To coincide with the security-oriented RSA Conference 2011, Microsoft today introduced a new community technology preview release of its acquired U-Prove technology, along with a couple interactive and fun (a virtual smart card is as fun as security can be) web demo of its U-Prove Agents component. It’s quite compelling to say the least.
Tipped as the replacement for the poorly-received CardSpace technology introduced in Windows Vista, important differentiators for U-Prove appears to be “minimal disclosure, unlinkability, and untraceability” – internet security without compromising privacy.
To help adoption of U-Prove, in this new release Microsoft added cloud-based U-Prove Agent services that handle the retrieval and release of personal information. Using Microsoft’s agent for demonstration (agents can be any number of organizations or governments), you can play with the auction or unemployment benefits demos on your own, all with dummy data of course.
Although the process looks similar to OAuth-style authentication from Facebook and Twitter, the big difference is that the two parties are never associated. This separation means an identity issuer cannot track where the information is used, and the receiving website can’t access any other personal information beyond the verified information it requested.
For example, although the unemployment benefits site will trust the personal information issued by a bank, it can’t associate that with a bank account number or any other unique identifier.
On the other side of the world in Germany, Microsoft is already putting some of this in practice with a trial implementation of the U-Prove technology and Healthvault on top of the German eID smartcards that will be issued to every citizen. Although the video below is more of a promotion for Healthvault, it does tease a smartcard-based future we might find ourselves in.