Skip to main content
Microsoft Security

Microsoft’s 5 guiding principles for decentralized identities

Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision:

Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.

During this incubation, customers and partners all around the world have helped us understand their challenges and the shortcomings of their existing identity systems. We’ve learned a ton through a set of successful proof of concepts partnering with Keio University,1 The National Health Service (UK),2 and the Government of Flanders.3 We’ve worked with our partners in the Decentralized Identity Foundation (DIF) and the open standards community to develop standards and demonstrate interoperability.

Using these new open standards and all these learnings to guide us, we turned on the public preview of our new decentralized identity system—Microsoft Azure Active Directory Verifiable Credentials—in April 2021. That preview generated a ton of valuable feedback and gave us the opportunity to learn from all of you.

Through all these interactions and investments, we have become even more excited about the opportunity to create a decentralized identity system that increases customer trust and adoption by minimizing data processing and providing the user much greater control of the specific identity data they share and how it will be used.

Now we are well into the next phase of our plan, working on two parallel efforts:

  1. Partner with the decentralized identity community to finalize a set of high-quality open standards that we can all support.
  2. Deliver the first General Availability release of our decentralized identity service in parallel with these still-evolving standards.

The 5 guiding principles

In this new phase, we want to share the set of guiding principles that we will use to guide both efforts. Not all these principles will be realizable from the start, but we believe that all are necessary over time to realize the promise of decentralized identities:

The five guiding principles of Decentralized Identities are: 1. Secure, reliable, and trustworthy; 2. Privacy protecting and in my control: 3. Inclusive, fair, and easy to use; 4. Supervisable; 5. Environmentally Responsible.

1. Secure, reliable, and trustworthy

2. Privacy protecting and in my control

3. Inclusive, fair, and easy to use

4. Supervisable

5. Environmentally responsible

Microsoft’s commitments to the new digital identity system

In building and running this new system, we are also making an additional set of commitments we believe are critically important:

  1. Legitimate and lawful: This new digital identity system must be legitimate and lawful. We will strive to assure it doesn’t encourage illegal activity, enable corruption, or expose people to undue risk or unlawful access. We will strive to ensure the technology doesn’t cause or exacerbate unjust or disparate impacts on systemically marginalized members of society.
  2. Interoperable and accessible: We will strive to ensure technical and policy interoperability among domestic and international stakeholders, ease of use, broad inclusion, and equity of access. We will work to ensure the system works across modalities, including using it online, in person, and over the phone. We will build the system based on open, non-proprietary, and accessible standards to assure broad interoperability.
  3. Safe: We will strive to place user safety and security at the center of our decentralized identity system design.

Looking forward

Our goal in sharing these principles and our commitments is to help our customers, partners, and the decentralized identity community understand what motivates and guides us and how we think about this exciting opportunity.

Visit Microsoft decentralized identity to learn more about the benefits and opportunities of a decentralized identity ecosystem based on open standards.

And we hope you’ll read the next blog in our five-part series on decentralized identity, where Pamela Dingle demystifies the basics of direct presentation, decentralized identity, verifiable credentials, and anchored decentralized identifiers. It’s quite entertaining, as well.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

1University to enable students to securely manage their own transcripts with Verifiable Credentials, Customer Stories, Microsoft. 16 March 2021.

2With high levels of security and trust, the NHS rapidly meets clinical demands using verified credentials, Customer Stories, Microsoft. 15 March 2021.

3How a decentralized identity and verifiable credentials can streamline both public and private processes, Customer Stories, Microsoft. 17 March 2021.