Microsoft releases U-Prove under OSP

Back in 2008, Microsoft acquired some innovative technology called U-Prove that promised to solve an age old privacy question: How can I disclose the minimal information that I need to for the purpose of an online transaction, without having to also disclose additional (sensitive) information to establish trust in that first set of data. U-Prove does this using some innovative cryptographic techniques that are explained in the freely available e-book “Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy” by the creator of the technology, Dr. Stefan Brands.

2 years later, today at RSA, Microsoft announced not only that U-Prove technology will be incorporated into their upcoming identity platform technologies, but (more importantly for the identity community) that they are releasing it under its “Open Specifications Promise”, allowing anybody to use and incorporate the technology royalty-free. You can read more detailed analysis on the announcement by Kuppinger Cole analyst Felix Gaehtgens here. Suffice to say, those of us in the identity and privacy community are glad to see this day finally come.

By enabling truly minimal identity disclosure as part of trusted online transactions, the technology has the potential to open up the floodgates on a number of identity-based transactions that were previously considered onerous if not near impossible due to privacy concerns. Microsoft’s demo during the RSA keynote demonstrated one of the most obvious use cases: creating trusted online IDs that are based on, but don’t expose, authoritative government issued IDs. Think of it as being able to show the bartender your drivers license for age verification, but with everything except the date of birth blacked out, and the bartender still is assured that the information presented is accurate. This means big things for the advancement of claims-based identity transactions. Should be interesting.