Microsoft plans to introduce two new software products designed to enhance online identity management. They presented at the RSA Conference 2010 in San Francisco on Tuesday. “Information is the new currency of crime and there’s a lot of information on the Internet,” explains Jules Cohen, director of Trustworthy Computing at Microsoft.
By advancing its vision of End-to-End Trust, Microsoft intends to build a model that demands authentication in the right places without requiring it everywhere, or destroying anonymity. To make that happen, the password has to die and a more secure form of authentication must take its place. That’s where U-Prove comes in. Microsoft acquired U-Prove from Credentica in 2008. U-Prove provides the cryptographic functions necessary to implement cross-domain identity and access management in conjunction with privacy enhancing features like selective information disclosure.
Microsoft is releasing its U-Prove Cryptography specification and its Metasystem Integration specification under the Open Specification Promise, licensed under BSD. Microsoft’s Open Specification Promise represents the company’s commitment to not make patent claims against certain technology implementations involving its intellectual property. It is also releasing code under BSD on its CodeGallery, in the form of a C# and Java crypto SDK. Through Microsoft Connect, it will release its U-Prove Community Technology Preview, including ActiveDirectory Federation Services v2, Windows CardSpace v2, and Windows Identity Foundation.
Microsoft also plans to release Forefront Identity Manager 2010 for enterprises. The conversation that Microsoft wants to have about its identity technology has already led to Germany’s Federal Ministry of the Interior administering an e-government program to issue secure electronic identity cards (eID) starting in November 2010. The German eID project aims to allow students for example, to register for courses, comment on courses, and buy books through Web sites affiliated with universities while providing the minimum required information in a way that can’t be correlated or tracked across different Web sites. The goal is to simplify online identification and authentication while protecting privacy.