It may have started with social media, but the concept behind awarding a "verified" check mark to prove a person's identity online may soon go broader. Much broader, if Microsoft pulls off its goal for its new Verified ID service — and the effort doesn't turn into a privacy disaster.
In short, Microsoft wants to enable the creation of digitally verifiable credentials for personal attributes, said Ankur Patel, principal program manager for digital identity at Microsoft.
As part of Verified ID, individuals would be able to get digital credentials that prove where they work, what school they graduated from, which bank account they have — and, perhaps more controversially, whether they're in good health according to their doctor.
The idea is for individuals to carry these credentials in their digital wallet, which can be easily provided to whoever needs it, such as when applying for a job or a loan, or onboarding at a new employer, Patel said. "My education institution gets to give you an attestation that says I have education, and my doctor gets to tell you if I'm healthy, and my bank gets to tell you if I have money," he said. "All of those things put together make up my digital identity."
From a business perspective, Verified ID, which leverages blockchain-based decentralized identity standards, aims to improve efficiency around verifying credentials while reducing the likelihood of fraud.
On Tuesday, Microsoft announced plans to release the service — officially, Microsoft Entra Verified ID — into general availability in early August. Entra is the new name for Microsoft's portfolio of identity products, including its Azure Active Directory authentication service.
Patel expects it will take one to three years for Verified ID to reach the mainstream. He concedes that that sounds pretty quick, considering the fact that "we're talking paradigm shifts here" in terms of digitizing a lot more of the analog world. "The reason this will go faster than traditional enterprise technologies is because it's built for network effect," Patel said.
In the first year, it's likely that Verified ID will be used by organizations in tandem with existing verification methods, both digital and analog, with a portion of their users, according to Patel. Wider adoption will depend, in part, on making sure that the service itself hasn't "done harm," he acknowledged.
One potential risk is that individuals might inadvertently share sensitive information with the wrong parties using the system, Patel said. "In the physical world, when you're presenting these kinds of things, you're careful — you don't just give your birth certificate to anybody," he said. Microsoft is aiming to limit the issues in its own digital wallets with features meant to protect against this type of accidental exposure, Patel said.