Microsoft’s 5 guiding principles for decentralized identities
Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision:
Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.
During this incubation, customers and partners all around the world have helped us understand their challenges and the shortcomings of their existing identity systems. We’ve learned a ton through a set of successful proof of concepts partnering with Keio University,1 The National Health Service (UK),2 and the Government of Flanders.3 We’ve worked with our partners in the Decentralized Identity Foundation (DIF) and the open standards community to develop standards and demonstrate interoperability.
Using these new open standards and all these learnings to guide us, we turned on the public preview of our new decentralized identity system—Microsoft Azure Active Directory Verifiable Credentials—in April 2021. That preview generated a ton of valuable feedback and gave us the opportunity to learn from all of you.
Through all these interactions and investments, we have become even more excited about the opportunity to create a decentralized identity system that increases customer trust and adoption by minimizing data processing and providing the user much greater control of the specific identity data they share and how it will be used.
Now we are well into the next phase of our plan, working on two parallel efforts:
- Partner with the decentralized identity community to finalize a set of high-quality open standards that we can all support.
- Deliver the first General Availability release of our decentralized identity service in parallel with these still-evolving standards.
The 5 guiding principles
In this new phase, we want to share the set of guiding principles that we will use to guide both efforts. Not all these principles will be realizable from the start, but we believe that all are necessary over time to realize the promise of decentralized identities:
1. Secure, reliable, and trustworthy
- My digital identity must be secure. It must not be easy to forge or hack. No one must be able to use it to impersonate me.
- I must always have a way to access, use, and securely recover my digital identity.
- I must have access to a detailed log of all the times I’ve used my digital identity, who I used it with, and what it was used for.
2. Privacy protecting and in my control
- My digital identity is under my control. It must only be used with my consent and when I consent; I must know who will use it and how it will be used.
- I must be able to review which elements of my digital identity are being requested and I must have the option to only disclose the specific information necessary to support the consented use.
- My use of my digital identity must be private. No one, other than the party I explicitly share it with, should know I am using it without my consent.
- My digital identity must not be able to be used to track me across unrelated services or applications without my consent.
- I must have the freedom to switch between the devices and applications of my choosing to manage my digital identity, and never be locked in.
- I must be able to delete all aspects of my digital identity and any associated data and log files from wherever I choose to store them.
3. Inclusive, fair, and easy to use
- My digital identity must be usable, available, and accessible regardless of my race, ethnicity, abilities, gender, gender identity, sexual orientation, national origin, socio-economic status, or political status.
- My digital identity must be easy to use and use universal design principles to make it useful for people with a wide variety of abilities.
4. Supervisable
- I must be able to designate trusted friends or family members who can access my digital identity as needed if I become incapacitated or pass away.
- If I am a child, my digital identity must support appropriate parental or custodial oversight and control.
5. Environmentally responsible
- Creating and using my digital identity must be environmentally sustainable and not cause long-term environmental harm.
Microsoft’s commitments to the new digital identity system
In building and running this new system, we are also making an additional set of commitments we believe are critically important:
- Legitimate and lawful: This new digital identity system must be legitimate and lawful. We will strive to assure it doesn’t encourage illegal activity, enable corruption, or expose people to undue risk or unlawful access. We will strive to ensure the technology doesn’t cause or exacerbate unjust or disparate impacts on systemically marginalized members of society.
- Interoperable and accessible: We will strive to ensure technical and policy interoperability among domestic and international stakeholders, ease of use, broad inclusion, and equity of access. We will work to ensure the system works across modalities, including using it online, in person, and over the phone. We will build the system based on open, non-proprietary, and accessible standards to assure broad interoperability.
- Safe: We will strive to place user safety and security at the center of our decentralized identity system design.
Looking forward
Our goal in sharing these principles and our commitments is to help our customers, partners, and the decentralized identity community understand what motivates and guides us and how we think about this exciting opportunity.
Visit Microsoft decentralized identity to learn more about the benefits and opportunities of a decentralized identity ecosystem based on open standards.
And we hope you’ll read the next blog in our five-part series on decentralized identity, where Pamela Dingle demystifies the basics of direct presentation, decentralized identity, verifiable credentials, and anchored decentralized identifiers. It’s quite entertaining, as well.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1University to enable students to securely manage their own transcripts with Verifiable Credentials, Customer Stories, Microsoft. 16 March 2021.
2With high levels of security and trust, the NHS rapidly meets clinical demands using verified credentials, Customer Stories, Microsoft. 15 March 2021.
3How a decentralized identity and verifiable credentials can streamline both public and private processes, Customer Stories, Microsoft. 17 March 2021.