Microsoft has opened the doors of its Azure AD identity and access management service to third party authentication specialists, in a move that could lead to significantly improved cybersecurity for end users. An immediate result, in any case, is that a handful of leading biometric solutions are now compatible with Azure AD.
In a blog post, the Microsoft Identity Division VP of Program Management, Alex Simons, announced that the company’s Azure AD Verifiable Credentials program has officially gone into public preview, with Principal Program Manager Ankur Patel delving into the details of the program. Essentially, Azure AD Verifiable Credentials is aimed at enabling Azure AD clients to design and issue their own verifiable credentials for end users, with each credential signed using cryptographic keys.
Importantly, each credential is attached to Decentralized Identifiers, or DID, that end users own and control. This is informed by a broader effort to promote the concept of decentralized identity, in which the end user is empowered with proof of identity that is not issued or controlled by some other entity.
Standards are crucial to this framework because only a standards-based approach can ensure that a user’s verifiable credentials are interoperable across a range of different applications. To that end, Patel notes that the Decentralized Identifiers open standard is “very close to joining Verifiable Credentials (VC) as a ratified standard”; hence the launch of Azure AD Verifiable Credentials into public preview.
Some of the biggest names in biometric authentication are on board for the launch: Acuant, AU10TIX, IDEMIA, Jumio, Onfido, Socure, and Vu. All of these companies offer biometric identity solutions that are compatible with Azure AD Verifiable Credentials, meaning that end users will be able to use any of them to establish a digital ID that can ultimately be used for identity verification with a range of organizations, without the need to share sensitive personal data.
Notably, all of the aforementioned partners offer selfie-based biometric identity verification solutions that match end users’ faces to their government-issued identity documents. Their partnerships with Microsoft and its Azure AD Verifiable Credentials program effectively make selfie biometrics the de facto standard for digital identity across the Azure AD ecosystem, marking a significant milestone in the ongoing ascent of selfie biometrics as an increasingly popular means of identity verification.
For their part, executives with Microsoft’s partners in this effort expressed enthusiasm for the project across the board.
“Putting people in control of their own identity will help transform the way global employees, customers, and businesses access remote services,” explained Onfido Partnerships & Alliances VP Rick Hofmann. “Being able to verify a person’s identity once at onboarding, and then reuse those credentials to access many different services from different providers without collecting and storing personal data is a game-changer. Individuals get more control over what information they share, and businesses can provide a more seamless onboarding experience.”
Socure CEO and founder Johnny Ayers, meanwhile, affirmed that “Microsoft Azure Active Directory verifiable credentials marks a major milestone toward safely verifying and onboarding new employees.” And Jumio CEO Robert Prigge said that the collaborative effort would enable “modern enterprises to add a critical layer of trust with decentralized and reusable digital identity.”
On the other side of the table, a few prominent organizations have already signed on to take advantage of the Azure AD Verifiable Credentials solution. According to Microsoft, Britain’s National Health Service is using it for employee identification between organizations, and Tokyo’s Keio University plans to use it for student ID. It’s even going to be used for citizen ID by the Government of Flanders.
In addition to its collaborative efforts with leading biometrics specialists, Microsoft developed the Azure AD Verifiable Credentials solution with the help of the Decentralized Identity Foundation, the Open ID Foundation, and W3C. Now that the foundation of the solution is in place, Ankur Patel says that the next stop will be to “continue to enrich credentials with implementations that enable additional privacy preserving features and increase our interoperability with solutions from other members of the Decentralized Identity and Verifiable Credentials community.”
“Let’s build a more trustworthy internet together,” Patel wrote.
April 6, 2021 – by Alex Perala