Good evening. Thank you for inviting me to the first cope live event. I want to share some thoughts with you today about the future of digital identity, specifically about the pivotal role that identity will play in delivering privacy these days trust and the privacy are more top of mind than ever after all. We are pretty much living online, full time and last year's European identity conference.
I talked about using identity to rebalance control between organizations and the individuals so that we can protect privacy and things that time the identity community has been working hard on a new model that can make digital privacy convenient and practical. No one entity, including Microsoft will have control over this new model. That's why decentralization is essential.
This is a community effort groups like w three C and the decentralized identity foundation are defining open standards that make individual identities portable to drive adoption individuals, organizations, and the regulations will need to embrace this model as a compliment to existing identity models. Today, I'm going to share with you why this model is necessary, how the community is making it real and what we need to do now to catalyze adoption. So let's start with why a decentralized identity model is necessary for privacy.
A privacy is a promise where organizations capture information.
They promise they will only use it for certain purpose. They wouldn't share it without permission, and they will try their best to keep it safe from theft and misuse. But when it comes to privacy, we as individuals promises, we want control. Meaning we only share personal information with people and organizations. We trust. We only share as much information as we want to. And we are in control of how, when and where our information is used today. Digital systems do not live up to these standards.
For example, as individuals, it is easy to leave a trail of our digital information on the internet if we are not careful, but it is not easy to limit what we share or to take control. How many of us have asked companies to delete our information on the GDPR? When we are faced with a choice human beings, do whatever is most convenient.
And for individuals today, privacy is simply not convenient on the flip side, privacy for organizations, not practical companies support free rich and personalized experiences by collecting information, targeting ads and selling data.
But the current system often collect too much information about individuals than they need to. No one should have to choose between privacy and convenience or between respecting privacy and doing business. Administrators used to talk about choosing between security and ease of use. Then the identity community came up with open standards like fi that strengthening security and improve the user experience. No one has to choose. It should be the same with privacy. Today.
Identity is the control plan for organizations, identity systems, give organizations control over devices, applications, and resources, as well as visibility into how they are used at Microsoft. We believe that individual users should also have a control plan when that gives them an equal level of control over their private information and the equal visibility into how others are using that information in today's world to use any applications or services.
People have to create a new identity or use one own by someone like Facebook, Google, or Microsoft, everything, a user shares stay with the application, always the identity issuer. The first step to give individuals equal control and visibility over their information is to give them an identity that starts with them and stays with them. No central authority or technology companies owns or controls this identity. No one can shut it down, turn it off, or take it away from the individual.
And this is why we need a decentralized model so that we, as individuals who own our digital identities and our personal digital information, we decide who can access our information, what they can do with it. And when no trade off required. Now let's talk about how the identity community is making this new model.
Real, all of this must be built on open standards so that individuals can take their identities with them to all of their digital destinations, this way, the identity, and any information attached to it, stays with the individual under their control.
This includes verifiable credentials, which are pieces of information that a third party can verify. They can be issued by governments, universities, or employees to offer proof of things like education, age, job, status, voter registration, or credit rating.
Conveniently individuals can reuse the same verifiable credentials for all of the services and organizations in interact with. And they can share just the relevant information, which reduces the risk to their privacy and just like organizations request and verify username and the passwords today, based on in industry standards, they can request and receive verifiable credentials to get the information they need to conduct business.
This also reduces organization's risk because they can simply verify information presented by users instead of collecting, storing, and protecting users, detailed personal information in this new model of interaction, based on open standards, privacy is more convenient for individuals, and yet it is still trustworthy and practical for organizations.
The world needs self-owned identities for everyone and everything.
This is how we make digital privacy, real, any devices or applications with any transaction and with any relationship, whether it is with another person, a business, a government, or even a bot. The good news is that the community has come together to ratify standards and working implementations for all of the core technical components. Verifiable credentials is not just a concept. It is now close to being an open standard. We've made enough progress that people are already using decentralized identities and verifiable credentials in real world scenarios.
For example, learning institutions are working with the identity community to retool their assistance for a post COVID world. Universities in several countries are making students, giving students digital portable ID cards that they can use anywhere. They would normally show their physical student card.
They can use the digital ID to register for classes, to access a bookstore discount and to gain access to any other student services beyond the campus boundaries, Blackpool teaching hospital and NHS in the UK, lets doctors use digital cards to verify their skills and qualifications to practice medicine.
Pre-employment checks that used to require five months of patent documents back and forth through snail mail can now be down digitally in just five minutes. If you watched Dr.
Session earlier today, you know that this system is the work of multiple parties, including true evidence and the sovereign many institutions like Blackpool teaching hospital want the ability to verify things like education and qualifications digitally. This would make it easier for them to find the right employees and for individuals to find the right jobs.
Let's say, I want to hire experts in data science or blockchain technology. How do I know which applicants have the necessary knowledge and experience? While today we can contact someone's college to verify they graduated with a degree in a certain field. It is harder to verify professional certifications or specific job experience, but this will change with decentralized identities and verifiable credentials.
As individuals move along their educational and professional journey, they will collect digital credentials that attach to their self own identities.
For example, their college diploma, a certificate for completing a series of online courses or a digital badge that they earn at completing an internship. Now, when we hire some people, they, we will be able to verify their education and professional credentials digitally and instantaneously job applicants can share relevant verifiable credentials to prove they need the requirements for employment without revealing sensitive details.
For example, they can confirm their age without having to share their exact birth date, this approach where reduce costs and risk for employers, they would need to hire staff or outsource to third parties to verify the candidate's information and cost verifiable credentials are easier to verify at scale there's less risk to the candidate of third parties, giving accurate information to prospective employers, such principles apply to scenarios at work.
And in our everyday lives, we have all of the building blocks.
Now let's talk about what we need to do to drive adoption of this new identity model. At scale, the identity community is collaborating to ensure that the technology we build interoperate well and the easy to use the decentralized model were not conflict with existing identity models. They can coexist to make privacy truly convenient and practical regulations need to embrace decentralized digital identity that users own and control as well as a proof of identity that are digital, such as a driver's license, passports, work visas or voter ID cards.
Regulators can help by recognizing verifiable credentials as the legal proof that we can use in our everyday lives. Of course, the ship to decentralized identity and verifiable credentials will not happen overnight. There will be skeptics and the resistance to change. So if we want revolutionary outcome, the identity community needs to take an evolutionary approach.
And this means that decentralized identities and verifiable credentials work in the easy and familiar way for end user users present verifiable credentials, the same way they present physical identification when they travel shop some bank documents and so forth for administrators, decentralized identifiers, complement, existing identity systems and tools that they're already familiar with.
Administrators manage verifiable credentials, the same way they manage like multifactor authentication and the final credentials by taking an evolutionary approach, organizations keep essential benefits like single sign on to applications, identity driven security, and a governance. Moreover verifiable credentials can support independently signed receipts for issuers applications and end users, which make every digital transaction or interaction more trustworthy with all of this.
In mind, the identity community is working hard to provide the right tools for individuals, organizations, and regulators to balance control and make privacy convenient and practical. This is not some far off utopia aspiration.
The idea of decentralized or self own identities has taken hold Analyst like cope called decentralized identity. A key trend that organizations need to prepare for. And this work has never been more urgent everywhere in the world. Many of us have spent more time online in the past six months than we ever have a year from now.
Digital engagement will still be the new normal, the time to start making the shift to decentralized identity system and verify your credentials is now let's continue to collaborate as a community on open standards, regulatory support, and the customer scenarios that literally put the user at the center and working together. We can achieve revolutionary outcomes with amazing new digital experience that respect privacy. Microsoft is committed to contributing to these outcomes and partnering with all of you. Thank you.
