News

Microsoft Ups Open Source Efforts To Support Decentralized Identities

• By Kurt Mackie
• 06/10/2020

Microsoft's efforts to foster a decentralized identity (DID) approach to user authentications is continuing, with some open source announcements this week.

Microsoft's DID efforts center on a number of open source solutions. It uses Worldwide Web Consortium specs for Decentralized Identities and Verifiable Credentials protocols. It also leverages blockchain electronic ledger technology based on the open source Identity Overlay Network (ION) project fostered by the Decentralized Identity Foundation. The main idea behind the DID effort is for end users to own their own identity credentials, rather than organizations, which is thought to be a privacy enhancement over the current scenario.

The use of the Microsoft Authenticator App is also part of Microsoft's DID scheme, where it can serve as a means for end users to prove their identities to identity verifiers via something like a device fingerprint scan. The workflow involved is demonstrated in this Microsoft Build session.

To that end, Microsoft announced this week that Microsoft Authenticator App code used to manage cryptographic keys for DIDs is getting released as open source code.

Additionally, Microsoft announced that it has published its Verifiable Credential software development kit, used with Azure services, as open source code.

Microsoft also noted that the ION project has now advanced to the beta stage and has moved to the Bitcoin mainnet. ION is based on the Decentralized Identity Foundation's work with the Sidetree DID network protocol, which Microsoft sees as providing a more scalable DID solution.

The use of ION for DID will help users get control over their identity information, a Wednesday Microsoft announcement explained:

From the very start, ION has been developed as a decentralized network designed to operate independently of centralized parties and trusted intermediaries, including Microsoft. ION doesn't rely on special utility tokens, trusted validator nodes, or additional consensus mechanisms; the deterministic progression of Bitcoin's linear block chronology is the only consensus it requires.

Microsoft had announced last year that it had abandoned its own Identity Hubs solution in favor of ION, largely because of ION's ability to scale and meet the needs of a broad DID implementation. Update 6/11: Microsoft didn't get rid of Identity Hubs, according to Daniel Buchner, a senior program manager at the Microsoft Identity Division.

"We didn't abandon Identity Hubs for ION, as those are two separate open source components," Buchner explained via email. "ION is the decentralized identifier/PKI layer, while Identity Hubs was the encrypted personal datastore piece (which you point your DID at, b/c ION doesn't store any actual identity data, just PKI/routing info). Both are needed, and the personal datastore work was folded into a larger, joint open source/standards effort that's taking place between DIF & W3C, called Secure Data Storage."