Microsoft's Dream of Decentralized IDs Enters the Real World (wired.com) 67
For years, tech companies have touted blockchain technology as a means to develop identity systems that are secure and decentralized. The goal is to build a platform that could store information about official data without holding the actual documents or details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralized ID platform might store a validated token that confirms the information in it. Then when you get carded at a bar or need proof of citizenship, you could share those pre-verified credentials instead of the actual document or data. Microsoft has been one of the leaders of this pack -- and is now detailing tangible progress toward its vision of a decentralized digital ID. From a report: At its Ignite conference today, Microsoft announced that it will launch a public preview of its "Azure Active Directory verifiable credentials" this spring. Think of the platform as a digital wallet like Apple Pay or Google Pay, but for identifiers rather than credit cards. Microsoft is starting with things like university transcripts, diplomas, and professional credentials, letting you add them to its Microsoft Authenticator app along with two-factor codes. It's already testing the platform at Keio University in Tokyo, with the government of Flanders in Belgium, and with the United Kingdom's National Health Service. "If you have a decentralized identifier I can verify, say, where you went to school and I don't need you to send me all of the information," says Joy Chik, corporate vice president for Microsoft's cloud and enterprise identity division. "All I need is to get that digital credential and because it's already been verified I can trust it."
Microsoft will release a software development kit in the coming weeks that organizations can use to start building applications that issue and request credentials. And long-term the company says it hopes the system could be used around the world for everything from renting an apartment to establishing identity for refugees who are struggling without documents -- a dream of virtually all decentralized identification efforts. In the NHS pilot, for example, healthcare providers can request access to professional certifications from existing NHS health care workers, who can in turn choose to allow that access, streamlining a process for transferring to another facility that previously required a much more involved back and forth. Under Microsoft's set-up, you can also revoke access to your credentials if the recipient no longer needs access.
Microsoft will release a software development kit in the coming weeks that organizations can use to start building applications that issue and request credentials. And long-term the company says it hopes the system could be used around the world for everything from renting an apartment to establishing identity for refugees who are struggling without documents -- a dream of virtually all decentralized identification efforts. In the NHS pilot, for example, healthcare providers can request access to professional certifications from existing NHS health care workers, who can in turn choose to allow that access, streamlining a process for transferring to another facility that previously required a much more involved back and forth. Under Microsoft's set-up, you can also revoke access to your credentials if the recipient no longer needs access.
Tied to social credit score and biometrics too? (Score:4, Insightful)
Just what we need. Our dystopian overloads won't even need to ask for "papers please." They're AR headsets will use facial recognition or gait analysis and be able to look up that we are guilty of wrongthink through their blockchain AI [additional buzzword here].
Re: (Score:3, Insightful)
That seems to be the business-model, yes. The authoritarian fuckups cannot be eliminated, but occasionally they have to be beaten back. Democracy has the tools, but the voters seem to be incapable of using them for this purpose in large enough numbers.
Re: (Score:3)
Democracy has the tools
Not sure that this has been shown to be true in practice. While there are examples of Democracies that to this day have not descended into totalitarianism, there are also examples of Democracies that descended into totalitarianism, and sometimes this has even happened in multiple Democracies simultaneously, and that was only 80 or so years ago.
One might consider reading the histories of how those Democracies ended up as Totalitarian States, as well as who those Totalitarian were and what bill of goods th
Re: (Score:2)
Democracy has the tools
Not sure that this has been shown to be true in practice. While there are examples of Democracies that to this day have not descended into totalitarianism, there are also examples of Democracies that descended into totalitarianism, and sometimes this has even happened in multiple Democracies simultaneously, and that was only 80 or so years ago.
One might consider reading the histories of how those Democracies ended up as Totalitarian States, as well as who those Totalitarian were and what bill of goods they sold The People to achieve it. I suspect ~30% of the Americans wont, because they just voted for the very same bill of goods.
Democracy "has the tools" as in they are in the toolbox. They need to be used competently to have an effect. That seem to be happening rarely.
Hence Democracy has the tools, but the typical human population does not have the skills to use them competently. And _that_ is what causes democracies to devolve into totalitarian states: The people are defective (in their role a voters), because they ultimately try to remove all power from themselves. In a sense, a majority does not seem to want freedom and the powe
Re: (Score:1)
Re: (Score:2)
No thank you, I'm tracked enough already.
Re: (Score:2)
Just what we need. Our dystopian overloads won't even need to ask for "papers please." They're AR headsets will use facial recognition or gait analysis and be able to look up that we are guilty of wrongthink through their blockchain AI [additional buzzword here].
You may have your doubts, but I can assure you that The Blockchain is infallible, Mr. Buttle. Now, please stand over there while we wait 30 minutes for The Blockchain to update with the contents of this interaction. Never really know what servers might be up today. That's the beauty of the system.
It's worse than that... (Score:3)
What you're suggesting is already a future that is quite doable through centralized record lookup. What is being suggested is that those records should be pre-distributed in an encrypted form.
100% of blockchain schemes are a bad idea. Every usage case for blockchain is something that can be done faster, more easily, and far more safely with traditional methods. The cloud will not save you. The cloud will not just keep your data for you, safe and sound. Using blockchain for supply management or medical re
Re: (Score:3, Insightful)
This is the opposite of that. You already have these documents and need to present them sometimes. This way you can present them once and get a token that lets you prove you have them and what the contents are to other people, without actually showing them to those people.
So instead of having to show your driving licence as ID you can take the token the government issued along with the physical licence, and just use the token to verify name and DOB or whatever exact details are needed.
If solves a lot of dat
Re: (Score:2)
Just what we need. Our dystopian overloads won't even need to ask for "papers please." They're AR headsets will use facial recognition or gait analysis and be able to look up that we are guilty of wrongthink through their blockchain AI [additional buzzword here].
Going on since the mmo scam of the early 1990's buddy, any client-server software is a security risk, digital footsoldier on your pc and can trawl through your files and registry by default. I wonder how much fun sony had with everquest peeking through peoples files in the days of windows 98/ME. The fact we now have every game/app client-servered means we've already lost the battle long time ago. The rise of completely locked down smartphones with appstores, the rise of steam/denuvo/uplay/origin/mmo's.
Be
Re: (Score:2)
Re:All that data (Score:4, Insightful)
They already have it, along with your DNA.
Re: All that data (Score:1)
Hey, not everyone slept with a Chinese hooker! :P
The real challenge is making information ephemeral (Score:2)
Anyone can digitally sign stuff. The real trick is being able to prove something without giving the other person the ability to prove the same thing. If that is not possible, I'd rather have you take my word for it than give you the ability to prove something about me.
Re: The real challenge is making information ephem (Score:1)
If you look into the phiosophical foundation of science, you see that nothing can be proven/disproven. Unless your argument is based solely on rules you previously defined to be that way. (Axioms/paradigms/dogmas.)
Best we can do, is high sigma statistical reliability. Even peer review is useless, unless you yourself got high confidence in the the statistical reliablility of those peers.
Re: (Score:1)
You however seem to have a vendetta against people that want to see this country at it's best...
Re: Kayleigh McEnany joins Fox News (Score:1)
Not saying Biden is great (nudge nudge drone murders wink wink) but if Trump is your "best", you really need to take your meds, mate.
Re: (Score:1, Insightful)
Re: (Score:2)
we are again actively engaging in wars again... which we were not under Trump
Under Biden the US has launched air strikes in retaliation for an attack that killed Americans. Under Trump we launched cruise missiles into Syria, and killed a high-ranking member of the Iranian military in a drone strike. Drone strikes in general continued more or less as they did before his administration (though, if you do some Googling you'll find claims that there was an increase in civilian casualties, and a decrease in oversight).
Seems disingenuous to claim that the US was "not actively engaging i
Re: (Score:1)
Re: (Score:2)
Obama started America's adventures in the Middle East? He didn't even hold federal office when the Iraq and Afghanistan conflicts kicked off.
The point stands: The US actively engaged in war under Trump, as it did under Obama, as it did under Bush, and as it will likely continue to do under Biden.
decentralized my a** (Score:5, Informative)
how can a system with a central verification system and central key provider even be called decentralized?
this is the same as calling https as we have today as "decentralized". yeah you can share CAs and install them in your browser, but name one person that did that.
Re: (Score:2)
It seems "decentralized" is the wrong word. The goal is that you share all your personal info with Microsoft but with nobody else online. Other sites don't get to see your birth certificate, they rely on Microsoft telling them that you have a birth certificate.
This could be good for privacy because there's only possible one point of failure (Microsoft) rather than every website you do business with. (Of course, it might grant too much power to Microsoft.)
I think people have this association of "decentraliza
Re: (Score:2)
Re: (Score:2)
"This could be good for privacy because there's only possible one point of failure (Microsoft)"
Not trying to be mean or anything but, congrats, you just created the most epic sentence ever.
Re: (Score:2)
Better for Microsoft to have your data than for Microsoft AND everyone else to have it. That shouldn't be controversial.
Re: (Score:2)
It's funny that you mention certificates because that would be an actual decentralized solution to this problem. The government agency/university/whatever sends you a digital version of your documents signed with their own certificate, which you can then send to whoever you want and they can validate it using their preferred CA, no central blockchain necessary.
Re: (Score:3)
The government agency/university/whatever sends you a digital version of your documents signed with their own certificate, which you can then send to whoever you want and they can validate it using their preferred CA, no central blockchain necessary.
That's not how certificates work. Each certificate authority can only validate certificates it owns. So either your example university runs a certificate authority, and signs everything using it, which then have to be validated against that single certificate authority, or your example university buys a signing key from some other certificate authority, whom it pays maintenance fees to for continued validation of everything it signs. Certificate authorities as currently designed and implemented in X.509
Re: decentralized my a** (Score:1)
I did.
As did every serious business.
An internal CA is literally the ONLY trustwoethy CA.
Take a peek at your browser's or OS's list of built-in root certificates. You're gonna trust all those people? That you never met and never will meet? Including very obviously shady ones.
Sorry, that's security theater, and equivalent to a self-signed certificate, unless you are that business.
Which is why you can run your own CA anyway, as it makes no difference for your users. Welcome to the real world. Sorry for breakin
Re: (Score:2)
yeah this isn't decentralized at all
Even blockchain itself is not really decentralized - the ledger is validated and replicated across a number of authorities, it's still centralised but it is now effectively synced (eventually) with other peers.
There is a lot of interesting stuff happening in the decentralized landscape now - Twitter Bluesky recently released an overview of the ecosystem (here [matrix.org]), and there was a big online event last week (Hello Decentralization [hellodecen...zation.com]).
Personally I'm having a lot of fun with Holo [holochain.org]
Sounds like a Solid implementation (Score:3)
Isn't this just a variation on https://inrupt.com/solid [inrupt.com] ?
Where everyone maintains their own data and selectively shares it?
Re: (Score:2)
Sure, but Inrupt Solid is dead on arrival. They're actually hoping this Microsoft thing will be adopted by a government somewhere.
I see good and bad (Score:3, Interesting)
Re: (Score:2)
Re: (Score:1)
Just creates new problems. (Score:5, Interesting)
So you end up needing a whole other system that people can use to submit documents, have them verified, and then entered in the blockchain.
It doesn't matter how secure your blockchain is if I can go to my local Document Entry office, and slip the guy $50 to enter my "diploma" into the system. Or, more likely, steal the credentials of one of your document verifiers and sell access for $20 per document.
And since people viewing the credentials can't even see the original, just the "Verified" status, it'll be nearly impossible to tell the fakes from the real ones.
In other words, as with most blockchain "solutions", they haven't really solved anything, just rearranged the problems into new configurations.
Re: (Score:1)
the just pasted the mass-marketing spam (Score:3)
here is one example, the link on the words "open protocol" for extra irony:
https://secure-web.cisco.com/ long hash
PS: this commenting system where you can't paste relevant information because "filter error: That's an awful long string of letters there". yeah it is. it is the point of the comment dumbnut!
Can they be invalidated? (Score:3)
Let's just say that for whatever reason, someone manages to be issued a credential illegitimately. Is there a way to invalidate the credential? Being eternal even after being identified as fraudulent makes the entire list worthless.
Re: Can they be invalidated? (Score:1)
Welly if he had a way, would't you by definition have the same way too?
Re: (Score:2)
Energy Use? (Score:2)
Blockchain is very cool. But I wonder if energy use will become a big issue.
If we used blockchain for every transaction in the world we'd end up using orders of magnitude more energy.
This nonlinear relationship between "proof of work" machines and the transactions is a problem.
Is there a solution for that?
Re: Energy Use? (Score:1)
Yes, centralization. Only one entity keeping the current blockchain. (Think TLS CAs.)
If you want it decentralized, only physical objects (Think cash, or gold.) can be made so they can't be copied easily, without a blockchain-equivalent. Due to the laws of physics, Information can always be copied and tampered with, period.
And even blockchaim-equivalents only work based on everyone agreeing. Which is obviously unrealistic, and will be Bitcoin's achilles heel, sooner or later.
And a decentralized system of ent
Embrace, Extend, Eliminate (Score:2)
Given their history of poor corporate behavior, M$ cannot be trusted with something as vital as identification.
Just wait till you see the other half (Score:2, Informative)
Put your bullshit about the source aside for the moment and just read this Breitbart article [breitbart.com] about how Microsoft and a few other key players want to create reliable means of embedding watermarks into all common consumer and corporate file formats with the specific goal that you can't even create a freakin meme without having your real identity tied to it.
Microsoft is already getting aggressive at making it very difficult to use local user accounts. This is why we must start rallying behind open source deskt
Not bloody likely (Score:5, Insightful)
I can see the benefits of blockchain in many applications but I'm not about to put my personal data in Microsofts hands. Don't trust them, simple as that. What guarantee have I got that it won't be hacked? None. What guarantee have I got that they won't share it with 3rd parties without my permission? None. What happens if something gets screwed up and my college degree vaporizes in the blockchain and my paper copy of my degree becomes worthless?
Sorry....Billy Gates is going to have to persue world domination without my assistance.
Finally (Score:2)
something worth cracking with hundreds of GPU's for a tiny fraction of a bitcoin.
Will MS pay the fine they mess up and let minor (Score:2)
Will MS pay the fine they mess up and let minor get flagged as 21 or higher??
MS - how about fix your 10000 account login URLs? (Score:2)
Wait a minute here. (Score:2)
Re: Wait a minute here. (Score:1)
Majority, vote. Literally. That's the only thing keeping Bitcoin consistent. It's just obfuscated so if you're the minority, it's called a 51% attack.
Re: they are already behind (Score:1)
Maybe because literally nobody has. ;).
Not that the info isn't appreciated.
More reasons to show your papers (Score:2)
First you had to show your papers to get your driver's license, then you had to show you license to the cops. Then to the barman, the cashier, you doctor, the poll worker, the TSA, the airline check-in agent, the gate agent, the bank teller., the vaccinator... Then all of the about insisted on scanning it.
If Microsoft and the government gets their way, you will be presenting your ID to post on Slashdot.
no trust (Score:2)
The basis of any decentralised ID system has to be trust.
M$ doesn't engender trust.
The only reason corporations create a one step login is to tie you to their platform/cloud.
If it is truly decentralised, the blockchain would reach to the individual persons safe credential store,
then use the authentication to reach personal data in whichever location.
Access authorisation would be given by the individual.
I've talked about this stuff for decades, the network becomes the centre.
DIAF (Score:2)
To every rule like this there will be exemptions. Who will be exempt and why?
Centralized Digilocker (Score:1)