Microsoft is moving to turn blockchain-based decentralized identity from a lofty aspiration into a business line.

In a white paper posted this week, the software giant says it intends to develop two products designed to give consumers greater control of their personal data – long the Holy Grail of many technologists in the blockchain space and adjacent industries.

One such product is an encrypted personal data store, or “identity hub,” which is a combination of user’s personal devices and cloud storage that Microsoft would offer through Azure, its cloud computing service.

Although few details are provided, the general idea is that consumers could store identity information in this hub and their permission would be required for third parties to access it. This stands in contrast to the status quo, where data is held at countless third parties and regularly obtained without the user’s knowledge, much less consent.

The other product Microsoft says it will build is a “wallet-like app” that people could use, among other purposes, to manage these permissions to their data, including the ability to revoke them when desired.

Notably – and here’s where blockchain comes in – both of these products would build upon the foundation of decentralized identifiers (DIDs), a specification developed under the auspices of the World Wide Web Foundation (W3C).

Seen by many in the ID community as a breakthrough, DIDs do not require a central authority because they are registered, or “anchored,” on a distributed ledger or another decentralized system. This means that unlike traditional identifiers (think of a phone number or a Twitter handle), a DID is always under the user’s control, much in the way a crypto user has domain over her money.

Further, the paper reveals that Microsoft is developing an open-source implementation of DIDs that would work as a second layer on top of multiple blockchains. Somewhat like bitcoin’s Lightning Network is meant to allow a high volume of low-value payments in the cryptocurrency, reserving the blockchain for final settlement, the layer two for identity is being “designed for world-scale use,” the paper says.

The goal of that project (which Microsoft is referring to internally as “side trees”) is to “establish a unified, interoperable ecosystem that developers and businesses can rely on to build a new wave of products, applications, and services,” according to the paper.

While Microsoft did not give a timetable for any of these projects, taken together, these moves suggest that the company is stepping up its investment in “self-owned identity,” beyond its previously reported participation in the Decentralized Identity Foundation (DIF) as a founding member.

“Every person has a right to an identity that they own and control,” the paper declares, adding:

“We aspire to make DIDs a first-class citizen of the Microsoft identity stack.”

Blockchain-inspired

Stepping back, as a decades-old, multinational corporation, Microsoft might seem to some an unlikely champion for this decentralist vision.

Yet while the majority of the components of the new system Microsoft is building would operate off-chain, the advent of blockchains has clearly fired imaginations, at the Redmond, Washington-based company and elsewhere in the ID community.

“If you start with the premise of what blockchain can do for identity, it opens up the aperture to think about how you can have a consumer- or constituent-owned ID that then you can do different things with,” Yorke Rhodes, a program manager on Microsoft’s blockchain engineering team, told CoinDesk in a podcast interview last month.

Microsoft joined the DIF because the company wants to make sure that the systems being built today don’t end up becoming “new islands like the social media islands of today, where you can’t connect an identity from LinkedIn to Twitter, to Facebook, to WeChat, to Weibo,” Rhodes said.

Instead, in an ideal system, “if I create my identity in a Microsoft system, if somebody comes along with MetaMask or uPort or any other wallet, they should actually be able to understand what that identity is,” Rhodes said, referring to two ethereum-based apps by way of example.

Rhodes also said that in the next few months Microsoft would expand the range of identity types that Active Directory, its enterprise ID system, can recognize to include blockchain-based decentralized identities. This would allow a company to quickly onboard a new hire, recognize a decentralized ID that she controls, and associate it with her new corporate employee ID.

“That is, in my perspective, one of the levers that will actually help drive toward consumer-owned identity,” Rhodes said.

To be sure, Microsoft is not the only well-known company contributing to this emerging field. Kaliya Young, a co-founder of the Internet Identity Workshop, a semi-annual gathering of ID experts and innovators, noted that other big corporations, including IBM, Accenture and RSA, belong to the DIF, and she credited IBM in particular for its work moving forward open standards for DIDs and a related W3C initiative called Verifiable Credentials.

Further, Drummond Reed, chief trust officer at blockchain ID startup Evernym and chair of the Sovrin Trust Framework Working Group, noted that other companies, including all the “stewards” that operate nodes on Sovrin network (a group that includes IBM and Cisco), had been “endorsing DIDs and portable digital credentials as the foundation of decentralized identity for the past year.”

But if it follows through on the white paper’s commitment to building products like the identity hub, Microsoft may be the first household name in a field to come up with a mass-market solution.

Community work

However, some members of the ID community believe that work of this scale by a giant corporation like Microsoft should be done with more transparency.

“I don’t know what Microsoft has developed, I haven’t seen any actual code,” Wayne Vaughan, CEO of blockchain data platform Tierion and a member of the DIF steering committee, told CoinDesk. “Microsoft has been soliciting input from the community, but their software development has largely been done behind closed doors, and now they are releasing it publicly. With that being said — it’s much better than nothing.”

Vaughan believes that if corporations like Microsoft don’t make their work more transparent, other big players in possession of users’ identities, like Google and Facebook, might feel they are not involved and refuse to participate in the further adoption of the solutions that need to be broadly accepted to succeed.

Also, the community wants to see Microsoft not only generating pieces of code, but participating in the development of common standards for the exchange of credentials, Reed told CoinDesk, adding that in his view, that standard should support zero-knowledge cryptography, which isn’t mentioned in the white paper.

Manu Sporny, founder and CEO of payments startup Digital Bazaar and an active participant in several W3C working groups, shared similar thoughts.

“The hope is that Microsoft will join the work on Decentralized Identifiers and Verifiable Credentials that are currently happening at W3C,” Sporny said. “I’m sure that in time they’ll do the right thing and join the international standards efforts in the space as they have done many times before.”

Ankur Patel, principal program manager at Microsoft, responded to these concerns in an email to CoinDesk:

“We are committed to establishing Open Standards and contributing to Open Source to make Decentralized Identity successful. As we make further progress, we will make appropriate contributions. With such a vibrant space, there are many such opportunities [to work on common standards]. We continue to evaluate and will participate in the ones that are most meaningful. We are committed to working with DIF, W3C, as well other industry or standards group that we believe can help realize a successful Decentralized Identity platform.”

In any case, as the work on different concepts and implementations is accumulating, we can expect to see the first publicly available projects using decentralized identity come live in 2019, Young said, especially pointing at the work being done by the U.S. credit union consortium CULedger and the Canadian Province of British Columbia.

“In the next five years we will see wide-scale adoption of the tools,” she said, concluding:

“Identity is complex and decentralized identity solutions that put the user in the center of their own management of credentials is the only way through this complexity wormhole.”

Microsoft image via Shutterstock