Wired 03.02.2021 09:00 AM |Security| “Microsoft’s Dream of Decentralized IDs Enters the Real World”. “The company will launch a public preview of its identification platform this spring-and has already tested it at the UK’s National Health Service”
Image from did project.azurewebsites.net see link for details
Read the article for all detail and backstories.
Summary of the article
“The goal is to build a platform that could store information about official data without holding the actual documents or details themselves.” An example would be a “decentralized ID platform” holding a validated token rather than an image of one’s birth certificate, college transcripts, diplomas or professional credentials for example. Such information would be accepted if you were asked to present an ID or credential. The Microsoft product called “’Azure Active Directory verifiable credentials” will be released in Spring. This is only slightly different than Apple or Google pay but for “identifiers rather than credit cards.” These identifiers getting added using “Microsoft Authenticator app along with two-factor codes.” A software development kit will be released by Microsoft allowing “organizations…to start building applications that issue and request credentials.” (See image and link above) Uses are many ranging from “renting an apartment to establishing identity for refugees…” As a user, who has shared these tokens, access can be revoked if no longer needed for example when you left an organization or an apartment etc. For an organization like UK’s National Health Service transferring a physician from one institute to another is made easier and avoids sometimes a lapse of months to confirm and then start practicing at the new clinical or hospital.
Microsoft and others hope to reach critical mass regarding interoperability by using “open authentication standards, like the World Wide Web Consortiun’s WEbAuthn.” “Microsoft is working with digital identity partners Acuant, Au10tix, Idemia, Jumio, Socure, Onfido and Vu Security to pilot the platform…”. It’s clear that “participation form the entire community” is essential. “The system is based on the Bitcoin blockchain and uses an open protocol called sidetree to add records of transactions-in this case, identity verifications-to the blockchain.”
Although not holding information directly there are security concerns especially in light of hacks recently to Solarwinds and Microsoft as well. “Microsoft says that its new decentralized identity platform will be set up so that even if an account is compromised, attackers can’t just start using your verified credentials.” Embedding encryption would further limit the usefulness of such a hack. Organizations employing Azure then can add extra authentication for more protection but with that in mind your data becomes vulnerable to the weakest link of added authentication or encryption. It is noted in the article that “Decentralized ID services may be a tough sell” as some organizations won’t “want to stop collecting data and those that wouldn’t want to embrace another fundamental service driven by an already powerful player like Microsoft.”
Comments