Microsoft: We're developing blockchain ID system starting with our Authenticator app

Microsoft reveals its plans for a new type of identity system that gives more control to end-users.
Written by Liam Tung, Contributing Writer

Blockchain technology: How is it changing the world?

Microsoft has revealed its plans to use blockchain distributed-ledger technologies to securely store and manage digital identities, starting with an experiment using the Microsoft Authenticator app.

Microsoft reckons the technology holds promise as a superior alternative to people granting consent to dozens of apps and services and having their identity data spread across multiple providers.

It highlights that with the existing model people don't have control over their identity data and are left exposed to data breaches and identity theft. Instead, people could store, control and access their identity in an encrypted digital hub, Microsoft explains in a new blogpost.

To achieve this goal, Microsoft has for the past year been incubating ideas for using blockchain and other distributed ledger technologies to create new types of decentralized digital identities.

Also: Yes, Blockchain could reverse the course of civilization and upend the world's most powerful companies | CNET: Blockchain explained: It builds trust when you need it most | TechRepublic: Is blockchain overhyped?

It's also been working with members of the Decentralized Identity Foundation, which sums up its goal as creating "decentralized identities anchored by blockchain IDs, linked to zero-trust data stores that are universally discoverable".

The collaboration focuses on developing decentralized identities (DIDs), an encrypted identity datastore called an Identity Hub, a server called Universal DID Resolver that resolves DIDs across blockchains, and verifiable credentials.

As Microsoft's Ankur Patel explains, today's identity systems are geared toward authentication and access management, whereas in a decentralized system trust is based on "attestations" or claims about parts of a person's identity that other entities endorse.

DIDs and ID Hubs could help developers tailor apps and services by providing access to a more precise set of attestations without having to process as much of a user's personally identifiable information.

Microsoft believes that blockchain technology and protocols are well suited for enabling DIDs, but they're also not perfectly designed for the scale of system Microsoft envisages.

"Some public blockchains (Bitcoin [BTC], Ethereum, Litecoin, to name a select few) provide a solid foundation for rooting DIDs, recording DPKI operations, and anchoring attestations," explained Patel.

"While some blockchain communities have increased on-chain transaction capacity (eg, blocksize increases), this approach generally degrades the decentralized state of the network and cannot reach the millions of transactions per second the system would generate at world-scale.

"To overcome these technical barriers, we are collaborating on decentralized Layer 2 protocols that run atop these public blockchains to achieve global scale, while preserving the attributes of a world-class DID system."

Microsoft will soon add support for decentralized identities into its Authenticator app, enabling other apps to interact with user data through Microsoft's app.

"With consent, Microsoft Authenticator will be able to act as your User Agent to manage identity data and cryptographic keys. In this design, only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can't see) encrypted using these cryptographic keys," writes Patel.

"Once we have added this capability, apps and services will be able to interact with users' data using a common messaging conduit by requesting granular consent. Initially we will support a select group of DID implementations across blockchains and we will likely add more in the future."

Previous and related coverage

Microsoft kills off passwords with Authenticator's new phone logins

With Microsoft's updated Authenticator app, you'll be able to sign in to Microsoft accounts without having to remember complicated passwords.

Microsoft Outlook, Skype, OneDrive hit by another authentication issue

Two weeks ago, a widespread authentication issue prevented a number of Microsoft users from accessing their cloud services. It looks like it's happening again today, March 21.

Microsoft's next step for Blockchain as a Service: Making it more usable by businesses

Microsoft is looking to make its Blockchain-as-a-Service offering easier to use in real-world scenarios by enterprises with a new framework.

Editorial standards