With all the fuss about the National Identity Scheme and the publication of Sir James Crosby’s report, much of the media missed last week’s other big identity story. Microsoft has purchased Credentica, and this could be a significant step forward for ‘privacy positive’ identity systems.
Credentica is Stefan Brands‘ endeavour to bring user-centric identity to the mainstream. The U-Prove scheme allows users to issue certified tokens that make an assertion without revealing any other identifying information: for example, to prove the holder’s age without actually revealing their name. It sounds simple, but is in fact a complex problem if it’s to be achieved without introducing inappropriate third parties into the relationship, as Microsoft learned some years ago with the ill-fated Passport.
Stefan is a well-respected cryptographer and identity expert, and by teaming him with Kim Cameron, Microsoft has built a formidable intellectual powerhouse for its identity offerings. (Strictly speaking, Microsoft has actually bought the U-Prove technology and all underlying patents, and the core team has joined Microsoft – but in effect it achieves the same outcome). Microsoft has announced its intention to integrate U-Prove into the Identity Metasystem (aka Cardspace) that was introduced with Vista. If successful, it could provide a privacy-positive identity infrastructure for every Vista desktop, and that has to be a good thing.
[Disclosure: I have no association with Stefan or Credentica. Microsoft is a Sponsor of the Enterprise Privacy Group]