/identity

News and resources on digital identity, trust, biometrics and Secure Customer Authentication.

Microsoft bids to overhaul ID verification

Microsoft has taken a major step in its efforts to create an identity verification system that can be used across organisations.

  7 7 comments

Microsoft bids to overhaul ID verification

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Now in public preview, Azure Active Directory (Azure AD) verifiable credentials offers an open standards-based approach to organisations re-using verified information about a person.

Azure AD is based on the Decentralized Identifiers (DID) core specification, which Microsoft says is "very close" to joining Verifiable Credentials as a ratified standard.

Firms can design and issue verifiable credentials to represent proof of claims - such as about employment or education. Then, the holder of the credential can decide when, and with whom, to share it. Each credential is signed using cryptographic keys associated with the DID that the user owns and controls.

Microsoft is working with a host of ID verification firms - including Jumio, Onfido and Socure - to use the technology to make it possible to verify an identity once and present it to anyone.

Azure AD customers can use the system to validate official documents and electronic records across 192 countries to verify identities.

Microsoft says this will benefit both organisations and individuals when it comes to highly-regulated interactions, enabling people to quickly start a job, apply for a loan, or access secure apps and services—without having to repeatedly share their sensitive information.

Sponsored [Webinar] Unifying Card Programmes: The cost-reduction imperative

Comments: (7)

Andrew Smith

Andrew Smith Founding CTO at RTGS & ClearBank

Its agreat shame that Microsoft hasnt followed the SSI prinicples regarding its inplementation, if it had, then privacy would have been key. In addition, the centralised nature of AD also causes issues - but if its a way of using verifiable credentials and link them back to your more traditional AD approach - then that is a good thing...Its all dependent on the real world usecase.

Andrew Smith

Andrew Smith Founding CTO at RTGS & ClearBank

I should have added, the issue of identitiy needs to be a cautionary one. We cannot afford to get "identity" infrastructure wrong, there is too much at stake.

 

Digital identity, cautionary facts – FinTechAndrew – The blog (wordpress.com)

Rajan Chadha

Rajan Chadha Director at IBN

The issue of identity managment is a very sensitive issue and I agree with Andrew Smith's comments above. Additionally, I may add that if there is no connectivity neither AD nor RTGS will work. The other issue is delay ( latency) and security, as the information flows it can be compromised as we move from server to server before it reaches you. To address, the above we invented next generation connectivity whereby RTGS happens even when no internet in a secure manner in real time . I think with further development a solution could be developed that unquestionably link a transaction to an individual (or organisations) uniformally and to systems in real time, ofcourse even when no internet.

Andrew Smith

Andrew Smith Founding CTO at RTGS & ClearBank

@Rajan, we are working on just that ;)

Rajan Chadha

Rajan Chadha Director at IBN

privilage to collaborate ☼

A Finextra member 

As a lay person with some knowledge of the questions, one wonders how we will develop a model where each of my claims (read attributes) can be trusted by a myriad of parties.  My claims will include graduation from University, Birth, marriage(s), divorce(s), Vaccination(s), certificate(s) of complaince to a defined work capability, business permit(s), employment(s) and the list goes on.  Without agreement on the schema associated with the multiple claims I wish to have trusted, how all of this will work is open to discussion. 

One then thinks about the work of ISO on 80013, 8583, 20022, 781z, and ... then add ICAO on the electronic passport, AAMVA on the Mobile drivers license and all sorts of relationship, membership  andtransactions types like airline tickets, theater tickets, bus passes.

What am I missing I am sure the list is enormous.

 

Janne Jutila

Janne Jutila Head of Business Alliances at Signicat AS

In response to Philip A. - the list of digital identity use-cases is in fact endless. Over time next to all transactions will be digital even when happening f2f. The solution is to separate the transaction authorization with strong authentication based on verified identity from the transaction processing. This is already happening in e.g. payments with 3DS 2.0. With separation, the transaction processing complexity is an use-case & industry specific issue.

Preventing disaster: How banks can address operational resilience to prepare for global outagesFinextra Promoted[On-Demand Webinar] Preventing disaster: How banks can address operational resilience to prepare for global outages