Microsoft Entra Verified ID-supported standards

Microsoft is actively collaborating with members of the Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community. We’re working with these groups to identify and develop critical standards, and we implement the open standards in our services.

In this article, you find the currently supported open standards for Microsoft Entra Verified ID.

Standards bodies

Supported standards

Microsoft Entra Verified ID supports the following open standards:

Technology stack component Open standard Standard body
Data model Verifiable Credentials Data Model v1.1 W3C VC WG
Credential format JSON Web Token VC (JWT-VC) - encoded as JSON and signed as a JWS (RFC7515) W3C VC WG /IETF
Entity identifier (issuer, verifier) did:web W3C CCG
User authentication Self-Issued OpenID Provider v2 OIDF
Presentation OpenID for Verifiable Credentials OIDF
Issuance OpenID for Verifiable Credentials Issuance OIDF
Query language Presentation Exchange v2.0.0 DIF
Trust in DID (decentralized identifier) owner Well Known DID Configuration DIF
Revocation Verifiable Credential Status List W3C CCG

Supported algorithms

Microsoft Entra Verified ID supports the following key types for the JSON Web Signature (JWS) signature verification:

Key type JWT algorithm
secp256k1 ES256K
Ed25519 EdDSA
EC P-256

Starting February 2024, Verified ID support NIST compliant P-256 curve.

For the quick setup customers, the newly issued credentials use P-256 curve as default and any previously issued credentials continue to work until they expire. Existing authorities automatically migrate to using P-256 for any future issuances.

For the advanced setup customers, Verified ID credentials issued are signed with P-256 curve by default for any new authorities. For existing authorities, there are no changes to already issued or newly issued credentials.

Interoperability

Microsoft is collaborating with organization members of Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community. Our collaboration efforts aim to build a Verifiable Credentials Interoperability profile to support standards-based issuance, revocation, presentation, and wallet portability.

Today, we have a working JWT verifiable credentials presentation profile that supports the interoperable presentation of verifiable credentials between wallets and verifiers/resource providers. Join us at the DIF Claims and Credentials working group, aka.ms/vcinterop and aka.ms/vcinteroppresentation.

Next steps