Quoted from: BiometricsUpdate.com
Microsoft is launching its decentralized identity credentials for public preview this spring, and partnered up with many leading device-based biometrics providers to do so, according to an announcement at its Ignite conference and in a blog post.
Azure Active Directory verifiable credentials (AAD VCs) are intended to provide secure, user-controlled, revocable credentials that support Zero Trust security strategies. They will do this in part through a partnership with leading biometric digital ID providers Acuant, AU10TIX, Idemia, Jumio, Socure, Onfido, and Vu Security, which unveiled a multi-modal biometric video conferencing solution in December. The partners will work on improving verifiability and data security.
In a blog post, AU10TIX CEO Carey O’Connor Kolaja calls the collaboration “a critical milestone for our industry,” and that the aim “is to improve verifiability while protecting privacy for businesses, employees, contractors, vendors, and customers.”
Microsoft will release its SDK in the next few weeks to allow developers to build the applications that issue and use the credentials.
Users will be able to use the Microsoft Authenticator App to share university transcripts, diplomas, and professional credentials at first, with plans to expand it to other credentials as new applications are developed.
The system is already being piloted at Japan’s Keio University, by the government of Flanders, Belgium, and the UK’s National Health Service. The NHS also implemented Yoti’s digital ID with face biometrics for workers for contactless credential proofing last year.
AAD VCs are built on the W3C’s WebAuthn open authentication standard, the Bitcoin blockchain and open protocol Sidetree, which is used to add new blocks. The Identity Overlay Network (ION) Sidetree implementation is customized but open-source, with organizations each verifying and storing identifiers on their own node.
Wired points out that the Solarwinds hack took advantage of flaws in organizations’ implementations of Active Directory, but the decentralized platform means that should an attack succeed in accessing stored data, it will be impossible to decrypt it without the private key held by the user.
Microsoft also announced the general availability of passwordless authentication for Azure Active Directory at Ignite, and its Passwordless Pilot Program launched last November in collaboration with AuthenTrend has been extended to cover the growing list of passwordless features supported by Microsoft.
“At Macaw, we are passionate about both innovation and security. The passwordless campaign hosted by Microsoft and AuthenTrend gave us the opportunity to show our customers the benefits of FIDO2 in practice,” Macaw Technology Consultant Paul Slijkhuis says in a statement on AuthenTrend’s website. “The ATKey.Pro proved to be a straightforward passwordless user experience with the highest level of security available in the market today.”