Content of Figures
Commissioned by Microsoft
1 Introduction / Executive Summary
Most organizations are ready to go digital, or shift even farther towards digital processes and services. With that transformation comes a fundamental ...Login Get full Access
Digital transformation relies on a secure means of exchanging identity information
Verified identity adds credibility to digital identities...
3 The Problem of Establishing Verified Digital Identity
Just because there is a need does not mean it is always satisfied. To verify that a digital identity is being actively used by the one who created it ...Login Get full Access
4 How Identity Verification and Verifiable Credentials Address this Challenge
There are two parts to bringing this vision to life. One is to anchor the digital identity to the real-world identity, and the other is to make that v ...Login Get full Access
4.1 Anchoring the digital identity to the real-world
First, the individual sets up their identity wallet. Up until this point, and information provided is self-attested. The provided name, address, or an ...
This verified digital identity must be in a form which enterprises and other parties can accept. While the biometric and identity data may remain in t ...Login Get full Access
4.2 Enabling Reusable Verified Identity for Enterprise Use
A Verifiable Credential can be issued by an entity about any other entity, including an employer issuing employment credentials to an employee, a university issuing enrollment information to a student, and much more. When the holder of the Verifiable Credential presents this to access a service -- for example the employee presents their employment credential to access their workstation and the student presents their student ID at a bookstore to receive a student discount -- the relying party verifies the credential before granting access to the service, checking that the credential is valid and that its public key on the decentralized ledger.
Verifiable Credentials can be integrated into the services and infrastructure that enterprises already use, such as Active Directory and OpenID Connect (OIDC) protocol. Verifiable Credentials can be auto-populated and issued based on claims already made about the subject by the enterprise's OIDC identity provider to connect Verified Credentials with identities that are already federated.
Presentation and verification of the Verifiable Credential is a digital process, where the relying party requests information from the holder in the form of a QR code or push notification to an authenticator app, and the holder consents to sharing the credential by scanning the QR code or following the prompts of the authenticator app. Presentation and verification of digital credentials opens up many doors for secure and private interactions, authentication, and much more not just within the enterprise, but across industry ecosystems.
5 Compelling Use Cases for Verifiable Credentials
There are several compelling use cases in the enterprise for Verifiable Credentials. Issuing and accepting Verifiable Credentials streamlines and digi ...Login Get full Access
New employee or partner onboarding is a business topic rather than an IT topic, typically managed by HR to request and verify paper documents and prov ...Login Get full Access
5.2 Providing Access to Sensitive Applications
Access management for sensitive applications is a main function of identity management systems, but often takes a step down in security compared to th ...Login Get full Access
5.3 Account Recovery
Account recovery is an issue that is typically routed to the IT department or uses a self-service mechanism to reset the account. In a way, account re ...Login Get full Access
6 The challenges still to come
Verifiable Credentials for secure digital identity show clear promise, but still have some challenges to overcome. Compliance is one: even though the ...Login Get full Access
The use of Verifiable Credentials to enable end users - be it employees, consumers, or an individual in any other role - to hold and control the shari ...Login Get full Access
6.2 Mitigating bias in biometric data
Collecting and accurately matching biometric data to verify identities during onboarding or for authentication use cases is critical to Verifiable Cre ...Login Get full Access
6.3 Hypothetical compromise of Verifiable Credentials
Although Verifiable Credentials have not yet been leaked to the dark web, it is a scenario that must be considered and prevented. Compromise of a user ...Login Get full Access
6.4 Preference for anonymity
There is a tradeoff between security and the choice to preserve some level of anonymity. This is of course dependent on the situation. An employee mus ...Login Get full Access
7 The current state of Verifiable Credentials
Verifiable Credentials are in use today, integrated into decentralized identity solutions, identity verification and proofing solutions, and as enterp ...Login Get full Access
7.1 A Dynamic and Collaborative Market
This is a highly collaborative market where the majority of vendors participate in developing standards, partner together to extend services, and acti ...Login Get full Access