By Kurt Mackie and Azure Security News
Microsoft on Monday announced a preview release of Azure Active Directory Verifiable Credentials, a service that is part of its overall decentralized identity (DID) efforts.
Microsoft’s solution is based on a World Wide Web Consortium (W3C) verifiable credentials recommendation, which aims to create cryptographically secure digital attestations to a person’s identity, analogous to a driver’s license, passport or diploma. According to the W3C’s description, verifiable credentials are “statements made by an issuer in a tamper-evident and privacy-respecting manner,” where the issuer could be a corporation, a government or individuals.
Verifiable credentials essentially are “data objects” produced by issuers that reference DIDs, per a Microsoft “Introduction” document description:
In short, verifiable credentials are data objects consisting of claims made by the issuer attesting information about a subject. These claims are identified by schema and include the DID the issuer and subject. The issuer’s DID creates a digital signature as proof that they attest to this information.
With the preview release of Azure AD Verifiable Credentials, “Azure AD customers can now easily design and issue verifiable credentials to represent proof of employment, education, or any other claim,” the announcement explained. Microsoft’s platform offers a software development kit with APIs that applications can utilize to request and verify credentials.
Identities registered in DIDs are conceived as being owned by the originator, rather than being controlled by someone else in a database. Typically, such user control over identity information is enabled by the use of blockchain electronic ledger technology.
Another enabling component in Microsoft’s DID scheme is the use of Microsoft’s Identity Overlay Network, a permissionless network based on the Decentralized Identity Foundation’s Sidetree network protocol and blockchain electronic ledger technology. Microsoft last week announced the release of ION version 1, which is still at an early stage.
Another tool that’s part of Microsoft’s DID solution is the Microsoft Authenticator App, which end users can use to create DIDs. Microsoft Resolver is yet another component, which provides API connections to ION nodes, Microsoft’s document explained.
Microsoft has multiple identity verification service providers participating in supporting the Azure AD Verifiable Credentials service. They include acuant, Au10Tix, Idemia, Jumio, LexisNexis, onfido, Socure and VU.
The preview of the Azure AD Verifiable Credentials service was described by Microsoft as being just a foundational step in support of DID technology. In the near future, Microsoft is planning to “enable additional privacy preserving features and increase our interoperability with solutions from other members of the Decentralized Identity and Verifiable Credentials community.”