Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: We're Developing Blockchain ID System Starting With Our Authenticator App (zdnet.com)

Posted by ryuzaki0 on from the embracing-the-cool dept.

Microsoft has revealed its plans to use blockchain distributed-ledger technologies to securely store and manage digital identities, starting with an experiment using the Microsoft Authenticator app. From a report: Microsoft reckons the technology holds promise as a superior alternative to people granting consent to dozens of apps and services and having their identity data spread across multiple providers. It highlights that with the existing model people don't have control over their identity data and are left exposed to data breaches and identity theft. Instead, people could store, control and access their identity in an encrypted digital hub, Microsoft explained. To achieve this goal, Microsoft has for the past year been incubating ideas for using blockchain and other distributed ledger technologies to create new types of decentralized digital identities.

7 of 57 comments (clear)

  1. How do you know a trend is over? by Opportunist · · Score: 4, Funny

    Either when mainstream media starts reporting about it or when MS starts to develop for it.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. ELI5 -- why are blockchains relevant here? by ctilsie242 · · Score: 4, Interesting

    Blockchains are relevant for ledgers and logs (basically a secure utmp/wtmp). However, for authentication, it really doesn't help much.

    Instead, MS would be better off designing an open protocol like RFC 6238 or RFC 4226, except using public/private keys as opposed to shared secrets, and having an open authenticator app for this.

    1. Re:ELI5 -- why are blockchains relevant here? by 110010001000 · · Score: 2, Funny

      Ah, but Microsoft's version will include deep-learning neural network AI and will be used for next generation self-driving cars. I'm really excited about the potentional of this technology.

    2. Re:ELI5 -- why are blockchains relevant here? by Korbeau · · Score: 3, Insightful

      From TFA: "Microsoft reckons the technology holds promise as a superior alternative to people granting consent to dozens of apps [...]"

      I believe the intend is more related to authorization (knowing the user has given or been granted access to X resource) than authentication (identifying the user) in this case. Instead of querying some local database or black box API, a public ledger is shared and can be queried by anyone.

      Storing identity information in a blockchain seems to be the hype in many sectors ... I find it kind of scary. Who validates the new data that comes in? Does past records every get erased? If entries prove to be erroneous after a few weeks after being added to the chain, how easily can you fix the mistake? How fast and reliably can you update data (revoke access for instance)?

      Also, I think most implementation of such blockhain protocols do not store data directly in the public ledger but simply store hashes to external data entries, for which it's not clear who has the ownership and if they are publicly available or not.

    3. Re:ELI5 -- why are blockchains relevant here? by swb · · Score: 2

      Instead of querying some local database or black box API, a public ledger is shared and can be queried by anyone.

      Isn't that kind of a problem? I think there's some security aspect to knowing who has access to what.

      I suppose this is where Microsoft hoarding the information comes in, preventing it from actually being "public query" data and requiring a bunch of subscriptions to MS data services.

      Regardless, this mostly just feels like another spin on locking in the authentication/signin market. Which is goofy because Microsoft will already wind up with a big chunk of the auth market anyway with AD/Azure.

  3. Buzzword compliant, but semi-interesting by ErichTheRed · · Score: 2

    I wonder if Microsoft is trying to get around a scaling problem. If every company on Earth switches to Office 365, and they're basically forcing everyone this way, then they will control at least a portion of identity/login for most of the world. They're doing this with Azure AD right now, with every company either in a cloud-based or federated trust with their own tenant. I'm sure Azure AD is designed in a way that there's no single point of attack that could leak all users' credentials, but maybe the point of decentralizing it is actually to get the storage part off their hands while still controlling the process.

    1. Re:Buzzword compliant, but semi-interesting by DigiShaman · · Score: 3, Insightful

      It's essentially Microsoft Passport 2.0, is it not?

      --
      Life is not for the lazy.