Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IT Technology

Microsoft's Dream of Decentralized IDs Enters the Real World (wired.com) 67

For years, tech companies have touted blockchain technology as a means to develop identity systems that are secure and decentralized. The goal is to build a platform that could store information about official data without holding the actual documents or details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralized ID platform might store a validated token that confirms the information in it. Then when you get carded at a bar or need proof of citizenship, you could share those pre-verified credentials instead of the actual document or data. Microsoft has been one of the leaders of this pack -- and is now detailing tangible progress toward its vision of a decentralized digital ID. From a report: At its Ignite conference today, Microsoft announced that it will launch a public preview of its "Azure Active Directory verifiable credentials" this spring. Think of the platform as a digital wallet like Apple Pay or Google Pay, but for identifiers rather than credit cards. Microsoft is starting with things like university transcripts, diplomas, and professional credentials, letting you add them to its Microsoft Authenticator app along with two-factor codes. It's already testing the platform at Keio University in Tokyo, with the government of Flanders in Belgium, and with the United Kingdom's National Health Service. "If you have a decentralized identifier I can verify, say, where you went to school and I don't need you to send me all of the information," says Joy Chik, corporate vice president for Microsoft's cloud and enterprise identity division. "All I need is to get that digital credential and because it's already been verified I can trust it."

Microsoft will release a software development kit in the coming weeks that organizations can use to start building applications that issue and request credentials. And long-term the company says it hopes the system could be used around the world for everything from renting an apartment to establishing identity for refugees who are struggling without documents -- a dream of virtually all decentralized identification efforts. In the NHS pilot, for example, healthcare providers can request access to professional certifications from existing NHS health care workers, who can in turn choose to allow that access, streamlining a process for transferring to another facility that previously required a much more involved back and forth. Under Microsoft's set-up, you can also revoke access to your credentials if the recipient no longer needs access.

This discussion has been archived. No new comments can be posted.

Microsoft's Dream of Decentralized IDs Enters the Real World

Comments Filter:
  • by infuriatedweasel ( 1326439 ) on Tuesday March 02, 2021 @01:17PM (#61116716)

    Just what we need. Our dystopian overloads won't even need to ask for "papers please." They're AR headsets will use facial recognition or gait analysis and be able to look up that we are guilty of wrongthink through their blockchain AI [additional buzzword here].

    • Re: (Score:3, Insightful)

      by gweihir ( 88907 )

      That seems to be the business-model, yes. The authoritarian fuckups cannot be eliminated, but occasionally they have to be beaten back. Democracy has the tools, but the voters seem to be incapable of using them for this purpose in large enough numbers.

      • Democracy has the tools

        Not sure that this has been shown to be true in practice. While there are examples of Democracies that to this day have not descended into totalitarianism, there are also examples of Democracies that descended into totalitarianism, and sometimes this has even happened in multiple Democracies simultaneously, and that was only 80 or so years ago.

        One might consider reading the histories of how those Democracies ended up as Totalitarian States, as well as who those Totalitarian were and what bill of goods th

        • by gweihir ( 88907 )

          Democracy has the tools

          Not sure that this has been shown to be true in practice. While there are examples of Democracies that to this day have not descended into totalitarianism, there are also examples of Democracies that descended into totalitarianism, and sometimes this has even happened in multiple Democracies simultaneously, and that was only 80 or so years ago.

          One might consider reading the histories of how those Democracies ended up as Totalitarian States, as well as who those Totalitarian were and what bill of goods they sold The People to achieve it. I suspect ~30% of the Americans wont, because they just voted for the very same bill of goods.

          Democracy "has the tools" as in they are in the toolbox. They need to be used competently to have an effect. That seem to be happening rarely.

          Hence Democracy has the tools, but the typical human population does not have the skills to use them competently. And _that_ is what causes democracies to devolve into totalitarian states: The people are defective (in their role a voters), because they ultimately try to remove all power from themselves. In a sense, a majority does not seem to want freedom and the powe

      • the belgian governments are going to use microsoft to keep track of my ID ... i feel safe already - six flappybirds throwing one stone - i dont get a say in it i suppose ? big brother and taxes is about the only thing they're useful for , what if i dont wanna give my ID to microsoft? they already owe me data and locked me out "for no reasons given" ... and i cant say the belgian governments have done me right, either ... nostradamus was right : everythings fucked
    • Yeah, just when you thought a national ID would be bad enough...now they have a fscking world wide ID system they're wanting to set up.

      No thank you, I'm tracked enough already.

    • Just what we need. Our dystopian overloads won't even need to ask for "papers please." They're AR headsets will use facial recognition or gait analysis and be able to look up that we are guilty of wrongthink through their blockchain AI [additional buzzword here].

      You may have your doubts, but I can assure you that The Blockchain is infallible, Mr. Buttle. Now, please stand over there while we wait 30 minutes for The Blockchain to update with the contents of this interaction. Never really know what servers might be up today. That's the beauty of the system.

    • What you're suggesting is already a future that is quite doable through centralized record lookup. What is being suggested is that those records should be pre-distributed in an encrypted form.

      100% of blockchain schemes are a bad idea. Every usage case for blockchain is something that can be done faster, more easily, and far more safely with traditional methods. The cloud will not save you. The cloud will not just keep your data for you, safe and sound. Using blockchain for supply management or medical re

    • Re: (Score:3, Insightful)

      by AmiMoJo ( 196126 )

      This is the opposite of that. You already have these documents and need to present them sometimes. This way you can present them once and get a token that lets you prove you have them and what the contents are to other people, without actually showing them to those people.

      So instead of having to show your driving licence as ID you can take the token the government issued along with the physical licence, and just use the token to verify name and DOB or whatever exact details are needed.

      If solves a lot of dat

    • Just what we need. Our dystopian overloads won't even need to ask for "papers please." They're AR headsets will use facial recognition or gait analysis and be able to look up that we are guilty of wrongthink through their blockchain AI [additional buzzword here].

      Going on since the mmo scam of the early 1990's buddy, any client-server software is a security risk, digital footsoldier on your pc and can trawl through your files and registry by default. I wonder how much fun sony had with everquest peeking through peoples files in the days of windows 98/ME. The fact we now have every game/app client-servered means we've already lost the battle long time ago. The rise of completely locked down smartphones with appstores, the rise of steam/denuvo/uplay/origin/mmo's.

      Be

    • by Bengie ( 1121981 )
      Can't have your cake and eat it to. The concept of ownership in society is fundamentally dependent upon proof of identity in order to prove ownership. As ownership becomes more important, proof of identity becomes more important.
  • Anyone can digitally sign stuff. The real trick is being able to prove something without giving the other person the ability to prove the same thing. If that is not possible, I'd rather have you take my word for it than give you the ability to prove something about me.

    • If you look into the phiosophical foundation of science, you see that nothing can be proven/disproven. Unless your argument is based solely on rules you previously defined to be that way. (Axioms/paradigms/dogmas.)

      Best we can do, is high sigma statistical reliability. Even peer review is useless, unless you yourself got high confidence in the the statistical reliablility of those peers.

  • decentralized my a** (Score:5, Informative)

    by nazsco ( 695026 ) on Tuesday March 02, 2021 @01:22PM (#61116752) Journal

    how can a system with a central verification system and central key provider even be called decentralized?

    this is the same as calling https as we have today as "decentralized". yeah you can share CAs and install them in your browser, but name one person that did that.

    • It seems "decentralized" is the wrong word. The goal is that you share all your personal info with Microsoft but with nobody else online. Other sites don't get to see your birth certificate, they rely on Microsoft telling them that you have a birth certificate.

      This could be good for privacy because there's only possible one point of failure (Microsoft) rather than every website you do business with. (Of course, it might grant too much power to Microsoft.)

      I think people have this association of "decentraliza

      • One point of failure is bad for security/privacy though. Very bad. Two reasons: first, this puts all the data in one place; second, this puts all the data behind one lock. If the data stores were decentralized, it means that access to one data store doesn't guarantee access to all the data. They might access my birth certificate, but yours is still safe. Putting it all behind the same lock means that those seeking unauthorized access can likewise focus their efforts on that one lock. That's an awful lot o
      • "This could be good for privacy because there's only possible one point of failure (Microsoft)"

        Not trying to be mean or anything but, congrats, you just created the most epic sentence ever.

        • Better for Microsoft to have your data than for Microsoft AND everyone else to have it. That shouldn't be controversial.

    • by Hentes ( 2461350 )

      It's funny that you mention certificates because that would be an actual decentralized solution to this problem. The government agency/university/whatever sends you a digital version of your documents signed with their own certificate, which you can then send to whoever you want and they can validate it using their preferred CA, no central blockchain necessary.

      • The government agency/university/whatever sends you a digital version of your documents signed with their own certificate, which you can then send to whoever you want and they can validate it using their preferred CA, no central blockchain necessary.

        That's not how certificates work. Each certificate authority can only validate certificates it owns. So either your example university runs a certificate authority, and signs everything using it, which then have to be validated against that single certificate authority, or your example university buys a signing key from some other certificate authority, whom it pays maintenance fees to for continued validation of everything it signs. Certificate authorities as currently designed and implemented in X.509

    • I did.

      As did every serious business.

      An internal CA is literally the ONLY trustwoethy CA.

      Take a peek at your browser's or OS's list of built-in root certificates. You're gonna trust all those people? That you never met and never will meet? Including very obviously shady ones.

      Sorry, that's security theater, and equivalent to a self-signed certificate, unless you are that business.

      Which is why you can run your own CA anyway, as it makes no difference for your users. Welcome to the real world. Sorry for breakin

    • yeah this isn't decentralized at all

      Even blockchain itself is not really decentralized - the ledger is validated and replicated across a number of authorities, it's still centralised but it is now effectively synced (eventually) with other peers.

      There is a lot of interesting stuff happening in the decentralized landscape now - Twitter Bluesky recently released an overview of the ecosystem (here [matrix.org]), and there was a big online event last week (Hello Decentralization [hellodecen...zation.com]).

      Personally I'm having a lot of fun with Holo [holochain.org]

  • by Bookwyrm ( 3535 ) on Tuesday March 02, 2021 @01:22PM (#61116762)

    Isn't this just a variation on https://inrupt.com/solid [inrupt.com] ?
    Where everyone maintains their own data and selectively shares it?

    • by wiggles ( 30088 )

      Sure, but Inrupt Solid is dead on arrival. They're actually hoping this Microsoft thing will be adopted by a government somewhere.

  • I see good and bad (Score:3, Interesting)

    by Baconsmoke ( 6186954 ) on Tuesday March 02, 2021 @01:23PM (#61116766)
    Yes, that ever encroaching fear of not being able to hide yourself from an unjust government or organization is a real and valid concern. However, there is the flipside of not having to carry your precious identification documents with you. You no longer have to fear your passport being stolen when travelling. Or the given example of refugees being able to prove who they are regardless of whether they were able to save their belongings. This would be an interesting thing to see unfold.
    • If I'm traveling and carrying a proxy document rather than the original, how is its loss any less of a problem? How would a refugee prove who they are without this? Biometric key? Chip embedded under the skin? Barcode tattoo?
      • I would hope that a combination of bio 2FA that makes you "you" would be ideal. Perhaps a fingerprint coupled with facial recognition or something along those lines.
  • by LagDemon ( 521810 ) on Tuesday March 02, 2021 @01:32PM (#61116814) Homepage
    This appears to be just a fancy database of credentials, using blockchain to store them. But from what I can see, there's nothing here about the verification process.

    So you end up needing a whole other system that people can use to submit documents, have them verified, and then entered in the blockchain.

    It doesn't matter how secure your blockchain is if I can go to my local Document Entry office, and slip the guy $50 to enter my "diploma" into the system. Or, more likely, steal the credentials of one of your document verifiers and sell access for $20 per document.

    And since people viewing the credentials can't even see the original, just the "Verified" status, it'll be nearly impossible to tell the fakes from the real ones.

    In other words, as with most blockchain "solutions", they haven't really solved anything, just rearranged the problems into new configurations.
    • Exactly. Just like my passport can serve as proof of 2 different types of ID (citizenship and who I am) the chain of verification is the weak point not the ID that you get at the end whether it is a card or a blockchain token.
  • by nazsco ( 695026 ) on Tuesday March 02, 2021 @01:34PM (#61116828) Journal
    This paid article is so bad, they just pasted the original mass-marketing email they received from their handlers with the payment. The links have 5 nested tracking elements.

    here is one example, the link on the words "open protocol" for extra irony:

    https://secure-web.cisco.com/ long hash /https%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fidentity-standards-blog%2Fion-booting-up-the-network%2F long hash %26sdata%3Dv8ea9r%2BXpuOxntySqZw%2BxMxtjnNCveQWVDSaN7yy%2BnE%3D%26reserved%3D0

    PS: this commenting system where you can't paste relevant information because "filter error: That's an awful long string of letters there". yeah it is. it is the point of the comment dumbnut!
  • by Gravis Zero ( 934156 ) on Tuesday March 02, 2021 @01:35PM (#61116830)

    Let's just say that for whatever reason, someone manages to be issued a credential illegitimately. Is there a way to invalidate the credential? Being eternal even after being identified as fraudulent makes the entire list worthless.

  • Comment removed based on user account deletion
  • Blockchain is very cool. But I wonder if energy use will become a big issue.

    If we used blockchain for every transaction in the world we'd end up using orders of magnitude more energy.

    This nonlinear relationship between "proof of work" machines and the transactions is a problem.

    Is there a solution for that?

    • Yes, centralization. Only one entity keeping the current blockchain. (Think TLS CAs.)

      If you want it decentralized, only physical objects (Think cash, or gold.) can be made so they can't be copied easily, without a blockchain-equivalent. Due to the laws of physics, Information can always be copied and tampered with, period.

      And even blockchaim-equivalents only work based on everyone agreeing. Which is obviously unrealistic, and will be Bitcoin's achilles heel, sooner or later.

      And a decentralized system of ent

  • Given their history of poor corporate behavior, M$ cannot be trusted with something as vital as identification.

  • Put your bullshit about the source aside for the moment and just read this Breitbart article [breitbart.com] about how Microsoft and a few other key players want to create reliable means of embedding watermarks into all common consumer and corporate file formats with the specific goal that you can't even create a freakin meme without having your real identity tied to it.

    Microsoft is already getting aggressive at making it very difficult to use local user accounts. This is why we must start rallying behind open source deskt

  • Not bloody likely (Score:5, Insightful)

    by erp_consultant ( 2614861 ) on Tuesday March 02, 2021 @01:44PM (#61116886)

    I can see the benefits of blockchain in many applications but I'm not about to put my personal data in Microsofts hands. Don't trust them, simple as that. What guarantee have I got that it won't be hacked? None. What guarantee have I got that they won't share it with 3rd parties without my permission? None. What happens if something gets screwed up and my college degree vaporizes in the blockchain and my paper copy of my degree becomes worthless?

    Sorry....Billy Gates is going to have to persue world domination without my assistance.

  • something worth cracking with hundreds of GPU's for a tiny fraction of a bitcoin.

  • Will MS pay the fine they mess up and let minor get flagged as 21 or higher??

  • Have you ever tried to login to 365 for business or other online applications from MS? It's shocking how many URLs there are that password managers cant even autofill consistently your account. To name a few: microsoftonline.com, microsoft.com, live.com, hotmail.com, office.com, office365.com, outlook.com, and onedrive.com. None of these work seamlessly across the variety of MS login account types. You want Office 365 business, guess which one you should used (until last month it was microsoftonline.com, b
  • If it isn't centralized how will everyone be able to access it to verify your document 'tokens'?
  • First you had to show your papers to get your driver's license, then you had to show you license to the cops. Then to the barman, the cashier, you doctor, the poll worker, the TSA, the airline check-in agent, the gate agent, the bank teller., the vaccinator... Then all of the about insisted on scanning it.

    If Microsoft and the government gets their way, you will be presenting your ID to post on Slashdot.

  • The basis of any decentralised ID system has to be trust.
    M$ doesn't engender trust.
    The only reason corporations create a one step login is to tie you to their platform/cloud.
    If it is truly decentralised, the blockchain would reach to the individual persons safe credential store,
    then use the authentication to reach personal data in whichever location.
    Access authorisation would be given by the individual.
    I've talked about this stuff for decades, the network becomes the centre.

  • To every rule like this there will be exemptions. Who will be exempt and why?

  • This similar to the Digilocker launched by Indian Government - https://en.wikipedia.org/wiki/... [wikipedia.org].

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...