technical details for key areas.
Last month Microsoft announced it had joined the ID2020 Alliance – a global public-private partnership dedicated to aiding the billion-plus people around the world who lack any legal form of identity – as a founding member. The company said that it planned to commit resources and expertise to further develop a secure, portable form of digital identity, and help implement it across governments and agencies.
Related articles:
Microsoft brings blockchain to business with new framework
Electronic passports: Three key global trends
Document authentication solution leverages blockchain