Decentralized Identity (SSI) | Verifiable Credentials
A key piece of the decentralized identity equation is how people, organizations, and devices can be identified and located without centralized systems of identifiers (e.g. email addresses).
Microsoft released Entra Verified ID, as the newest member to join the Microsoft Entra portfolio. Customers rely on Azure AD to secure access to corporate resources. Microsoft is actively collaborating with members of the Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community.
We use IDs in our daily lives. We have drivers licenses that we use as evidence of our ability to operate a car. Universities issue diplomas that prove we attained a level of education. By using Verifiable Credentials to prove their details such as: name and address, salary, and the IBAN of an existing bank account, verification is instantaneous.
Verifiable Credentials offer a direct and secure channel between an organization and its stakeholders. A VC provides a mechanism to express credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine verifiable.
In short, verifiable credentials are data objects consisting of claims made by the issuer attesting information about a subject. These claims are identified by schema and include the DID issuer and subject. The issuer’s DID creates a digital signature as proof that they attest to this information. DIDs are globally unique identifiers linked to Decentralized Public Key Infrastructure (DPKI). Microsoft uses ION (Identity Overlay Network) ION is a Layer 2 open to be able to resolve DID documents. ION is an open, public, permissionless Layer 2 Decentralized Identifier network that runs atop the Bitcoin blockchain.
Here is a workshop that demonstrates how to integrate Microsoft Entra Verified ID with an Identity Provider for issuing Verifiable Credentials based Identity tokens. Nevertheless, you can also integrate your Identity Provider with the demo.