Why!?
Talking about emerging technologies is tricky because you never know if you are “catching it early” or is it something with very limited shelf life as another solution comes along. I’ve found the decentralized approach to identity as a potential use case the will flourish by allowing the end-user to be in control of their digital identity. By being digital on a blockchain this opens up the possibility to more easly navigate the expanding requirements for digital identities where data can be easily shared with strong assurances on its validity.
To start we should talk about some of our roots. When we first started building computers logging in wasn’t even a thing and it wasn’t until networking and the Internet where digital idenity became more and more important. The reality is that your digital identities are hosted on servers owned by an organization and you don’t actually have any ownership over those identities. The organization can offboard you and likely there is no recourse.
Exceptional end-user experience, interoperability and end-user ownership of IDs are the key selling points. Let’s take a look at what enables Verified ID, blockchain.
Why Talk About Blockchain Technology?
Before we go on a bit of a journey, it is essential to understand what decentralized identities rely on. Without blockchain to provide immutable decentralized storage, decentralized identities fall flat because centralization offers the opportunity to overthrow legitimate activity, censor, and possibly alter transactions.
Bitcoin is a blockchain, and blockchains sell blocks to make money. Yes, Bitcoin has roots in finance, but it is the gold standard for immutable transactions. People speculate on holding Bitcoin as a digital commodity, but that could be argued isn’t its true purpose. I could be getting myself in trouble as many original Bitcoiners would rather see the network focused on being a store of value and transmitter of value over the Internet.
The main point is that your transaction data is processed across around a million machines globally. To take over and break this system is something governments are not capable of. This is why decentralized identities started with the Bitcoin network.
I’ve tried to consider Bitcoin outdated, but it is still very relevant as a technology. More and more kinds of data (i.e., Ordinals) are being written to the blockchain because of Bitcoin’s gold standard effect for data being permanent.
Identity on Blockchain
Identity caught my attention because it is an essential need but a complicated problem. How do you create a standard that is extensible enough to be helpful to a wide range of organizations?
And to make it even more complex, this technology must also integrate with legacy cloud identity providers. Compatibility with today’s identity solutions is critical to a market fit.
Since an actual W3C standard exists, decentralized identity might grow wings as a solution. Entra ID support for Decentralized IDs with the Verified ID feature motivated me to dedicate more time to understand what is happening. Below is the W3C standard and the Entra Verified ID page if you want to look at the specification and the landing page Microsoft has for Entra Verified ID.
https://www.w3.org/TR/did-core/
https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-verified-id
Decentralized IDs
Decentralized ID is a concept that uses blockchain technology to establish a secure and decentralized identity system. Instead of storing documents or personal details on a server or a small collection of servers, a decentralized ID system stores identities on a blockchain. For example, the system would store data as a Verified Credential rather than save a scan of one’s birth certificate. This would allow users to share pre-validated credentials, eliminating the need to share the original document or data.
Microsoft is a significant player in advancing this concept. Microsoft has already unveiled a digital wallet for verifiable credentials as part of the Microsoft Authenticator mobile application. The platform is reminiscent of Apple Pay or Google Pay but focuses on identifiers like university diplomas or professional qualifications. Microsoft’s approach lets users add these credentials to the Microsoft Authenticator app, where they’re already testing it with institutions like Keio University in Tokyo and the UK’s National Health Service.
The primary benefit is the ease and trustworthiness of verification. For instance, if a person has a decentralized identifier from a university, others can verify the person’s educational credentials without seeing the complete data. The information has already been authenticated, so it’s trusted at face value.
Microsoft is releasing tools to encourage organizations to build applications to issue and request these credentials. The company envisions this system being used globally for various applications, from renting properties to assisting refugees without documents.
A crucial challenge to such a decentralized ID system is ensuring interoperability. Many competing systems can complicate the process, so Microsoft uses open authentication standards for its platform. This decision aids in increasing adoption and ensures tech giants can integrate its use.
Microsoft’s decentralized identity system is built on the Bitcoin blockchain. It uses an open protocol called Sidetree to record identity verifications. Organizations can operate an ION “node” to validate and store identifiers for their members.
However, there are security concerns. Given the high value of Microsoft accounts to cyber attackers, the decentralized identity scheme could be an attractive target. Breaches emphasize the importance of security in identity management.
To counter this, Microsoft claims that attackers can’t use the verified credentials maliciously even if an account is breached. Data encryption and multi-factor authentication add layers of security.
Still, there are critics. Decentralized IDs present challenges in balancing privacy, decentralization, and trustworthiness. Some critics argue that true decentralization might be incompatible with the business models of large corporations, which thrive on data monetization.
What Next?
I plan on spending some time digesting the implementation of Decentralized IDs to understand its nuances in greater detail. Microsoft’s online demo was easy to enroll in and use; no end-user needed to understand anything remotely blockchain-related, which is excellent.
I have yet to configure anything in my lab, so at this point, I feel like I’ve barely gotten my toes wet. This authentication scheme opens a world of interchangeable identity data. Microsoft demonstrates how I can order directly from a vendor’s website for my work PC with my verifiable credentials and receive a discount on the order because of my employer’s credentials.
I believe that there will be some use cases that pioneer the adoption of the technology. Still, Microsoft is already proposing methods to use these technologies to simplify the onboarding and offboarding of users.
I’m curious how credentials will pile up over time and be managed. I already struggle with key vaults, accumulating hundreds of credentials. I know I am a bit of an edge case, but I hope to manage fewer digital identities for home and work.
If you are curious about the decentralized ID experience, I suggest you check out the following Microsoft Learn article that reviews the user experience with Verified ID.
https://learn.microsoft.com/en-us/entra/verified-id/using-authenticator