Microsoft expands Azure Active Directory verifiable credentials preview
Microsoft expands preview of Azure Active Directory verifiable credentials
Microsoft announced last week that a preview of its Azure Active Directory Verifiable Credentials (VC) attestation solution can now be tried by anyone with an Azure AD account.
The VC preview can be tried by “all Azure Active Directory (Azure AD) Free and Premium users,” allowing them to “create, issue, and verify credentials,” the announcement says. Microsoft’s preview has been tried by “more than 1,000 businesses with Premium subscriptions” in recent months, the announcement added.
Microsoft’s VC scheme promises that users will have control over their credential attestations. And it will add security, according to a Twitter post from May 6 by Alex Weinert, Director of Identity Security at Microsoft.
“This is a really big deal,” Weinert wrote. “This technology has incredible promise for identity security – third-party triangulation, zero proof-of-knowledge, true identity verification and more (and of course – new implications for securing the ecosystem).”
A few new Microsoft VC preview items were outlined last week, namely:
- Incorporation of the World Wide Web Consortium status property into Microsoft’s status check feature, which allows VCs to be revoked.
- The addition of a “new request service API that can be used to build solutions for verifiable credential issuers and verifiers”.
- European Union regional data processing for Azure AD VCs.
Microsoft is also working to facilitate the development aspects of its VC solution. It adds “a low-code, no-code experience for issuing and verifying credentials based on directory attributes as well as custom data sources,” the announcement explains.
Microsoft is also preparing APIs that will “integrate the administrator experience”. For example, Microsoft is promising “simplified discovery of trusted issuers”, which will be hosted in an “Azure AD verifiable credential network”.
Microsoft Verifiable Credentials Solution
Microsoft’s VC solutions preview started last year. It is a blockchain-based decentralized identity scheme that uses the World Wide Web Consortium (W3C) verifiable credentials recommendation. The idea is to create cryptographically secure digital attestations of a person’s identity during declarations. It is the digital equivalent of things like a driver’s license, passport, or diploma.
Microsoft’s solution uses an Identity Overlay Network (ION) based on Sidetree, a permissionless network that uses the Bitcoin electronic ledger for the chain of trust. The Microsoft Authenticator mobile app is used to create decentralized identity claims and serves as a “crypto wallet” for storage. A Microsoft Resolver API connects to ION and Azure AD serves as the “issue and verify service”.