Microsoft Entra Verified ID

This week Microsoft announced that Microsoft Entra Verified ID has moved from public preview to general release. This has been quite the journey with general release being postponed twice that I’m aware of. I’ve been actively following the development of it since I was first introduced to it at the Microsoft Most Valuable Professional (MVP) Summit in Redmond way back in March 2019. At that time Pamela Dingle briefed us on the work activities associated with standards development as well as productization for what was then being referred to as Distributed Ledger Identity.

By the time it was ready for the first public previews it had been renamed Microsoft Azure Active Directory Verifiable Credentials. This made sense with the service being integrated to Azure Active Directory, and the open standard credential feature of decentralized identity being called Verifiable Credentials.

For those who are new to the terms verifiable credentials and Verified ID, they are associated with decentralized or self-sovereign identity. As the names imply an identity can be issued to an individual who then owns the digital representation (or proof) of the credential in a software wallet. As the owner and holder of that credential you can use it as proof validation direct to any entity that trusts the issuer of it.

Real World Example

Digital drivers’ licenses are starting to become available. I know of pilots in a couple of states in the United States and my local state (New South Wales) here in Australia has had them for a couple of years. However, with most of these implementations the local state issues the digital version of their driver’s license within an application issued and maintained by the state. Whilst you can show the license physically to others it is rare you can digitally use it outside of the intended purpose from the issuing authority.

In a self-sovereign, decentralized implementation you could be issued a credential (Entra Verified ID) from an authority such as your local state department of motor vehicles or transport department that proves your ownership of a driver’s license. And you would store that Verified ID in a software wallet. In the Microsoft Entra Verified ID implementation that would be the Microsoft Authenticator. Microsoft Authenticator provides the capability to store and present Verified ID credentials.

When you need to prove your identity or even your ownership of a driver’s license to a service that trusts your motor vehicle or transportation department you could present your driver’s license Verified ID to that third party service.

The overview diagram below from the Verified ID documentation shows the relationship between issuers, third parties accepting credentials from issuers and the holder. But the key fundamental difference between traditional identity systems and decentralized identity systems is that the owner of the credential holds it, and verification of the credential can be validated by relying parties by validating the signature of the credential without seeing the credential data.

Diagram of the components of 
a Microsoft Entra Verified ID solution with Microsoft Authenticator application highlighted.

Verified ID Proof of Concepts

So, what have I done with Verified ID? The two public proof of concepts that I can readily share have been associated with hackathons sponsored by Microsoft.

Decentralized Identity of Things

In January this year I was part of a hackathon team where we proposed and built a solution that issued Verified IDs for things. The Decentralized Identity of Things.

For foods a ‘verifiable credential’ could detail its certified ingredients and specific information pertinent to those with specific dietary or allergen requirements. With produce the providence of them maybe important for items such as Feta or Champagne.

For that submission to the Microsoft decentralized identity hackathon we actually won.

Token Binding with Verifiable Credentials

In July this year I was part of another hackathon team building a solution for submission to the Microsoft Identity for All hackathon. We built a web app for an online metaverse event that combined Bring Your Own IDentity (BYOID), Identity Proofing and Decentralized Identity.

Token binding is the concept of ensuring that an actor using a credential is the one to which it was issued and for the purpose (resource) it was intended. Our application issued a Verified ID that included biometric facial enrolment. On event access both the Verified ID and validation of associated identity through facial recognition comparison is verified.

For that submission we were first runner up.

Summary

I encourage you to find out more about Microsoft Entra Verified ID, how it works and what solutions it can provide for your organization.

Whilst this is still early days of the technology there are already numerous solutions deployed across many different industries. What will you build?