Decentralized identity explained

An explainer by Microsoft Security on how decentralized identity gives users more control over their digital credentials, covering the problems with current digital identifiers, how Verifiable Credentials and Decentralized Identifiers work, and what this means for privacy online.

This transcript is an accessible copy of the original video transcript (opens in a new tab) published by Microsoft Security. It has been lightly edited for readability.

The problem with digital credentials (0:02)

Every day, we carry wallets full of cards. However, only a select few — like government IDs and credit cards — are widely accepted. Our society has established global norms for how we present and verify the credentials these physical cards represent. But there's no real equivalent for digital credentials.

Why not? First, there's no standard mechanism for issuing digital cards. To issue universally acceptable digital cards or credentials, we need digital identifiers that individuals can own independent of any entity, organization, or institution. Currently, we use email addresses and phone numbers as identifiers to access websites and apps. But our access to these identifiers, and our personal information, is at the mercy of service providers who can revoke them at any time.

Secondly, there are no universally accepted standards for expressing, exchanging, and verifying digital credentials across organizational boundaries.

How decentralized identity works (1:03)

This is all about to change. A new form of digital identity, based on emerging standards such as Verifiable Credentials and Decentralized Identifiers, can enable digital credentials to work everywhere, be more trustworthy, and respect privacy.

Here's how it works. Meet Alice. Her new digital wallet empowers her to own and control credentials. Since it's not tied to any one organization, authoritative sources can confidently issue standards-based credentials to Alice. When Alice presents these credentials, websites and apps can check that they're valid — for example, by confirming with a university that she's a student there — and then grant access accordingly.

Cryptographic trust (1:51)

While this process may be easier, how do we know it's trustworthy? Decentralized Identifiers leverage proven cryptographic systems. When Alice presents her credentials, her digital wallet generates a unique identifier and signs it using a private key secured by a biometric proof or PIN that only she knows. The uniquely paired public key is published to a distributed ledger.

Alice can present her digital student ID card to a bookstore, and before granting a discount, the bookstore can confirm that the university issued the card to Alice.

Privacy and control (2:27)

This experience mimics what Alice does today. She can digitally present and authenticate a set of Verifiable Credentials just as she would present a physical card. And she can revoke them with a single click, just as she would return a card to her wallet.

Best of all, these digital cards are private. This puts Alice in sole control of her digital identity — she makes the decisions for it. Verifiable Credentials will make it easier to stay in control and help unlock a more trustworthy internet that respects privacy for all of us.