Microsoft’s 5 guiding principles for decentralized identities
Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision:
Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.
During this incubation, customers and partners all around the world have helped us understand their challenges and the shortcomings of their existing identity systems. We’ve learned a ton through a set of successful proof of concepts partnering with Keio University,1 The National Health Service (UK),2 and the Government of Flanders.3 We’ve worked with our partners in the Decentralized Identity Foundation (DIF) and the open standards community to develop standards and demonstrate interoperability.
Using these new open standards and all these learnings to guide us, we turned on the public preview of our new decentralized identity system—Microsoft Azure Active Directory Verifiable Credentials—in April 2021. That preview generated a ton of valuable feedback and gave us the opportunity to learn from all of you.
Through all these interactions and investments, we have become even more excited about the opportunity to create a decentralized identity system that increases customer trust and adoption by minimizing data processing and providing the user much greater control of the specific identity data they share and how it will be used.
Now we are well into the next phase of our plan, working on two parallel efforts:
Partner with the decentralized identity community to finalize a set of high-quality open standards that we can all support.
Deliver the first General Availability release of our decentralized identity service in parallel with these still-evolving standards.
The 5 guiding principles
In this new phase, we want to share the set of guiding principles that we will use to guide both efforts. Not all these principles will be realizable from the start, but we believe that all are necessary over time to realize the promise of decentralized identities:
1. Secure, reliable, and trustworthy
My digital identity must be secure. It must not be easy to forge or hack. No one must be able to use it to impersonate me.
I must always have a way to access, use, and securely recover my digital identity.
I must have access to a detailed log of all the times I’ve used my digital identity, who I used it with, and what it was used for.
2. Privacy protecting and in my control
My digital identity is under my control. It must only be used with my consent and when I consent; I must know who will use it and how it will be used.
I must be able to review which elements of my digital identity are being requested and I must have the option to only disclose the specific information necessary to support the consented use.
My use of my digital identity must be private. No one, other than the party I explicitly share it with, should know I am using it without my consent.
My digital identity must not be able to be used to track me across unrelated services or applications without my consent.
I must have the freedom to switch between the devices and applications of my choosing to manage my digital identity, and never be locked in.
I must be able to delete all aspects of my digital identity and any associated data and log files from wherever I choose to store them.
3. Inclusive, fair, and easy to use
My digital identity must be usable, available, and accessible regardless of my race, ethnicity, abilities, gender, gender identity, sexual orientation, national origin, socio-economic status, or political status.
My digital identity must be easy to use and use universal design principles to make it useful for people with a wide variety of abilities.
I must be able to designate trusted friends or family members who can access my digital identity as needed if I become incapacitated or pass away.
If I am a child, my digital identity must support appropriate parental or custodial oversight and control.
5. Environmentally responsible
Creating and using my digital identity must be environmentally sustainable and not cause long-term environmental harm.
Microsoft’s commitments to the new digital identity system
In building and running this new system, we are also making an additional set of commitments we believe are critically important:
Legitimate and lawful: This new digital identity system must be legitimate and lawful. We will strive to assure it doesn’t encourage illegal activity, enable corruption, or expose people to undue risk or unlawful access. We will strive to ensure the technology doesn’t cause or exacerbate unjust or disparate impacts on systemically marginalized members of society.
Interoperable and accessible: We will strive to ensure technical and policy interoperability among domestic and international stakeholders, ease of use, broad inclusion, and equity of access. We will work to ensure the system works across modalities, including using it online, in person, and over the phone. We will build the system based on open, non-proprietary, and accessible standards to assure broad interoperability.
Safe: We will strive to place user safety and security at the center of our decentralized identity system design.