Microsoft demos safer and more private web with U-Prove CTP R2 samples

To coincide with the security-oriented RSA Conference 2011, Microsoft today introduced a new community technology preview release of its acquired U-Prove technology, along with a couple interactive and fun (a virtual smart card is as fun as security can be) web demo of its U-Prove Agents component. It’s quite compelling to say the least.

Tipped as the replacement for the poorly-received CardSpace technology introduced in Windows Vista, important differentiators for U-Prove appears to be “minimal disclosure, unlinkability, and untraceability” – internet security without compromising privacy.

To help adoption of U-Prove, in this new release Microsoft added cloud-based U-Prove Agent services that handle the retrieval and release of personal information. Using Microsoft’s agent for demonstration (agents can be any number of organizations or governments), you can play with the auction or unemployment benefits demos on your own, all with dummy data of course.

Although the process looks similar to OAuth-style authentication from Facebook and Twitter, the big difference is that the two parties are never associated. This separation means an identity issuer cannot track where the information is used, and the receiving website can’t access any other personal information beyond the verified information it requested.

For example, although the unemployment benefits site will trust the personal information issued by a bank, it can’t associate that with a bank account number or any other unique identifier.

On the other side of the world in Germany, Microsoft is already putting some of this in practice with a trial implementation of the U-Prove technology and Healthvault on top of the German eID smartcards that will be issued to every citizen. Although the video below is more of a promotion for Healthvault, it does tease a smartcard-based future we might find ourselves in.

Get Microsoft Silverlight

11 insightful thoughts

  1. Not surprised on the least, Microsoft has had a hard on for everything around user identity concepts since the early 90;s.

    This kind of system it is truly the begining of instantly recognizable connected Citizen ID cards that can disclosure information based on the level of authority of whom is making the request. Given the advances already seen in this system. Would not be surprised all of the EU countries had it by 2015 and most, if not all of the Top 25 countries in the world by 2020..

  2. The CardSpace blog says “we released the user component before we and others had delivered the tools for developers and administrators to easily create claims-ready services.” LOL. No one knew what to use the client for without the services backend that’s why the technology died? Btw your website logo looks awfully similar to the CardSpace logo.

Leave a Reply