Editorial

Microsoft’s 5 guiding principles for decentralized identities

Alex Simons, Corporate VP at Microsoft Identity & Network Access Division gives an update on the companies principles of decentralised identity

Posted 7 October 2021 by Matt Stanley


Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more and in support of Satya Nadella’s statement that “Privacy is a human right”, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision:

Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.

During this incubation, customers and partners all around the world have helped us understand their challenges and the shortcomings of their existing identity systems. We’ve learned a ton through a set of successful proof of concepts partnering with Keio UniversityThe National Health Service (UK), and the Government of Flanders.  We’ve worked with our partners in the Decentralized Identity Foundation and the open standards community to develop standards and demonstrated interoperability. 

Using these new open standards and all these learnings to guide us, we turned on the public preview of our new decentralized identity system April 2021. That preview generated a ton of valuable feedback and gave us the opportunity to learn from all of you.

Through all these interactions and investments, we have become even more excited about the opportunity to create a decentralized identity system that increases customer trust and adoption by minimizing data processing and providing the user much greater control of the specific identity data they share and how it will be used.

Now we are well into the next phase of our plan, working on two parallel efforts:

  1. Partner with the decentralized identity community to finalize a set of high-quality open standards that we can all support.
  2. Deliver the first General Availability release of our decentralized identity service in parallel with these still evolving standards.

In this new phase, we share a set of guiding principles that we will use to guide both efforts. Not all these principles will be realizable from the start, but we believe that all are necessary over time to realize the promise of decentralized identities:

  1. Secure, Reliable and Trustworthy:
    • My digital identity must be secure. It must not be easy to forge or hack. No one must be able to use it to impersonate me.
    • I must always have a way to access, use and securely recover my digital identity. 
    • I must have access to a detailed log of all the times I’ve used my digital identity, who I used it with and what it was used for.
  2. Privacy protecting and in my control: 
    • My digital identity is under my control. It must only be used with my consent and when I consent, I must know who will use it and how it will be used.
    • I must be able to review which elements of my digital identity are being requested and I must have the option to only disclose the specific information necessary to support the consented use.
    • My use of my digital identity must be private. No one other than the party I explicitly share it with should know I am using it without my consent. 
    • My digital identity must not be able to be used to track me across unrelated services/apps without my consent.
    • I must have the freedom to switch between the devices and applications of my choosing to manage my digital identity and never be locked in.
    • I must be able to delete all aspects of my digital identity and any associated data and log files from wherever I choose to store them.
  3. Inclusive, fair, and easy to use:
    • My digital identity must be usable, available, and accessible regardless of my race, ethnicity, abilities, gender, gender identity, sexual orientation, national origin, socio-economic status, or political status.
    • My digital identity must be easy to use and use universal design principles to make it useful for people with a wide variety of abilities.
  4. Supervisable
    • I must be able to designate trusted friends or family members who can access my digital identity as needed if I become incapacitated or pass away.
    • If I am a child, my digital identity must support appropriate parental or custodial oversight and control.
  5. Environmentally responsible:
    • Creating and using my digital identity must be environmentally sustainable and not cause long term environmental harm.

Microsoft commitments: In building and running this new system, we are also making an additional set of commitments we believe are critically important:

  1. Legitimate and lawful: This new Digital Identity System must be legitimate and lawful. We will strive to assure it does not encourage illegal activity, enable corruption, or expose people to undue risk or unlawful access. We will strive to ensure the technology does not cause or exacerbate unjust or disparate impacts on systemically marginalized members of society.
  2. Interoperable and accessible: We will strive to ensure technical and policy interoperability among domestic and international stakeholders, ease of use, broad inclusion, and equity of access. We will work to ensure the system works across modalities, including using it online, in person and over the phone. We will build the system based on open, non-proprietary, and accessible standards to assure broad interoperability. 
  3. Safe: We will strive to place user safety and security at the center of our decentralized identity system design.

Our goal in sharing these principles and our commitments is to help our customers, partners and the decentralized identity community understand what motivates and guides us and how we think about this exciting opportunity.

Over the coming weeks and months, we will be blogging a lot more about how we are using these principles to guide all the work we are doing to realize our vision for decentralized identities. 

Blog author:

Alex Simons, Corporate Vice President, Microsoft Identity & Network Access Division

This blog can be viewed on the Microsoft website here.