KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Blockchains possess unique properties that can be used to build systems that significantly impact our world. Perhaps no area of utilization, besides raw value exchange, is as intriguing as decentralized identity. In this talk we will discuss how blockchain-anchored decentralized identity can be used as a substrate for secure, user-centric apps and services.
Blockchains possess unique properties that can be used to build systems that significantly impact our world. Perhaps no area of utilization, besides raw value exchange, is as intriguing as decentralized identity. In this talk we will discuss how blockchain-anchored decentralized identity can be used as a substrate for secure, user-centric apps and services.
Great. It's good to be here. I can talk to you a little bit about the blockchain work we're doing specific to identity on the identity team. We do have another group at Microsoft. That's working on a slightly different blockchain based implementations, mostly the, the private and permission, industrial chain consortium type stuff. We're we're on the identity side. Take a little bit different tact. Yeah.
So I'll talk to you a little bit about obviously the base technology, but I want you to kind of open your mind a little bit about what identity really means in this blockchain sphere, because I think it's beyond just claims it's beyond data stations. It actually is not just the control plane, but, but maybe the very layer that we build the centralized apps, absence services on, in the future. So why do I believe?
Well, I joined Microsoft's identity division specifically to do this, having worked at Mozilla for five years, and that's because I'm a firm believer in open source. I think it's important for these, these underlying bits of technology to be out there and available as broadly as possible.
Next, you know, for some qualifications, I bought my first Bitcoin a few Bitcoins at $4. Don't get excited. I bought four at $4, cuz I, I thought it could really fundamentally transform economic value transfer and it has next I'm. I'm passionate about putting users in control of their lives in, in all phases. And I think this, this system gives us an unprecedented opportunity to do so. It kind of puts the last Keystone in from a lot of existing systems that could do pretty close to what it could do.
But, but this adds that last little bit. And lastly, Microsoft recognizes as a chance to do good, but also we think it could be huge wins for our customers. So there has to be some, some monetary reason, right? To do some things, to just keep the business going. We think it's a great marriage of both. So I'm gonna give you a three point thesis of blockchain.
I, I think it's a little different than other people may, may talk about in the industry. You know, you're, you're gonna hear people talk about putting anything on a blockchain, all sorts of apps and services. I take a practical stance on this. I think a blockchain's very good at a few things. It's really awful at a lot of things. So one blockchain's the anchor. It may not be much more than that. Two decentralized identity really truly is the platform. And three is a little different maybe perfect information is the true app and service revolution. And I'm talking about in the economic sense.
So all the stuff you see on this slide, you've probably heard everyone in the blockchain arena talking about how it's gonna solve all these things. I don't, I don't agree. I don't agree that a transactional blockchain based solution is really the solution of these problems because they're primarily identity problems. Things like property records. I know there's a couple countries doing this right now. This is not a blockchain problem, right? Like if you're looking for something mutable that acts a lot like a database where you sign things, I would not look at a blockchain.
So what I'm going to posit to you is that everything on this slide can be done with the blockchain, but indirectly through a layer two and make the statement that blockchain anchored identifiers linked to these things that we like to call identity hubs in coded with semantic data are the true auger upon which a new breed of absent services will grow. So what do we use the blockchain for just a quick run through if anyone's not familiar, blockchain's really, really good at a few things. It's a chronologically ordered history.
That's backed by crypto puts existing systems that we had for years together in kind of this beautiful package that did something pretty novel. And then how do we use that in the identity system that we're building while each transaction in store a small bit of data, whether, you know, you're sending a million dollars with the Bitcoin or 1 cent. So you can use that to encode values that can be interpreted in a layer too. And so that's what we're doing, working with a, a ton of open source partners. You're gonna hear big announcements about this at consensus on May 22nd.
And we're, we're approaching it as a multi chain solution. So this system is agnostic to any particular blockchain. It works on both public chains that you're aware of private chains that people wanna run in their, in their enterprise. And it doesn't really care. So what allows you to do is embed identifiers, either friendly or unfriendly identifiers across any chain you choose and then use those identifiers to link to off chain data. We think that 95% of what those use cases you saw in the previous slide are, are really off chain, identity, back transactions.
So this is a little bit, you know, really high level overview of what's coming, but essentially you have a blockchain, you have an index and registry of IDs, those IDs linked to off chain resources, these instances of your personal mesh, your identity hubs, and the reason why you can trust it off chain. You don't need to put everything on chain is because you can sign the data off chain. If it doesn't match the keys that were used to sign it, then the person can understand that the data wasn't from you.
So what do these things do while they the replicated off chain storage of your data in the cloud and on your edge devices in the cloud, it's not trusted. We take an end, end an end and encryption approach trust no one by default.
So Azure, while it could act and will act as one of these identity hubs doesn't have access to any data you don't give it in plain text. That data is stored. Generally speaking on your client devices, data access is determined solely by the user you're in control hub. Providers can only access what you allow us to all hubs, regardless of how they're coded, whether it's Python and then backed by big table for Google or it's C sharp and backed by document DB on Azure, or run your own through a Docker install.
They all speak the same rest API that's self-describing and one and maps one to one to existing schemes that are already used in industry. These decentralized that he's paired with this self-describing API create this massive new web of intended public data. I say intended because you know, people might get scared and say, Hey, you know, you're looking at identifiers on a chain and there's data tied to them.
But again, you can't get anything that they don't want you to have, but it does allow you at least ask, which is a huge benefit when you're talking about absence services. So what, what does it create?
How, how do you actually crawl through this data so efficiently? Well, this is a little bit of, of the API right here.
We're, we're hopefully abusing well known, but if you look past that, essentially every piece of data that goes into your hub is encoded in the scheme that it's intended. So if you take, for instance, the HL seven fire schema, that's commonly used in medical. A lot of these companies already encode their data in the same exact structure, but they don't. Interate why they don't know where to ask. They don't know how to get it, and it's not expected. We're gonna give that to 'em. So if you take a, if you think about on that last slide, there was a schema org offer object.
This is kind of trying to apply this to a consumer space right now, you know, in the states. And I don't know here, if you use the same thing, but there's Craigslist, second hand market people trying to sell their car or a couch or something else. How that looks today on, on the left hand side of this is you go onto a site, you input your data, you go through the Craigslist blockchain, or, and you can only basically use their app unless you're using some sort of scraper. So it's a silo.
And what we think is gonna happen in, in the future and why all those things you saw on that slide can be done through identity is, you know, maybe you take that same exact data that you were trying to do to sell your car with. And you put it in your identity hub at a known location and you make it public. And then crawlers can come around at a high rate of speed and pick up that data and represent in any, any sort of app interface you want. This is a disintermediate force. Think of things like Airbnb, Uber, Lyft.
I'm not saying these things are gonna go away, but they might have to change their models. They might have to accept the fact that they may not own your core data. And then all they need to focus on is value delivery. So what does that look like for, for Microsoft? Let's like bring it home to something that we could actually use it on sooner than later.
LinkedIn, if you think about what LinkedIn is, it's really just this huge store of unattested data. You're just saying you did things.
You know, I work at Microsoft, I went to a certain university and that's valuable. It has network effect and, and people trust it, but they still have to verify it when you go through employment and all that other stuff. So we think that situation can be made a little bit better if we give people back a lot of their data, which is already public, you know, your LinkedIn profile is visible. If you wanted to take that data and put it somewhere else you could. So we're not scared of that. The network affected the system is, is what people come for.
But, but in this image, you can see that Jane maybe has her own ID. And so does the university she went to, and now they can sign a digital proof, an attestation that says she has the diploma for the degree she had. And that goes in her identity hub, LinkedIn becomes sort of this layer for view. It does certain business intelligence things. It helps recruiters and we get to a stronger assurance that Jane has that degree. And we can make that known to Tom, the recruiter and that increases the value per user of LinkedIn.
So another thing to think about why are we maybe not scared in, in the identity management space? Well, the, the interesting thing about decentralized identities is that they adhere to things like GDPR almost naturally in some ways, because you know, it's all about user choice. You have to get consent every time. I'm not saying it's a hundred percent solution outta the box, but it's a lot closer than some other systems. But another unique property is that they're all kind of separate. They don't trust anyone by default. There's no rules or hierarchies at their base.
So they need something that will do that for them. So if you are maybe an enterprise, we can envision a future where ad and our identity experience engine are now educated about these new types of identities. There's no reason ad couldn't manage a decentralized identity with its own identity hub, the same way it could manage a federated identity. Same goes for these private permission, blockchains that you see around, right?
Like, is the future gonna be 10,000 private blockchains everywhere? And you know, regulators are all running 50 chains. I'm not sure. We'll see if that does happen. They're probably gonna need a transitory layer in between them so they can talk to each other. And I think identity's probably a good candidate for that In the end, we're building something larger than the internet we have today. Back in the napkin.
Math says that if you, if you converted all people on the planet that have some sort of digital representation, all IOT devices and these other things that we could connect as identities, you get a web that's 200 times larger than the web you have today. And that's an unprecedented torrent of real time data that you can crawl to do almost anything. And while still preserving privacy and security I should add.
And what that really gives you is this universal substrate for interoperability and the delivery of new types of apps and services, where maybe all you need to write is a, is a client application. You don't even need a server cuz you can form up that view using data people allow you to have. So that's my thesis. I think that we're heading towards a world of decentralized apps and services. I think identity's actually gonna be the platform and I'm excited to build it open source and introduce it to you shortly 20. Eighteen's gonna be a good time. Thank you. Thank you very much, Daniel.
So can you give us some details on, on how to integrate your second layer or your, your infrastructure layer for blockchain? So what do I need to do as a technology provider? Yeah.
To, to make use of that. Okay. So you know, what we're trying to do is have the identity hubs they'll come out as like a Docker image that you could run. If you just wanted to run something that will scale to a certain level, we'll obviously implement them as well on our side, probably more deeply if you're downstream and you want to be able to interface with these things, it's a simple rest API. Unlike a lot of the chain solutions you'll hear about externally, you know, writing in bespoke languages and teaching your developers, all these new processes, really.
They just have to know core cryptography and, and where to look in the API structure. So there's some specs that we can make available and it's, it's really, it's as simple as integrating most rest based services are today. Okay.
So, but it doesn't that does that mean that the people using it are not part of the ledger? So, so, so will they interface using rest API? They're not part of the, the blockchain themselves, right?
So they, they're not storing all the ledger as a, as a, as a No, you wouldn't have to A, of the, Let's say I wanted to get your favorite color. Right.
You know, that's a, maybe a protected value you're really protected for your favorite color. Okay. So I have to ask permission for that. And I have my own ID, Dan, that ID. And so you assign permission, maybe not directly to the ID, but to a key that can be linked if I choose underneath it all. And when I request from your identity hub, that favorite color, it checks and says, Hey, does this, is this person allowed to get that value and then responds accordingly.
So, okay. It's kind of the model. Good. Yeah. Thank you. Thanks.
