From e11a9d154f60bc8805bd28ef346c858106d3a606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=A7=89=20infominer?= Date: Tue, 4 Apr 2023 04:43:09 +0530 Subject: [PATCH] fix attributes --- _data/content.csv | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_data/content.csv b/_data/content.csv index 361271fb..387af961 100644 --- a/_data/content.csv +++ b/_data/content.csv @@ -171,7 +171,7 @@ Indicio,Indicio,,,,TOIP,,,,,Machine Readable Governance is the Key to Scaling De Indicio,Indicio,,,,,,,,,Scale Your Decentralized Identity Solution by Upgrading to the Indy DID Method,"Again, the Indy DID Method is not an optional upgrade. It’s a major development that delivers interoperability.","Indicio takes the stress out of managing this essential upgrade with two new integration packages By James Schulte The Hyperledger Indy DID Method is a major step forward in interoperability. As Indicio’s CTO, Ken Ebert put it, “The Indy DID Method paves the way for Hyperledger Indy credentials to scale globally by allowing Indy networks to seamlessly interoperate and create a ‘network-of-networks’ effect.” But this can only happen if all those currently using Hyperledger Indy and Hyperledger Aries update their operating systems, nodes, and agents to use the new Indy DID method. We can’t overemphasize this enough: If you want interoperability between Indy networks, you really have to have this. These code changes build in the resolution of DIDs, schemas, and other ledger objects to the network which contains them.Without these code changes it is very difficult to support multiple networks. We understand this can be a time consuming process and, in the case of upgrading agents, it could be a heavy lift. So why not let the authors of the code implement it for you? Enter Indicio’s DID:Indy Integration Service Packages! Two packages: One for agents and one for networks Upgrading customer agents is the most complex part of the process and where you’ll benefit most from knowledgeable implementation. We’ll also provide all the training you need to use the new update. Agent Package - Cloud Agent updates for issuers, verifiers, and holders - Mobile Agent updates for holders We can also upgrade your networks if you want to save time—or you don’t have a network operations person to do this work for you. Networks Package - Full network operating system updates - Node software updates for each running node Again, the Indy DID Method is not an optional upgrade. It’s a major development that delivers interoperability. We’re here to make it simple and stress free. Contact us for further information!",https://indicio.tech/scale-your-decentralized-identity-solution-by-upgrading-to-the-indy-did-method/,,Post,,Standards,,,,,,,DID:Indy,2022-05-23,,,,,,,,,,,,, Indicio,Indicio,,,,,,,,,The Perfect Signature Style is the Enemy of the One that Works Today,BBS+ signature styles are not going to be ready for deployment anytime soon. This is precisely why you should build today and in a way that allows you to add them later.,"BBS+ signature styles are not going to be ready for deployment anytime soon. This is precisely why you should build today and in a way that allows you to add them later. Sam Curren, Senior Architect New technology is inevitable: some of it will be evolutionary, some of it will be revolutionary; some of it will eat your business, and some of it might change the world and make life better. How do you know when to wait and when to jump? This is the dilemma for many people looking at decentralized identity right now. Is it ready to be implemented, are there “off-the-shelf” products I can use—or will it all be so much better next week or in a month or in a year? The dilemma seems to divide the decentralized identity community. Standards groups and initiatives advocate for the best possible solution, in the hope that it will eventually exist, while companies building solutions—like Indicio—say “build now because what we have works and works well and can be added to later. The ‘better’ may never come but the good—especially if open source—will continually get better and be relatively easy to upgrade.” But we believe our position is not just a matter of business logic: There’s a massive downside to letting failing technology—our current centralized and federated ways of managing identity—continue to fail businesses and consumers, citizens and governments. This downside is vastly greater than any of the differences between decentralized identity technologies that can be used today, those in development, and those hypothesized as being available sometime in the future. Don’t turn BBS+ into a minus This issue is not abstract. Right now, there is much discussion around JSON-LD BBS+ being “the” standard for managing verifiable credential key signatures in decentralized identity systems. The Good Health Pass, for example, recommends BBS+ for Covid digital credentials. BBS+ is good and Indicio is excited about adding it to its options for customers building decentralized solutions. But we can’t do so because BBS+ is still under development and it’s unclear when the final version will be available. Meanwhile, we have JSON-ZKP-CL Signatures that provide the ingredient BBS+ is working to add: privacy preserving predicate (zero-knowledge) proofs and blinded identity binding. Predicate proofs mean that you are able to generate a proof of something—such as age—without having to disclose the actual information, and they are a boon to preserving privacy. When thinking about BBS+, it is important to remember that credential format is just one part of a larger system that must be developed. Governance, Issuance and Verification agents, Holder apps, and more all need to be implemented; user experience must be developed; business relationships created: Decentralized identity is an ecosystem of infrastructure, software and governance working together as a product. All of these things can be deployed using existing production-ready credential formats. And the gains made now will translate into the future adoption of BBS+. The bigger point is this: Decentralized identity is at a breakthrough point. Governments in Canada and Germany have decided that verifiable credentials are the way forward; pilots and consumer products are being unveiled on a weekly basis. This is not the moment to say, “let’s wait; ” this is the moment to say “let’s scale.” At Indicio, we’ve shown how to make decentralized ecosystems work to solve real problems for lots of customers. In building, we’ve advanced the tech. In advancing the tech, we’ve built more solutions. This is the virtuous cycle of innovation and scale that we’re creating. We will add BBS+ into our products when it is available. But until then, we’re going to build solutions that BBS+ can be added to—and we think you should too.",https://indicio.tech/the-perfect-signature-style-is-the-enemy-of-the-one-that-works-today/,,Post,,Standards,,,,,,BBS+,,2021-11-22,,,,,,,,,,,,, Indicio,Indicio,,,,,,,,,Trust Registry or Machine-Readable Governance?,"The world will move towards decentralized identity if we make it easy for them to do so—and easy means, above all, fast. The solution is machine readable governance—a smart way of implementing rules for how to manage trust.","The world will move towards decentralized identity if we make it easy for them to do so—and easy means, above all, fast. The solution is machine readable governance—a smart way of implementing rules for how to manage trust. If you want a high-speed train to go fast, you need the right kind of track. It needs to be laser-straight, have few, if any, crossings, and be free of slower freight trains. Unfortunately, the U.S. has, mostly, the wrong kind of rails: lots of crossings, lots of freight trains, and lots of curvy and unaligned tracks. One section of the Northeast Corridor can’t handle train speeds above 25mph. And while billions will soon be spent on new high-speed trains that are lighter, more capacious, and more energy efficient, they will still run on the same rails at the same speeds. As we race ahead with decentralized identity networks—Ontario’s announcement of its Digital ID program is the most visible sign yet that we are in an accelerating phase of a paradigm shift on identity—we face lots of infrastructural choices, the answers to which could put us in an Amtrak-like bind. If you think of a decentralized identity network as a set of rails that allow information to be issued, shared, and verified, this process should be as frictionless and fast as possible; and it is, because it is powered by software—called agents— that enable consent and trust at every point in the system. Once you decide that an issuer of a verifiable credential is trustworthy, verifying their credentials is straightforward. You can also apply all kinds of rules at the agent level to govern more complex information requirements in a frictionless, automatic way. A verifier agent could be programmed to accept only certain kinds of tests from a laboratory, or only tests from approved laboratories at a national or international level. The ability to do this instantaneously is essential to adoption. This is why machine-readable governance, which takes place at the agent layer, is integral to the successful deployment of any kind of decentralized trusted data ecosystem: It’s a real-time way to handle governance decisions—the Boolean choreography of ‘if this, then that’— in the most frictionless way possible. This also means that a network can organize itself and respond as locally as possible to the constant flux of life and changes in information and rules. Not everybody wants the same thing or the same thing forever. Machine-readable governance therefore functions as a trust registry—literally a registry of who to trust as issuers and verifiers of credentials—and as a set of rules as to how information should be combined, and for whom, and in which order. It can also power graphs—sets of connections—between multiple registries. This means that different authority structures can conform to existing hierarchical governance structures—or to self-organize. Some entities may publish their ‘recipe’ for interaction including requirements for verification, while others may simply refer to other published governance. When everyone knows each other’s requirements, we can calibrate machine-readable governance to satisfy everyone’s needs in the most efficient way possible. Choreographing this complex workflow at the agent level delivers the speed needed by users. The elements of machine-readable governance Machine-readable governance is composed of elements that help to establish trust and enable interoperability: trusted participants, schemas (templates for structuring information in a credential), and rules and flows for presenting credentials and verifying them. Machine-readable governance can be hierarchical. Once a governance system is published, other organizations can adopt and then amend or extend the provided system. In the diagram above, Government A has published a complete set of governance rules. Government B selected Schema 1 for use and added its own rule and flow to the governance from Government A. Federal Medical Assn. C created its own list of trusted issuers (C1, C2), selected Schema 1 for use, and layered customized governance on top of the governance that Government A publishes. State Medical Assn. D has taken the layered governance selected by Federal Medical Assn. C and duplicated everything except its list of issuers. If we have this fantastic, high-speed way to verify in decentralized networks where, then, is the Amtrak problem? It lies in the belief that the best way to do governance is to divert all traffic through a centralized trust registry. This trust registry will be run by a separate organization, third party business, or consortium which will decide on who is a trusted issuer of credentials—and all parties will consult this single source of trust. Here’s why this isn’t a good idea: First, the point of high-speed rails is speed. If you must ping the trust registry for every look up, then you have created a speed limit on how fast verification can take place. It will slow down everything. Second, a trust registry creates a dependence on real-time calling when the system needs to be able to function offline. A downloadable machine-readable governance file allows pre-caching, which means no dependence on spotty connectivity. Given that we want interoperable credentials, it’s a little bit naïve and first-world-ish to assume the connection to the trust registry will always be on. Third, a centralized trust registry is unlikely to be free or even low cost, based on non-decentralized real-world examples. Being centralized it gets to act as a monopolist in its domain, until it needs to interact with another domain and another trust registry. Before you know it, we will need a trust registry of trust registries. With each layer of bureaucracy, the system gets slower and more unwieldy and more expensive. This kind of centralized planning is likely to only benefit the trust registry and not the consumer. And it can all be avoided if governments and entities just publish their rules. The kicker is that as the trust registries currently envisioned cannot yet accommodate rules for choreographing presentation and verification, it’s literally a case of ripping up the high-speed track and replacing it with slower rails. Yes, the analogy with Amtrak isn’t exact. The tracks that crisscross the U.S. are legacy tech while decentralized identity is entirely new infrastructure. But trust registries are an example of legacy thinking, of bolting on structures conceived for different systems and different infrastructural capacities. We can, with machine-readable governance, have smart trust registries that map to the way governments, local, federal, and global, actually make decisions and create rules. We also move further away from a model of trust that depends on single, centralized sources of truth, and toward zero trust-driven systems that enable fractional trust—lots of inputs from lots of sources that add up to more secure decision making. But most of all, we use the rails we’ve built to share information in a secure, privacy-preserving way in the fastest, most efficient way possible.",https://indicio.tech/trust-registry-or-machine-readable-governance/,,Post,,Standards,,,,Governance,,,,2021-09-28,,,,,,,,,,,,, -Jolocom,,Jolocom,,Joachim Lohkamp,W3C; DIF; INATBA; eSSIF; EBSI; T-Labs; IOTA,"European Union, Germany, Berlin",Europe,,,JoloCom,"Jolocom builds global infrastructureto support decentralized digital identity management.Smart agents own and control the data that defines them, a prerequisite for self-sovereign identity. ",,https://www.jolocom.com,,Company,,Company,Enterprise,ID,SSI,,,"Ethereum,SolID,BigchainDB","Verifiable Credentials,DID",2002,https://github.com/jolocom,https://twitter.com/getjolocom,https://www.youtube.com/channel/UCmpF6TdeLM2H6XcpZI2ceBg,https://stories.jolocom.com/,https://stories.jolocom.com/feed,,https://www.crunchbase.com/organization/jolocom,https://www.linkedin.com/company/jolocom/,https://jolocom-lib.readthedocs.io/en/latest/,,,, +Jolocom,,Jolocom,,Joachim Lohkamp,W3C; DIF; INATBA; eSSIF; EBSI; T-Labs; IOTA,"European Union, Germany, Berlin",Europe,,,JoloCom,"Jolocom builds global infrastructureto support decentralized digital identity management.Smart agents own and control the data that defines them, a prerequisite for self-sovereign identity. ",,https://www.jolocom.com,,Company,,Company,Enterprise,ID,SSI,,Smart Wallet,"Ethereum,BigchainDB","Verifiable Credentials,DID,Social Linked Data",2002,https://github.com/jolocom,https://twitter.com/getjolocom,https://www.youtube.com/channel/UCmpF6TdeLM2H6XcpZI2ceBg,https://stories.jolocom.com/,https://stories.jolocom.com/feed,,https://www.crunchbase.com/organization/jolocom,https://www.linkedin.com/company/jolocom/,https://jolocom-lib.readthedocs.io/en/latest/,,,, Jolocom,Jolocom,,,,Solid,,,,,Trusted Data Sharing with Social Linked Data (Solid) and Ethereum,"At the core of Solid is the WebID, which Jolocom integrates with the Ethereum blockchain, to build a self-sovereign digital identity that allows you to represent yourself and to enrich your data with semantic meaning. Besides that and storing data, it also lets other applications ask for your data. Solid authenticates the DApps (Decentralized Applications) through Access Control Lists (ACLs) and if you’ve given access permission to the requester of the data, the Solid server delivers it.","Trusted Data Sharing with Social Linked Data (Solid) and Ethereum This post intends to give the reader a perspective on how Jolocom brings trusted data sharing to IoT (AGILE is a H2020 project). It should provide essential value to the user, not only but also in context of the internet of things, and not least to benefit from the EU’s General Data Protection Regulation (GDPR). The original idea of the World Wide Web To start with, the vision of Jolocom aligns with the original idea of the World Wide Web, which was distributed: everyone would have their own node (e.g. home page), everyone would share their content (e.g. blog posts), and everyone would own their own data. The web consisted of nodes connected through links with no center. Jolocom wants to help reclaiming this vision that everyone owns their own node (digital identity) and that every node can communicate with any other node, with no intermediation (e.g. centralized platform). The dominating power of a few Today a handful of companies dominate vast parts of the web’s activities — Facebook for social networking, Google for searching, Paypal for payments or eBay for auctions, Samsung/IBM for IoT — and they actually own the data their users have provided and generated. Ergo these companies have unprecedented insight and power over us. They can influence and nudge us without our knowledge, which gives them not only a huge competitive advantage, but also interferes with fundamental values of society and the right for privacy. Social Linked Data (Solid) and Blockchain (Ethereum) Jolocom uses a decentralized software architecture that is very promising. It was initiated by Tim Berners-Lee who invented the web and gave it to us as a gift, free and open source. His new project is called Solid (“social linked data”) and it allows you to own your own data, while also using it with only the applications you want to use. With Solid, you simply store your data in your own Personal Data Store (PDS; in Jolocom’s case: a Solid Server), which is hosted wherever you wish. At the core of Solid is the WebID, which Jolocom integrates with the Ethereum blockchain, to build a self-sovereign digital identity that allows you to represent yourself and to enrich your data with semantic meaning. Besides that and storing data, it also lets other applications ask for your data. Solid authenticates the DApps (Decentralized Applications) through Access Control Lists (ACLs) and if you’ve given access permission to the requester of the data, the Solid server delivers it. Here’s a concrete example.You might store data from your IoT devices or sensors in your own PDS: the sort of data about yourself that would normally be uploaded directly from your IoT device to a third party. That way if someone built a new DApp, to offer specialized services to people, you could join it by using your WebID. To share information with others (individuals or organisations), you simply give them permission to access the appropriate information in your PDS. The data in your PDS would remain your own, in every sense of the word: fully under your control, stored where you choose, and usable only by an Organization’s WebID that you’ve given permission to. The fantastic thing about Solid is that it does all this without having to centralize information in hands that we can’t- and too often also should not — fully trust. General Data Protection Regulation (GDPR) Users are becoming increasingly aware of the need and importance for strong data rights. Governments are slowly adapting to this, with the upcoming EU General Data Protection Regulation as the first move towards a market in which businesses will have to adapt with new business models and technical infrastructure. With the decentralized web as an answer to these needs, users will be able to use services they want to interact with, data will be stored in their own private location, and they will be able to switch between them. This will allow and encourage for a market with a significantly lowered barrier to innovate, one in which collaboration between players is much favourable over competition. Without the main competitive advantage of data, network effects and vendor lock-in will become virtually obsolete. We help businesses create and participate in collaborative decentralized ecosystems where the value generated by its services benefits the ecosystem as a whole. GDPR compliance is now mandated by May 2018. This means businesses are now required to show exactly how the data they collect is used and enables them to freely take this data with them to different services. Conclusion Social Linked Data with its decentralized architecture has the properties to profoundly enrich trust, data portability, and privacy. At the same time it will step up usability to a whole new level for both the user and service providers, while simultaneously becoming compliant to GDPR. Author: Joachim Lohkamp, Jolocom https://Twitter.com/JockelLohkamp",https://stories.jolocom.com/trusted-data-sharing-with-social-linked-data-solid-and-ethereum-in-the-internet-of-things-iot-7dc242944624,,Post,,Ecosystem,,DWeb,Web3,,,Ethereum,,2017-06-20,,,,,,,,,,,,, Jolocom,Jolocom,,,,T-Labs; BigchainDB; IOTA; Riddle+Code,,,,,PRESS RELEASE: T-Labs (Deutsche Telekom) announces project with major blockchain startups,"Benefiting from the expertise in Berlin, T-Labs partnered with BigchainDB, IOTA, Jolocom and Riddle & Code to abstract the complexity of blockchain development for enterprises. With the prototype developers can combine different DLTs to enable decentralized storage, identity management, smart contracts and payments. This allows enterprises to build a decentralized back-end in a matter of minutes.","PRESS RELEASE: T-Labs (Deutsche Telekom) announces project with major blockchain startups The blockchain group, from the Deutsche Telekom Innovation Laboratories (T-Labs) launched its prototype operating stack service this week at the Bosch Connected World (BCW) 2018 conference and hackathon. The service was created to simplify the decision-making process for developers wondering which blockchain technology to use… Dear Reader, We have moved this article to Jolocom Logbook, our official new blog since 1st July 2020. For the full story, visit Jolocom.io/blog/press-release-t-labs-deutsche-telekom-announces-project-with-major-blockchain-startups",https://stories.jolocom.com/press-release-t-labs-deutsche-telekom-announces-project-with-major-blockchain-startups-e6ac451d8b3,,Press,,Ecosystem,,,,,,,,2020-07-04,,,,,,,,,,,,, Jolocom,DWebMeetup,,archive,,,,,,DWebMeetup,Jolocom's lightning talk at DWeb meetup - Self-sovereign Identity In Germany,"A brief video introduction to use cases, strategies and challenges of the four German SDI projects.","Due to a planned power outage on Friday, 1/14, between 8am-1pm PST, some services may be impacted. Search the history of over 778 billion web pages on the Internet. Capture a web page as it appears now for use as a trusted citation in the future. Please enter a valid web address 112 Views Uploaded by Unknown on March 26, 2021",https://archive.org/details/jolocom-at-dweb-march-self-sovereign-identity-in-germany,,Video,,Ecosystem,,,,,Recap,,,2021-03-26,,,,,,,,,,,,, @@ -291,10 +291,10 @@ Microsoft,Microsoft,,ID Standards Blog,Alex Simons,,,,,,Announcing Azure AD Veri Microsoft,Microsoft,,ID Standards Blog,Alex Simmons,,,,,,Decentralized digital identities and blockchain: The future as we see it,"Over the last 12 months we’ve invested in incubating a set of ideas for using Blockchain (and other distributed ledger technologies) to create new types of digital identities, identities designed from the ground up to enhance Personal privacy, security and control. We’re pretty excited by what we’ve learned and by the new partnerships we’ve formed in the process. Today we’re taking the opportunity to share our thinking and direction with you. This blog is part of a series and follows on Peggy Johnson’s blog post announcing that Microsoft has joined the ID2020 initiative. If you haven’t already Peggy’s post, I would recommend reading it first.",,https://techcommunity.microsoft.com/t5/azure-active-directory-identity/decentralized-digital-identities-and-blockchain-the-future-as-we/ba-p/1994714,,Post,,Meta,,,,,,Entra,,2021-02-18,,,,,,,,,,,,, Microsoft,Microsoft,,,Alex Simons,,,,,,Decentralized digital identities and blockchain: The future as we see it,"Over the last 12 months we’ve invested in incubating a set of ideas for using Blockchain (and other distributed ledger technologies) to create new types of digital identities, identities designed from the ground up to enhance Personal privacy, security and control. We’re pretty excited by what we’ve learned and by the new partnerships we’ve formed in the process. Today we’re taking the opportunity to share our thinking and direction with you. This blog is part of a series and follows on Peggy Johnson’s blog post announcing that Microsoft has joined the ID2020 initiative. If you haven’t already Peggy’s post, I would recommend reading it first.
","Decentralized digital identities and blockchain: The future as we see it Howdy folks, I hope you’ll find today’s post as interesting as I do. It’s a bit of brain candy and outlines an exciting vision for the future of digital identities. Over the last 12 months we’ve invested in incubating a set of ideas for using Blockchain (and other distributed ledger technologies) to create new types of digital identities, identities designed from the ground up to enhance Personal privacy, security and control. We’re pretty excited by what we’ve learned and by the new partnerships we’ve formed in the process. Today we’re taking the opportunity to share our thinking and direction with you. This blog is part of a series and follows on Peggy Johnson’s blog post announcing that Microsoft has joined the ID2020 initiative. If you haven’t already Peggy’s post, I would recommend reading it first. I’ve asked Ankur Patel, the PM on my team leading these incubations to kick our discussion on Decentralized Digital Identities off for us. His post focuses on sharing some of the core things we’ve learned and some of the resulting principles we’re using to drive our investments in this area going forward. And as always, we’d love to hear your thoughts and feedback. Best Regards, Alex Simons (Twitter: @Alex_A_Simons) Director of Program Management Microsoft Identity Division ———- Greetings everyone, I’m Ankur Patel from Microsoft’s Identity Division. It is an awesome privilege to have this opportunity to share some of our learnings and future directions based on our efforts to incubate Blockchain/distributed ledger based Decentralized Identities. What we see As many of you experience every day, the world is undergoing a global digital transformation where digital and physical reality are blurring into a single integrated modern way of living. This new world needs a new model for digital identity, one that enhances individual privacy and security across the physical and digital world. Microsoft’s cloud identity systems already empower thousands of developers, organizations and billions of people to work, play, and achieve more. And yet there is so much more we can do to empower everyone. We aspire to a world where the billions of people living today with no reliable ID can finally realize the dreams we all share like educating our children, improving our quality of life, or starting a business. To achieve this vision, we believe it is essential for individuals to own and control all elements of their digital identity. Rather than grant broad consent to countless apps and services, and have their identity data spread across numerous providers, individuals need a secure encrypted digital hub where they can store their identity data and easily control access to it. Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used. We know that enabling this kind of self-sovereign digital identity is bigger than any one company or organization. We’re committed to working closely with our customers, partners and the community to unlock the next generation of digital identity-based experiences and we’re excited to partner with so many people in the industry who are making incredible contributions to this space. What we’ve learned To that end today we are sharing our best thinking based on what we’ve learned from our decentralized identity incubation, an effort which is aimed at enabling richer experiences, enhancing trust, and reducing friction, while empowering every person to own and control their Digital Identity. - Own and control your Identity. Today, users grant broad consent to countless apps and services for collection, use and retention beyond their control. With data breaches and identity theft becoming more sophisticated and frequent, users need a way to take ownership of their identity. After examining decentralized storage systems, consensus protocols, blockchains, and a variety of emerging standards we believe blockchain technology and protocols are well suited for enabling Decentralized IDs (DID). - Privacy by design, built in from the ground up. Today, apps, services, and organizations deliver convenient, predictable, tailored experiences that depend on control of identity-bound data. We need a secure encrypted digital hub (ID Hubs) that can interact with user’s data while honoring user privacy and control. - Trust is earned by individuals, built by the community. Traditional identity systems are mostly geared toward authentication and access management. A self-owned identity system adds a focus on authenticity and how community can establish trust. In a decentralized system trust is based on attestations: claims that other entities endorse – which helps prove facets of one’s identity. - Apps and services built with the user at the center. Some of the most engaging apps and services today are ones that offer experiences Personalized for their users by gaining access to their user’s Personally Identifiable Information (PII). DIDs and ID Hubs can enable developers to gain access to a more precise set of attestations while reducing legal and compliance risks by processing such information, instead of controlling it on behalf of the user. - Open, interoperable foundation. To create a robust decentralized identity ecosystem that is accessible to all, it must be built on standard, open source technologies, protocols, and reference implementations. For the past year we have been participating in the Decentralized Identity Foundation (DIF) with individuals and organizations who are similarly motivated to take on this challenge. We are collaboratively developing the following key components: - Decentralized Identifiers (DIDs) – a W3C spec that defines a common document format for describing the state of a Decentralized Identifier - Identity Hubs – an encrypted identity datastore that features message/intent relay, attestation handling, and identity-specific compute endpoints. - Universal DID Resolver – a server that resolves DIDs across blockchains - Verifiable Credentials – a W3C spec that defines a document format for encoding DID-based attestations. - Ready for world scale: To support a vast world of users, organizations, and devices, the underlying technology must be capable of scale and performance on par with traditional systems. Some public blockchains (Bitcoin [BTC], Ethereum, Litecoin, to name a select few) provide a solid foundation for rooting DIDs, recording DPKI operations, and anchoring attestations. While some blockchain communities have increased on-chain transaction capacity (e.g. blocksize increases), this approach generally degrades the decentralized state of the network and cannot reach the millions of transactions per second the system would generate at world-scale. To overcome these technical barriers, we are collaborating on decentralized Layer 2 protocols that run atop these public blockchains to achieve global scale, while preserving the attributes of a world class DID system. - Accessible to everyone: The blockchain ecosystem today is still mostly early adopters who are willing to spend time, effort, and energy managing keys and securing devices. This is not something we can expect mainstream people to deal with. We need to make key management challenges, such as recovery, rotation, and secure access, intuitive and fool-proof. Our next steps New systems and big ideas, often make sense on a whiteboard. All the lines connect, and assumptions seem solid. However, product and engineering teams learn the most by shipping. Today, the Microsoft Authenticator app is already used by millions of people to prove their identity every day. As a next step we will experiment with Decentralized Identities by adding support for them into to Microsoft Authenticator. With consent, Microsoft Authenticator will be able to act as your User Agent to manage identity data and cryptographic keys. In this design, only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can’t see) encrypted using these cryptographic keys. Once we have added this capability, apps and services will be able to interact with user’s data using a common messaging conduit by requesting granular consent. Initially we will support a select group of DID implementations across blockchains and we will likely add more in the future. Looking ahead We are humbled and excited to take on such a massive challenge, but also know it can’t be accomplished alone. We are counting on the support and input of our alliance partners, members of the Decentralized Identity Foundation, and the diverse Microsoft ecosystem of designers, policy makers, business partners, hardware and software builders. Most importantly we will need you, our customers to provide feedback as we start testing these first set of scenarios. This is our first post about our work on Decentralized Identity. In upcoming posts we will share information about our proofs of concept as well as technical details for key areas outlined above. We look forward to you joining us on this venture! Key resources: - Follow-us at @AzureAD on Twitter - Get involved with Decentralized Identity Foundation (DIF) - Participate in W3C Credentials Community Group Regards, Ankur Patel (@_AnkurPatel) Principal Program Manager Microsoft Identity Division",https://www.microsoft.com/en-us/microsoft-365/blog/2018/02/12/decentralized-digital-identities-and-blockchain-the-future-as-we-see-it/,,Post,,Meta,,,,,,,,2018-02-12,,,,,,,,,,,,, Microsoft,BitcoinMagazine,,,GIULIO PRISCO,Blockstack; Consensys; ID2020; uPort,,,,,"Microsoft Building Open Blockchain-Based Identity System With Blockstack, ConsenSys","The Microsoft strategist said that the Redmond, Washington, giant is working with Blockstack Labs and ConsenSys to leverage their current Bitcoin and Ethereum-based identity solutions, Blockstack and uPort. Through this open source collaboration, Microsoft and its partners intend to produce a cross-chain identity solution that can be extended to any future blockchains or new kinds of decentralized, distributed systems. In the coming weeks an open-source framework for developers will be made available on Azure.","Microsoft Building Open Blockchain-Based Identity System With Blockstack, ConsenSys Microsoft has announced that it is collaborating with Blockstack Labs, ConsenSys and developers across the globe on an open source, self-sovereign, blockchain-based identity system that allows people, products, apps and services to interoperate across blockchains, cloud providers and organizations. The United Nation's Sustainable Development Goals include giving everyone a legal identity by 2030. As a first step, the U.N. wants to develop scalable identity systems by 2020. The inaugural ""ID2020 Summit ‒ Harnessing Digital Identity for the Global Community,"" held at the United Nations headquarters in New York on May 20, brought together policymakers and technology companies to develop an action plan. “While we don’t profess to have solutions to these overwhelming problems today, we can start where the open source community is best: collaboration,” said Yorke Rhodes III, blockchain business strategist at Microsoft. “To progress toward these goals, we have been working with partners to address identity using the self-owned or self-sovereign qualities of blockchain technology.” The Microsoft strategist said that the Redmond, Washington, giant is working with Blockstack Labs and ConsenSys to leverage their current Bitcoin and Ethereum-based identity solutions, Blockstack and uPort. Through this open source collaboration, Microsoft and its partners intend to produce a cross-chain identity solution that can be extended to any future blockchains or new kinds of decentralized, distributed systems. In the coming weeks an open-source framework for developers will be made available on Azure. Blockstack ‒ an open source blockchain application stack ‒ permits building decentralized, serverless apps by plugging into Blockstack's services for identity, naming, storage and authentication. According to the Blockstack team, Blockstack is the largest, most popular blockchain identity system, with 50,000 registered identities that come with profiles and globally unique names. Identities can be registered for people, companies, websites, software packages and more. Profiles can contain both private and public information, which is attested to by the user and can be verified by peers and select authorities. “Microsoft will make it easy to deploy new Blockstack servers and infrastructure on the Azure cloud and plans to integrate Blockstack with some internal systems for identity and authentication,” notes the Blockstack blog. “With the Blockstack technology users are in complete control of their usernames and data and don’t need to trust any third party for their information. We appreciate Microsoft’s committed to making the internet a more secure and user-centric place and to promote open-source software development.” In November Bitcoin Magazinereported that Microsoft had partnered with ConsenSys, a blockchain startup focused on Ethereum technology, founded in October 2014 by Ethereum Foundation’s co-founder Joseph Lubin. In December, Microsoft and ConsenSys announced Ethereum Blockchain as a Service (EBaaS) on Microsoft Azure, to provide a single-click cloud-based blockchain developer environment to Azure Enterprise clients and developers. In October, ConsenSys revealed that it was working on an identity management system called uPort . “[We] have started to integrate an ID and persona construct across all of our dApps,” noted the ConsenSys blog. “Soon a uPort persona will enable access to any dApp ConsenSys or other developers build. ConsenSys has begun efforts to work with various partners towards standardization of these components.” The company added that user-owned ID and data will be crucial for realizing the compelling vision of Web 3.0. “We’re also collaborating with ConsenSys on a cross-blockchain solution for global namespaces,” notes the Blockstack blog. “We believe that a global identity system should not be dependent on any particular blockchain and users should be able to migrate from one blockchain to another, if needed. Along these lines, we plan to work with ConsenSys to add Ethereum support to the Blockstack server.” Redmond Magazinenotes that there are many unofficial identity systems in the social media world, including the systems operated by Google, Facebook and Microsoft itself, as well as various emerging blockchain-based platforms that have been proposed for the online world. But the U.N. and the companies that participated in the inaugural ID2020 Summit are more ambitious: They want to develop globally recognized identity systems for the real world. One-fifth of the world’s population ‒ one and a half billion people ‒ are without proper identification, and 50 million children are born every year without a birth certificate and a legal identity. These numbers are growing, which underlines the importance of the U.N. goal of giving everyone on the planet a solid and tamper-proof digital identity based on common, interoperable standards. According to John Farmer, director of technology and civic innovation at Microsoft, blockchain technology can offer three key features to an identity system: It's an immutable, trustless, and transparent agreed-upon network. “[We] can imagine a world where an individual can register their identity in a cross blockchain fashion, providing a single namespace for lookup regardless of blockchain of choice,” concludes the Microsoft announcement. “[We are] excited by the potential societal benefits that can be derived from an identity that transcends borders, blockchains, organizations and companies.”",https://bitcoinmagazine.com/articles/microsoft-building-open-blockchain-based-identity-system-with-blockstack-consensys-1464968713/,,Post,,Meta,,,,,,"Bitcoin,Ethereum",,2016-06-03,,,,,,,,,,,,, -Microsoft,BusinessInsider,,,Isobel Asher Hamilton,,,,,,Microsoft is quietly testing a project that aims to hand people complete control over their online data,"Foley reported that Bali's ""about"" page described itself as a ""new Personal data bank which puts users in control of all data collected about them... The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data.""

It also cited the concept of ""inverse privacy,"" a paper published by Microsoft researchers in 2014. It's the idea that someone else has access to your online data, but you don't.
","- Microsoft is quietly working on a project codenamed ""Bali,"" which could give users much more control over their Personal data. - Bali was first spotted by a Twitter user, and reporters then found what looked like the project's website. - The website described Bali as a ""new Personal data bank which puts users in control of all data collected about them."" - When Business Insider tried to access the site, it had vanished. Microsoft is working on a research project which could give customers vast control over their Personal online data. Microsoft has been quietly testing the idea and even launched a beta website, according to reports. It comes at a time when privacy is high on the agenda following a series of scandals, including Facebook's Cambridge Analytica data breach last year. Reporters first got wind of the project from a tweet. Twitter user ""Longhorn"" said on Wednesday: ""Microsoft Bali is a project that can delete all your connection and account information (inverseprivacyproject). It's currently in private beta still."" ZDNet journalist Mary Jo Foley then found what looked like the Bali website. The site reportedly required a code to sign in, but visitors could request a code. PC Magazine also appears to have visited the site, but when Business Insider followed the link, the website failed to load. Foley reported that Bali's ""about"" page described itself as a ""new Personal data bank which puts users in control of all data collected about them... The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data."" It also cited the concept of ""inverse privacy,"" a paper published by Microsoft researchers in 2014. It's the idea that someone else has access to your online data, but you don't. Business Insider contacted Microsoft for comment.",https://www.businessinsider.com/microsoft-working-on-project-bali-to-give-people-control-over-data-2019-1,,Post,,Meta,,,,,,,,2019-01-04,,,,,,,,,,,,, -Microsoft,Wired,,,,"At its Ignite conference today, Microsoft announced that it will launch a public preview of its “Azure Active Directory verifiable credentials” this spring.",,,,,Microsoft's Dream of Decentralized IDs Enters the Real World,"“Beyond just controlling access, developers can further secure user data by encrypting that data using keys from their decentralized identifiers,"" a Microsoft spokesperson told WIRED in a statement. ""Based on such an approach, a bad actor may gain access to a system or datastore but can’t decrypt the data without keys that reside with individual user.""","For years, tech companies have touted blockchain technology as a means to develop identity systems that are secure and decentralized. The goal is to build a platform that could store information about official data without holding the actual documents or details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralized ID platform might store a validated token that confirms the information in it. Then when you get carded at a bar or need proof of citizenship, you could share those pre-verified credentials instead of the actual document or data. Microsoft has been one of the leaders of this pack—and is now detailing tangible progress toward its vision of a decentralized digital ID. At its Ignite conference today, Microsoft announced that it will launch a public preview of its “Azure Active Directory verifiable credentials” this spring. Think of the platform as a digital wallet like Apple Pay or Google Pay, but for identifiers rather than credit cards. Microsoft is starting with things like university transcripts, diplomas, and professional credentials, letting you add them to its Microsoft Authenticator app along with two-factor codes. It's already testing the platform at Keio University in Tokyo, with the government of Flanders in Belgium, and with the United Kingdom's National Health Service. ""If you have a decentralized identifier I can verify, say, where you went to school, and I don’t need you to send me all of the information,"" says Joy Chik, corporate vice president for Microsoft's cloud and enterprise identity division. “All I need is to get that digital credential and because it’s already been verified I can trust it."" Microsoft will release a software development kit in the coming weeks that organizations can use to start building applications that issue and request credentials. And long-term, the company says, it hopes the system could be used around the world for everything from renting an apartment to establishing identity for refugees who are struggling without documents—a dream of virtually all decentralized identification efforts. In the NHS pilot, for example, health care providers can request access to professional certifications from existing NHS health care workers, who can in turn choose to allow that access, streamlining a process for transferring to another facility that previously required a much more involved back and forth. Under Microsoft's setup, you can also revoke access to your credentials if the recipient no longer needs access. “In the NHS system, at each hospital health care workers go to, it used to take months of effort to verify their credentials before they could practice,"" Chik says. “Now it literally takes five minutes to be enrolled in the hospital and starting to treat patients."" A big hurdle to widespread adoption of a decentralized ID scheme has been interoperability. Having 10 competing frameworks out there wouldn't make things easier for anyone. Currently there are some potential competitors, like an offering from Mastercard that's still in testing. Microsoft's ubiquity potentially makes it a good candidate to rally a critical mass of users. With this in mind, the company developed Azure Active Directory verifiable credentials off of open authentication standards, like the World Wide Web Consortium's WebAuthN. That should make it easier for customers to adopt the platform, and for other tech giants to support its use in their products as well. Currently, Microsoft is working with digital identity partners Acuant, Au10tix, Idemia, Jumio, Socure, Onfido, and Vu Security to pilot the platform, and Chik says the goal is to expand that list quickly over time.",https://www.wired.com/story/microsoft-decentralized-id-blockchain/,,Post,,Meta,,,,,,,,2021-03-02,,,,,,,,,,,,, +Microsoft,BusinessInsider,,,Isobel Asher Hamilton,,,,,,Microsoft is quietly testing a project that aims to hand people complete control over their online data,"Foley reported that Bali's ""about"" page described itself as a ""new Personal data bank which puts users in control of all data collected about them... The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data.""

It also cited the concept of ""inverse privacy,"" a paper published by Microsoft researchers in 2014. It's the idea that someone else has access to your online data, but you don't.","- Microsoft is quietly working on a project codenamed ""Bali,"" which could give users much more control over their Personal data. - Bali was first spotted by a Twitter user, and reporters then found what looked like the project's website. - The website described Bali as a ""new Personal data bank which puts users in control of all data collected about them."" - When Business Insider tried to access the site, it had vanished. Microsoft is working on a research project which could give customers vast control over their Personal online data. Microsoft has been quietly testing the idea and even launched a beta website, according to reports. It comes at a time when privacy is high on the agenda following a series of scandals, including Facebook's Cambridge Analytica data breach last year. Reporters first got wind of the project from a tweet. Twitter user ""Longhorn"" said on Wednesday: ""Microsoft Bali is a project that can delete all your connection and account information (inverseprivacyproject). It's currently in private beta still."" ZDNet journalist Mary Jo Foley then found what looked like the Bali website. The site reportedly required a code to sign in, but visitors could request a code. PC Magazine also appears to have visited the site, but when Business Insider followed the link, the website failed to load. Foley reported that Bali's ""about"" page described itself as a ""new Personal data bank which puts users in control of all data collected about them... The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data."" It also cited the concept of ""inverse privacy,"" a paper published by Microsoft researchers in 2014. It's the idea that someone else has access to your online data, but you don't. Business Insider contacted Microsoft for comment.",https://www.businessinsider.com/microsoft-working-on-project-bali-to-give-people-control-over-data-2019-1,,Post,,Meta,,,,,,,,2019-01-04,,,,,,,,,,,,, +Microsoft,Wired,,,,"At its Ignite conference today, Microsoft announced that it will launch a public preview of its “Azure Active Directory verifiable credentials” this spring.",,,,,Microsoft's Dream of Decentralized IDs Enters the Real World,"Beyond just controlling access, developers can further secure user data by encrypting that data using keys from their decentralized identifiers,' a Microsoft spokesperson told WIRED in a statement. Based on such an approach, a bad actor may gain access to a system or datastore but can’t decrypt the data without keys that reside with individual user.'","For years, tech companies have touted blockchain technology as a means to develop identity systems that are secure and decentralized. The goal is to build a platform that could store information about official data without holding the actual documents or details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralized ID platform might store a validated token that confirms the information in it. Then when you get carded at a bar or need proof of citizenship, you could share those pre-verified credentials instead of the actual document or data. Microsoft has been one of the leaders of this pack—and is now detailing tangible progress toward its vision of a decentralized digital ID. At its Ignite conference today, Microsoft announced that it will launch a public preview of its “Azure Active Directory verifiable credentials” this spring. Think of the platform as a digital wallet like Apple Pay or Google Pay, but for identifiers rather than credit cards. Microsoft is starting with things like university transcripts, diplomas, and professional credentials, letting you add them to its Microsoft Authenticator app along with two-factor codes. It's already testing the platform at Keio University in Tokyo, with the government of Flanders in Belgium, and with the United Kingdom's National Health Service. ""If you have a decentralized identifier I can verify, say, where you went to school, and I don’t need you to send me all of the information,"" says Joy Chik, corporate vice president for Microsoft's cloud and enterprise identity division. “All I need is to get that digital credential and because it’s already been verified I can trust it."" Microsoft will release a software development kit in the coming weeks that organizations can use to start building applications that issue and request credentials. And long-term, the company says, it hopes the system could be used around the world for everything from renting an apartment to establishing identity for refugees who are struggling without documents—a dream of virtually all decentralized identification efforts. In the NHS pilot, for example, health care providers can request access to professional certifications from existing NHS health care workers, who can in turn choose to allow that access, streamlining a process for transferring to another facility that previously required a much more involved back and forth. Under Microsoft's setup, you can also revoke access to your credentials if the recipient no longer needs access. “In the NHS system, at each hospital health care workers go to, it used to take months of effort to verify their credentials before they could practice,"" Chik says. “Now it literally takes five minutes to be enrolled in the hospital and starting to treat patients."" A big hurdle to widespread adoption of a decentralized ID scheme has been interoperability. Having 10 competing frameworks out there wouldn't make things easier for anyone. Currently there are some potential competitors, like an offering from Mastercard that's still in testing. Microsoft's ubiquity potentially makes it a good candidate to rally a critical mass of users. With this in mind, the company developed Azure Active Directory verifiable credentials off of open authentication standards, like the World Wide Web Consortium's WebAuthN. That should make it easier for customers to adopt the platform, and for other tech giants to support its use in their products as well. Currently, Microsoft is working with digital identity partners Acuant, Au10tix, Idemia, Jumio, Socure, Onfido, and Vu Security to pilot the platform, and Chik says the goal is to expand that list quickly over time.",https://www.wired.com/story/microsoft-decentralized-id-blockchain/,,Post,,Meta,,,,,,,,2021-03-02,,,,,,,,,,,,, Microsoft,Microsoft,,,Peggy Johnson,ID2020,,,,,Partnering for a path to digital identity,"As discussions begin this week at the World Economic Forum, creating universal access to identity is an issue at the top of Microsoft’s agenda, and we think technology can be a powerful tool to tackle this challenge. It was last summer that Microsoft took a first step, collaborating with Accenture and Avanade on a blockchain-based identity prototype on Microsoft Azure. Together, we pursued this work in support of the ID2020 Alliance – a global public-private partnership dedicated to aiding the 1.1 billion people around the world who lack any legal form of identity. To say that we were encouraged by its mission would be an understatement. We were inspired by it.","In the U.S. and abroad, fundamental rights and services like voting, healthcare, housing and education are tethered to legal proof of identification – you can’t participate if you don’t have it. Yet nearly one in six people worldwide – the majority of them being women, children and refugees – live without it. The lack of legal documentation not only strips access to critical services, it puts those trapped in the “identity gap” at risk for larger issues including displacement and child trafficking. As discussions begin this week at the World Economic Forum, creating universal access to identity is an issue at the top of Microsoft’s agenda, and we think technology can be a powerful tool to tackle this challenge. It was last summer that Microsoft took a first step, collaborating with Accenture and Avanade on a blockchain-based identity prototype on Microsoft Azure. Together, we pursued this work in support of the ID2020 Alliance – a global public-private partnership dedicated to aiding the 1.1 billion people around the world who lack any legal form of identity. To say that we were encouraged by its mission would be an understatement. We were inspired by it. Today, we are excited to share that we are deepening our commitment to this issue by formally joining ID2020 as a founding member. In addition to a donation of $1 million, we will commit resources and expertise to further develop a secure, portable form of digital identity and help implement it across governments and agencies. In the coming months, Microsoft, our partners in the ID2020 Alliance, and developers around the globe will collaborate on an open source, self-sovereign, blockchain-based identity system that allows people, products, apps and services to interoperate across blockchains, cloud providers and organizations. We will lend the technical expertise of our Identity team to provide guidance as the project scales, empowering people with direct consent over who has access to their Personal information, and when to release and share data. We will also help establish standards that ensure this work is impactful and scalable. Our shared ambition with ID2020 is to start piloting this solution in the coming year to bring it to those who need it most, beginning with refugee populations. Amid a growing refugee crisis, we believe technology can play a powerful role when put in the hands of displaced people and the organizations that are supporting them. Over the last two years, Microsoft Philanthropies has donated $33 million in technology and funding to organizations that aid refugees and empower them to rebuild their lives. Closing the identity gap is an enormous challenge. It will take the work of many committed people and organizations coming together across different geographies, sectors and technologies. But it’s exciting to imagine a world where safe and secure digital identities are possible, providing everyone with an essential building block to every right and opportunity they deserve. Tags: digital identity, ID2020 Alliance",https://blogs.microsoft.com/blog/2018/01/22/partnering-for-a-path-to-digital-identity/,,Post,,Meta,,,,,,,,2018-01-02,,,,,,,,,,,,, -Microsoft,Newswire CA,,,,,,,,,Credivera Joins Microsoft Partner Network as Verifiable Credentials Provider,"Credivera, a global leader in the secure, open exchange of verifiable credentials and digital identity solutions, today announced that it has joined the Microsoft Partner Network. In addition, it has been selected by Microsoft as a Microsoft Entra Verified ID solution provider. Credivera joins a list of internationally based companies in the Microsoft Partner Network who are leading the development of innovative digital identity tools, empowering individuals to completely own and control their unique digital identity. ","Jul 26, 2022, 13:00 ET CALGARY, AB, July 26, 2022 /CNW/ - Credivera, a global leader in the secure, open exchange of verifiable credentials and digital identity solutions, today announced that it has joined the Microsoft Partner Network. In addition, it has been selected by Microsoft as a Microsoft Entra Verified ID solution provider. Credivera joins a list of internationally based companies in the Microsoft Partner Network who are leading the development of innovative digital identity tools, empowering individuals to completely own and control their unique digital identity. Recent market conditions, such as the emerging world of decentralized identity, the remote nature of today's global workforce, and the troubling increase in widespread identity theft, uniquely position Credivera as a trusted source of truth, supporting businesses and enterprises everywhere as they look to automate the verification of identity credentials for their workforce. ""We are in the business of verifiable career credentials and today's announcement is a major milestone for the entire Credivera team as we respond to the urgent demand for trusted digital identity and open standard solutions that enable secure, private information sharing. We're excited to represent Canada on a global stage within the Microsoft Partner Network alongside an esteemed list of companies and will continue to deliver innovative digital identity solutions for the workforce that return power and control into the hands of the individual, allowing each of us to own what we know and share what we want."" said Dan Giurescu, Credivera co-founder and Chief Executive Officer. Credivera's technology platform is built using Microsoft Azure SQL Database, Azure Active Directory, and is integrated with Microsoft Dynamics 365 Business Central and Power BI. Credivera also integrates with third-party HR and Safety programs, meaning that an individual's digital credentials, that are available in a Credivera digital wallet, are always accessible, always on, and always true for multiple contexts and scenarios. Beyond the advantages for individuals, key organizational benefits of the solution include enhanced systems productivity, a scalable global reach, definitive trust in fraud-free, valid workforce credentials, and eliminating any possibility of liability and risk. To learn more about how our digital identity verifications solutions can work for you, visit credivera.com/the-exchange/verifiable-credentials. To learn more about the Microsoft Partner Network, please visit partner.Microsoft.com. TerraHub Technologies Inc., known as Credivera commercially, is the world's first secure, open exchange for verifiable credentials. A leader in workforce management and digital identity, Credivera gives employees, employers, and organizations that issue credentials increased productivity and control of how important credentials are stored and shared. The Credivera Exchange optimizes Personal privacy and trust with up-to-date verifiable credentials secured in a digital wallet, resulting in reduced risk for all. Founded in 2017, with offices in Toronto and Calgary, Credivera supports regulated industries and global technology firms in over 30 countries worldwide. Get more out of what you know at credivera.com. Website: credivera.com LinkedIn: Credivera Twitter: @crediveratech SOURCE TerraHub Technologies Inc. For further information: Credivera Investor Relations, Steve Guevarra, Chief Financial Officer, [email protected], 1.832.701.0273",https://www.newswire.ca/news-releases/credivera-joins-microsoft-partner-network-as-verifiable-credentials-provider-857742185.html,,Press,,Meta,,,,,,,,,,,,,,,,,,,,, +Microsoft,Newswire CA,,,,,,,,,Credivera Joins Microsoft Partner Network as Verifiable Credentials Provider,"Credivera, a global leader in the secure, open exchange of verifiable credentials and digital identity solutions, today announced that it has joined the Microsoft Partner Network. In addition, it has been selected by Microsoft as a Microsoft Entra Verified ID solution provider. Credivera joins a list of internationally based companies in the Microsoft Partner Network who are leading the development of innovative digital identity tools, empowering individuals to completely own and control their unique digital identity. ","Jul 26, 2022, 13:00 ET CALGARY, AB, July 26, 2022 /CNW/ - Credivera, a global leader in the secure, open exchange of verifiable credentials and digital identity solutions, today announced that it has joined the Microsoft Partner Network. In addition, it has been selected by Microsoft as a Microsoft Entra Verified ID solution provider. Credivera joins a list of internationally based companies in the Microsoft Partner Network who are leading the development of innovative digital identity tools, empowering individuals to completely own and control their unique digital identity. Recent market conditions, such as the emerging world of decentralized identity, the remote nature of today's global workforce, and the troubling increase in widespread identity theft, uniquely position Credivera as a trusted source of truth, supporting businesses and enterprises everywhere as they look to automate the verification of identity credentials for their workforce. ""We are in the business of verifiable career credentials and today's announcement is a major milestone for the entire Credivera team as we respond to the urgent demand for trusted digital identity and open standard solutions that enable secure, private information sharing. We're excited to represent Canada on a global stage within the Microsoft Partner Network alongside an esteemed list of companies and will continue to deliver innovative digital identity solutions for the workforce that return power and control into the hands of the individual, allowing each of us to own what we know and share what we want."" said Dan Giurescu, Credivera co-founder and Chief Executive Officer. Credivera's technology platform is built using Microsoft Azure SQL Database, Azure Active Directory, and is integrated with Microsoft Dynamics 365 Business Central and Power BI. Credivera also integrates with third-party HR and Safety programs, meaning that an individual's digital credentials, that are available in a Credivera digital wallet, are always accessible, always on, and always true for multiple contexts and scenarios. Beyond the advantages for individuals, key organizational benefits of the solution include enhanced systems productivity, a scalable global reach, definitive trust in fraud-free, valid workforce credentials, and eliminating any possibility of liability and risk. To learn more about how our digital identity verifications solutions can work for you, visit credivera.com/the-exchange/verifiable-credentials. To learn more about the Microsoft Partner Network, please visit partner.Microsoft.com. TerraHub Technologies Inc., known as Credivera commercially, is the world's first secure, open exchange for verifiable credentials. A leader in workforce management and digital identity, Credivera gives employees, employers, and organizations that issue credentials increased productivity and control of how important credentials are stored and shared. The Credivera Exchange optimizes Personal privacy and trust with up-to-date verifiable credentials secured in a digital wallet, resulting in reduced risk for all. Founded in 2017, with offices in Toronto and Calgary, Credivera supports regulated industries and global technology firms in over 30 countries worldwide",https://www.newswire.ca/news-releases/credivera-joins-microsoft-partner-network-as-verifiable-credentials-provider-857742185.html,,Press,,Meta,,,,,,,,,,,,,,,,,,,,, Microsoft,Microsoft,,,,Condatis,,,,,Condatis revolutionizes staff management with Microsoft Entra Verified ID,"At Edinburgh-based Condatis, as more employees transition from a hybrid work model to a full return to the office, they’re being greeted by a new, intuitive sign-in experience built on virtual, verifiable credentials that provide value-added access to office spaces and services. Whether someone is being onboarded, coming in as a temporary hire, or visiting a staff member, each person will see that some doors in the office will be open for them, and others won’t.",Microsoft customer stories See how Microsoft tools help companies run their business. Microsoft,https://customers.microsoft.com/en-us/story/1508854534910834689-condatis-partner-professional-services-entra-verified-id,,Testimonial,,Meta,,,,,,,Verifiable Credentials,2023-01-01,,,,,,,,,,,,, Microsoft,Microsoft,,,,,,,,,Decentralized Identity Own and control your identity,"Microsoft cloud identity systems already empower developers, organizations, and billions of people to work, play, and achieve more, but there’s so much more we can do to create a world where each of us, even in displaced populations, can pursue our life goals, including educating our children, improving our quality of life, and starting a business.To achieve this vision, we need to augment existing cloud identity systems with one that individuals, organizations, and devices can own so they can control their digital identity and data. This self-owned identity must seamlessly integrate into our daily lives, providing complete control over what we share and with whom we share it, and—when necessary—provide the ability to take it back. Instead of granting broad consent to countless apps and services and spreading their identity data across numerous providers, individuals need a secure, encrypted digital hub where they can store their identity data and easily control access to it.",,https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/re2djfy,,Whitepaper,,Meta,,,,,,,,2018,,,,,,,,,,,,, Microsoft,Microsoft,,Microsoft Entra Verified ID documentation,,,,,,,Azure AD Verifiable Credentials architecture overview (preview),"It’s important to plan your verifiable credential solution so that in addition to issuing and or validating credentials, you have a complete view of the architectural and business impacts of your solution. If you haven’t reviewed them already, we recommend you review Introduction to Microsoft Entra Verified ID and the FAQs, and then complete the Getting Started tutorial.

This architectural overview introduces the capabilities and components of the Microsoft Entra Verified ID service. ","Microsoft Entra Verified ID architecture overview Note Azure Active Directory Verifiable Credentials is now Microsoft Entra Verified ID and part of the Microsoft Entra family of products. Learn more about the Microsoft Entra family of identity solutions and get started in the unified Microsoft Entra admin center. It’s important to plan your verifiable credential solution so that in addition to issuing and or validating credentials, you have a complete view of the architectural and business impacts of your solution. If you haven’t reviewed them already, we recommend you review Introduction to Microsoft Entra Verified ID and the FAQs, and then complete the Getting Started tutorial. This architectural overview introduces the capabilities and components of the Microsoft Entra Verified ID service. For more detailed information on issuance and validation, see Approaches to identity Today most organizations use centralized identity systems to provide employees credentials. They also use various methods to bring customers, partners, vendors, and relying parties into the organization’s trust boundaries. These methods include federation, creating and managing guest accounts with systems like Azure AD B2B, and creating explicit trusts with relying parties. Most business relationships have a digital component, so enabling some form of trust between organizations requires significant effort. Centralized identity systems Centralized approaches still work well in many cases, such as when applications, services, and devices rely on the trust mechanisms used within a domain or trust boundary. In centralized identity systems, the identity provider (IDP) controls the lifecycle and usage of credentials. However, there are scenarios where using a decentralized architecture with verifiable credentials can provide value by augmenting key scenarios such as secure onboarding of employees’ and others’ identities, including remote scenarios. access to resources inside the organizational trust boundary based on specific criteria. accessing resources outside the trust boundary, such as accessing partners’ resources, with a portable credential issued by the organization. Decentralized identity systems In decentralized identity systems, control of the lifecycle and usage of the credentials is shared between the issuer, the holder, and relying party consuming the credential. Consider the scenario in the diagram below where Proseware, an e-commerce website, wants to offer Woodgrove employees corporate discounts. Terminology for verifiable credentials (VCs) might be confusing if you're not familiar with VCs. The following definitions are from the Verifiable Credentials Data Model 1.0 terminology section. After each, we relate them to entities in the preceding diagram. “An issuer is a role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder.” - In the preceding diagram, Woodgrove is the issuer of verifiable credentials to its employees. “A holder is a role an entity might perform by possessing one or more verifiable credentials and generating presentations from them. A holder is usually, but not always, a subject of the verifiable credentials they are holding. Holders store their credentials in credential repositories.” - In the preceding diagram, Alice is a Woodgrove employee. They obtained a verifiable credential from the Woodgrove issuer, and is the holder of that credential. “A verifier is a role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Other specifications might refer to this concept as a relying party.” - In the preceding diagram, Proseware is a verifier of credentials issued by Woodgrove. “A credential is a set of one or more claims made by an issuer. A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.” “A decentralized identifier is a portable URI-based identifier, also known as a DID, associated with an entity. These identifiers are often used in a verifiable credential and are associated with subjects, issuers, and verifiers.”. - In the preceding diagram, the public keys of the actor’s DIDs are made available via trust system (Web or ION). “A decentralized identifier document, also referred to as a DID document, is a document that is accessible using a verifiable data registry and contains information related to a specific decentralized identifier, such as the associated repository and public key information.” In the scenario above, both the issuer and verifier have a DID, and a DID document. The DID document contains the public key, and the list of DNS web domains associated with the DID (also known as linked domains). Woodgrove (issuer) signs their employees’ VCs with its private key; similarly, Proseware (verifier) signs requests to present a VC using its key, which is also associated with its DID. A trust system is the foundation in establishing trust between decentralized systems. It can be a distributed ledger or it can be something centralized, such as DID Web. “A distributed ledger is a non-centralized system for recording events. These systems establish sufficient confidence for participants to rely upon the data recorded by others to make operational decisions. They typically use distributed databases where different nodes use a consensus protocol to confirm the ordering of cryptographically signed transactions. The linking of digitally signed transactions over time often makes the history of the ledger effectively immutable.” - The Microsoft solution uses the Identity Overlay Network (ION) to provide decentralized public key infrastructure (PKI) capability. As an alternative to ION, Microsoft also offers DID Web as the trust system. Combining centralized and decentralized identity architectures When you examine a verifiable credential solution, it's helpful to understand how decentralized identity architectures can be combined with centralized identity architectures to provide a solution that reduces risk and offers significant operational benefits. The user journey This architectural overview follows the journey of a job candidate and employee, who applies for and accepts employment with an organization. It then follows the employee and organization through changes where verifiable credentials can augment centralized processes. Actors in these use cases Alice, a person applying for and accepting employment with Woodgrove, Inc. Woodgrove, Inc, a fictitious company. Adatum, Woodgrove’s fictitious identity verification partner. Proseware, Woodgrove’s fictitious partner organization. Woodgrove uses both centralized and decentralized identity architectures. Steps in the user journey Alice applying for, accepting, and onboarding to a position with Woodgrove, Inc. Accessing digital resources within Woodgrove’s trust boundary. Accessing digital resources outside of Woodgrove’s trust boundary without extending Woodgrove or partners’ trust boundaries. As Woodgrove continues to operate its business, it must continually manage identities. The use cases in this guidance describe how Alice can use self-service functions to obtain and maintain their identifiers and how Woodgrove can add, modify, and end business-to-business relationships with varied trust requirements. These use cases demonstrate how centralized identities and decentralized identities can be combined to provide a more robust and efficient identity and trust strategy and lifecycle. User journey: Onboarding to Woodgrove Awareness: Alice is interested in working for Woodgrove, Inc. and visits Woodgrove’s career website. Activation: The Woodgrove site presents Alice with a method to prove their identity by prompting them with a QR code or a deep link to visit its trusted identity proofing partner, Adatum. Request and upload: Adatum requests proof of identity from Alice. Alice takes a selfie and a driver’s license picture and uploads them to Adatum. Issuance: Once Adatum verifies Alice’s identity, Adatum issues Alice a verifiable credential (VC) attesting to their identity. Presentation: Alice (the holder and subject of the credential) can then access the Woodgrove career portal to complete the application process. When Alice uses the VC to access the portal, Woodgrove takes the roles of verifier and the relying party, trusting the attestation from Adatum. Distributing initial credentials Alice accepts employment with Woodgrove. As part of the onboarding process, an Azure Active Directory (AD) account is created for Alice to use inside of the Woodgrove trust boundary. Alice’s manager must figure out how to enable Alice, who works remotely, to receive initial sign-in information in a secure way. In the past, the IT department might have provided those credentials to their manager, who would print them and hand them to Alice. This doesn’t work with remote employees. VCs can add value to centralized systems by augmenting the credential distribution process. Instead of needing the manager to provide credentials, Alice can use their VC as proof of identity to receive their initial username and credentials for centralized systems access. Alice presents the proof of identity they added to their wallet as part of the onboarding process. In the onboarding use case, the trust relationship roles are distributed between the issuer, the verifier, and the holder. The issuer is responsible for validating the claims that are part of the VC they issue. Adatum validates Alice’s identity to issue the VC. In this case, VCs are issued without the consideration of a verifier or relying party. The holder possesses the VC and initiates the presentation of the VC for verification. Only Alice can present the VCs she holds. The verifier accepts the claims in the VC from issuers they trust and validate the VC using the decentralized ledger capability described in the verifiable credentials data model. Woodgrove trusts Adatum’s claims about Alice’s identity. By combining centralized and decentralized identity architectures for onboarding, privileged information about Alice necessary for identity verification, such as a government ID number, need not be stored by Woodgrove, because they trust that Alice’s VC issued by the identity verification partner (Adatum) confirms their identity. Duplication of effort is minimized, and a programmatic and predictable approach to initial onboarding tasks can be implemented. User journey: Accessing resources inside the trust boundary As an employee, Alice is operating inside of the trust boundary of Woodgrove. Woodgrove acts as the identity provider (IDP) and maintains complete control of the identity and the configuration of the apps Alice uses to interact within the Woodgrove trust boundary. To use resources in the Azure AD trust boundary, Alice provides potentially multiple forms of proof of identification to sign in Woodgrove’s trust boundary and access the resources inside of Woodgrove’s technology environment. This is a typical scenario that is well served using a centralized identity architecture. Woodgrove manages the trust boundary and using good security practices provides the least-privileged level of access to Alice based on the job performed. To maintain a strong security posture, and potentially for compliance reasons, Woodgrove must also be able to track employees’ permissions and access to resources and must be able to revoke permissions when the employment is terminated. Alice only uses the credential that Woodgrove maintains to access Woodgrove resources. Alice has no need to track when the credential is used since the credential is managed by Woodgrove and only used with Woodgrove resources. The identity is only valid inside of the Woodgrove trust boundary when access to Woodgrove resources is necessary, so Alice has no need to possess the credential. Using VCs inside the trust boundary Individual employees have changing identity needs, and VCs can augment centralized systems to manage those changes. While employed by Woodgrove Alice might need gain access to resources based on meeting specific requirements. For example, when Alice completes privacy training, she can be issued a new employee VC with that claim, and that VC can be used to access restricted resources. VCs can be used inside of the trust boundary for account recovery. For example, if the employee has lost their phone and computer, they can regain access by getting a new VC from the identity verification service trusted by Woodgrove, and then use that VC to get new credentials. User journey: Accessing external resources Woodgrove negotiates a product purchase discount with Proseware. All Woodgrove employees are eligible for the discount. Woodgrove wants to provide Alice a way to access Proseware’s website and receive the discount on products purchased. If Woodgrove uses a centralized identity architecture, there are two approaches to providing Alice the discount: Alice could provide Personal information to create an account with Proseware, and then Proseware would have to verify Alice’s employment with Woodgrove. Woodgrove could expand their trust boundary to include Proseware as a relying party and Alice could use the extended trust boundary to receive the discount. With decentralized identifiers, Woodgrove can provide Alice with a verifiable credential (VC) that Alice can use to access Proseware’s website and other external resources. By providing Alice the VC, Woodgrove is attesting that Alice is an employee. Woodgrove is a trusted VC issuer in Proseware’s validation solution. This trust in Woodgrove’s issuance process allows Proseware to electronically accept the VC as proof that Alice is a Woodgrove employee and provide Alice the discount. As part of validation of the VC Alice presents, Proseware checks the validity of the VC by using the trust system. In this solution: Woodgrove enables Alice to provide Proseware proof of employment without Woodgrove having to extend its trust boundary. Proseware doesn’t need to expand their trust boundary to validate Alice is an employee of Woodgrove. Proseware can use the VC that Woodgrove provides instead. Because the trust boundary isn’t expanded, managing the trust relationship is easier, and Proseware can easily end the relationship by not accepting the VCs anymore. Alice doesn’t need to provide Proseware Personal information, such as an email. Alice maintains the VC in a wallet application on a Personal device. The only person that can use the VC is Alice, and Alice must initiate usage of the credential. Each usage of the VC is recorded by the wallet application, so Alice has a record of when and where the VC is used. By combining centralized and decentralized identity architectures for operating inside and outside of trust boundaries, complexity and risk can be reduced and limited relationships become easier to manage. Changes over time Woodgrove will add and end business relationships with other organizations and will need to determine when centralized and decentralized identity architectures are used. By combining centralized and decentralized identity architectures, the responsibility and effort associated with identity and proof of identity is distributed, risk is reduced, and the user doesn't risk releasing their private information as often or to as many unknown verifiers. Specifically: - In centralized identity architectures, the IDP issues credentials and performs verification of those issued credentials. Information about all identities is processed by the IDP, either storing them in or retrieving them from a directory. IDPs may also dynamically accept security tokens from other IDP systems, such as social sign-ins or business partners. For a relying party to use identities in the IDP trust boundary, they must be configured to accept the tokens issued by the IDP. How decentralized identity systems work In decentralized identity architectures, the issuer, user, and relying party (RP) each have a role in establishing and ensuring ongoing trusted exchange of each other’s credentials. The public keys of the actors’ DIDs are resolvable via the trust system, which allows signature validation and therefore trust of any artifact, including a verifiable credential. Relying parties can consume verifiable credentials without establishing trust relationships with the issuer. Instead, the issuer provides the subject a credential to present as proof to relying parties. All messages between actors are signed with the actor’s DID; DIDs from issuers and verifiers also need to own the DNS domains that generated the requests. For example: When VC holders need to access a resource, they must present the VC to that relying party. They do so by using a wallet application to read the RP’s request to present a VC. As a part of reading the request, the wallet application uses the RP’s DID to find the RPs public keys using the trust system, validating that the request to present the VC hasn't been tampered with. The wallet also checks that the DID is referenced in a metadata document hosted in the DNS domain of the RP, to prove domain ownership. Flow 1: Verifiable credential issuance In this flow, the credential holder interacts with the issuer to request a verifiable credential as illustrated in the following diagram The holder starts the flow by using a browser or native application to access the issuer’s web frontend. There, the issuer website drives the user to collect data and executes issuer-specific logic to determine whether the credential can be issued, and its content.) The issuer web frontend calls the Entra Verified ID service to generate a VC issuance request. The web frontend renders a link to the request as a QR code or a device-specific deep link (depending on the device). The holder scans the QR code or deep link from step 3 using a Wallet app such as Microsoft Authenticator The wallet downloads the request from the link. The request includes: DID of the issuer. This is used by the wallet app to resolve via the trust system to find the public keys and linked domains. URL with the VC manifest, which specifies the contract requirements to issue the VC. This can include id_token, self-attested attributes that must be provided, or the presentation of another VC. Look and feel of the VC (URL of the logo file, colors, etc.). The wallet validates the issuance requests and processes the contract requirements: Validates that the issuance request message is signed by the issuer’ keys found in the DID document resolved via the trust system. This ensures that the message hasn't been tampered with. Validates that the DNS domain referenced in the issuer’s DID document is owned by the issuer. Depending on the VC contract requirements, the wallet might require the holder to collect additional information, for example asking for self-issued attributes, or navigating through an OIDC flow to obtain an id_token. Submits the artifacts required by the contract to the Entra Verified ID service. The Entra Verified ID service returns the VC, signed with the issuer’s DID key and the wallet securely stores the VC. For detailed information on how to build an issuance solution and architectural considerations, see Plan your Microsoft Entra Verified ID issuance solution. Flow 2: Verifiable credential presentation In this flow, a holder interacts with a relying party (RP) to present a VC as part of its authorization requirements. The holder starts the flow by using a browser or native application to access the relying party’s web frontend. The web frontend calls the Entra Verified ID service to generate a VC presentation request. The web frontend renders a link to the request as a QR code or a device-specific deep link (depending on the device). The holder scans the QR code or deep link from step 3 using a wallet app such as Microsoft Authenticator The wallet downloads the request from the link. The request includes: a standards based request for credentials of a schema or credential type. the DID of the RP, which the wallet looks up in the trust system. The wallet validates that the presentation request and finds stored VC(s) that satisfy the request. Based on the required VCs, the wallet guides the subject to select and consent to use the VCs.After the subject consents to use of the VC, the wallet generates a unique pairwise DID between the subject and the RP. Then, the wallet sends a presentation response payload to the Entra Verified ID service signed by the subject. It contains: The VC(s) the subject consented to. The pairwise DID generated as the “subject” of the payload. The RP DID as the “audience” of the payload. The Entra Verified ID service validates the response sent by the wallet. Depending on how the original presentation request was created in step 2, this validation can include checking the status of the presented VC with the VC issuer for cases such as revocation. Upon validation, the Entra Verified ID service calls back the RP with the result. For detailed information on how to build a validation solution and architectural considerations, see Plan your Microsoft Entra Verified ID verification solution. Key Takeaways Decentralized architectures can be used to enhance existing solutions and provide new capabilities. To deliver on the aspirations of the Decentralized Identity Foundation (DIF) and W3C Design goals, the following should be considered when creating a verifiable credential solution: There are no central points of trust establishment between actors in the system. That is, trust boundaries aren't expanded through federation because actors trust specific VCs. The trust system enables the discovery of any actor’s decentralized identifier (DID). The solution enables verifiers to validate any verifiable credentials (VCs) from any issuer. The solution doesn't enable the issuer to control authorization of the subject or the verifier (relying party). The actors operate in a decoupled manner, each capable of completing the tasks for their roles. Issuers service every VC request and don't discriminate on the requests serviced. Subjects own their VC once issued and can present their VC to any verifier. Verifiers can validate any VC from any subject or issuer. Next steps Learn more about architecture for verifiable credentials",https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/introduction-to-verifiable-credentials-architecture,,Docs,,Product,,,,,,Entra,,,,,,,,,,,,,,,