Microsoft Expands Azure Active Directory Verifiable Credentials Preview

Microsoft announced last week that a preview of its Azure Active Directory Verifiable Credentials (VC) attestation solution can now tried by anyone with an Azure AD account.

The VC preview can be tried by "all Azure Active Directory (Azure AD) Free and Premium users," allowing them to "create, issue and verify credentials," the announcement indicated. Microsoft's preview has been tried by "more than 1,000 enterprises with Premium subscriptions" in recent months, the announcement added.

Microsoft's VC scheme promises that users will have control over their credential attestations. And, it'll add security, according to a May 6 Twitter post by Alex Weinert, director of identity security at Microsoft.

"This is a really big deal," Weinert wrote. "This technology has incredible promise for identity security -- 3rd party triangulation, zero knowledge proofs, true identity verification and more (and of course -- new implications to secure the ecosystem)."

New Capabilities
A few new Microsoft VC preview elements were described last week, namely:

  • Incorporation of the World Wide Web Consortium's status property in Microsoft's status check feature, which permits VCs to be revoked.
  • The addition of a "new Request Service API that can be used to create solutions for issuers and verifiers of verifiable credentials."
  • European Union regional data processing for Azure AD VCs.

Microsoft also is working on easing the development aspects of its VC solution. It's adding "a low-code, no-code experience to issue and verify credentials based on directory attributes as well as custom data sources," the announcement explained.

Also in the works from Microsoft are APIs that will "integrate the administrator experience." For instance, Microsoft is promising "simplified discovery of trusted issuers," which will get housed in an "Azure AD Verifiable Credentials Network."

Microsoft's Verifiable Credentials Solution
Microsoft's VC solutions preview kicked off last year. It's a blockchain-based decentralized identity scheme that uses the verifiable credentials recommendation of the World Wide Web Consortium (W3C). The idea is to create cryptographically secure digital attestations to a person's identity when making claims. It's the digital equivalent to things like a driver's license, passport or diploma.

Microsoft is building its own VC solution, but it has been doing so while collaborating with the "Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community" and using "open standards," according to a Microsoft "Introduction" document.

Microsoft's solution uses a Sidetree-based Identity Overlay Network (ION), a permissionless network that uses the Bitcoin electronic ledger for the trust chain. The Microsoft Authenticator mobile application is used to create decentralized identity claims and serves as an "encrypted wallet" for storage. A Microsoft Resolver API connects with ION, and Azure AD serves as the "issuance and verification service."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube